research data management guide.
The Challenge
Longitudinal clinical research frequently requires patient re-contact: a study finds an unexpected biomarker suggesting elevated cancer risk in a subset of participants, and the research team needs to contact those patients for follow-up testing. If the original de-identification was permanent, the patient-to-study-participant mapping is gone — the research team cannot identify which real patients correspond to the study participants showing the finding. This creates a situation where important medical follow-up is impossible, and patients who need care cannot receive it.
By the Numbers
- 77% of employees share sensitive work information with AI tools at least weekly (Cyberhaven 2025)
- 11% of ChatGPT prompts contain confidential data (Cyberhaven 2024)
- real-time browser PII interception reduces leakage incidents by 94% (Menlo Security 2025)
Real-World Scenario
A European oncology research center conducts a 5,000-patient study using anonym.legal's encrypted anonymization. Mid-study analysis reveals a subgroup of 47 participants showing markers for an aggressive cancer variant. The ethics committee approves re-contact. The data custodian uses the retained encryption key to identify the 47 real patients. Those patients are contacted, 23 are found to have actionable findings. The remaining 4,953 participants' data remains fully protected.
Technical Approach
Reversible encryption creates a protected pseudonymization layer. The research dataset uses encrypted tokens. The decryption key is held by the designated data custodian. When re-contact is clinically justified and IRB-approved, the custodian decrypts the specific participant records to enable follow-up. The broader dataset remains protected — only the specific authorized decryption is performed.
Comments (0)