What is it? Why is it important?

A process by which sensitive information (SI) is removed or encrypted in order to comply with privacy protection laws.

Anonymised data:

Occurs when personal data has been irreversibly removed or irreversibly altered in such a way that participants can no longer be identified directly or indirectly by anyone.

Anonymisation is a very difficult process and rarely done as it requires careful planning and extensive resources to realise. The anonymisation process must be explained in detail, traceable and robust preventing any re-identification of participants.

Coded data:

Is when procedures are put in place to protect participant personal data, by replacing them with a code. Participant identification is only possible via a participant log list that matches allotted study codes with respective participants


A data set:

  • Must be coded or anonymised so as to protect the identity of study participants. It pertains especially in the event that data is transfer to a 3rd party (e.g. statistician, analytical laboratories, data sharing with other researchers)
  • Can be coded by establishing a participant identification code list. The list can be used to re-identify participants based on corresponding identification codes in the study database. The code list should be kept in a safe place under strict access control

Sensitive data include:

  • Evident information such as name, date of birth, or personal address
  • Less obvious identifiers which, in conjunction with other data held by or disclosed to the data recipient, could lead to the identification of a participant (e.g. date of visits, rare diseases or conditions, marital status, number of children, religion, and race)

What do I need to do?

Describe procedures used to ensure privacy protection laws:

  • Based on data collected in your study identify what data would qualify as SI
  • Decide what SI data is strictly necessary for study interpretation and what SI data must not be included
  • Define procedures that describe how SI data could be collected and processed in order to increase data privacy, such as:
    • Removing all SI in your database and replace with participant identification codes
    • Encrypting study data, which subsequently requires a decryption program in order to retrieve information
    • Mark data in the database as being “Identifiers”, and not to be exported
  • Consult with the data manager on how best to implement and protect SI in the CDMS implemented in your study


Encrypted data is rendered unreadable to anyone except to a selected group of individuals.

The process includes to:

  • Pass data through a cipher, or a secret disguised way of writing (e.g. an algorithm that encodes data according to a key)
  • Only individuals that possess the key able to decrypt the data can read its content

An example on how to create participant study codes

  • Define a prefix that represents the study
  • As applicable, define the local or remote study site
  • Include a screening number representing participants that were screened for the study. Screening does not always mean that participants could be included in the study
  • Add a participant incremental numbering system (e.g. participant 01, 02, 03, …)
  • Separate individual codes by using an applicable symbol (e.g. dash (-) or underscore (_)
  • Example: Study_Site_Screening_Participant = TGF-02-14-5

Any coding system can also be predefined by the study CDMS in use.

Where can I get help?

Your local CTU can support you with experienced staff regarding this topic

External Links

The Federal Council – see in particular

  • FADP – Federal Act on Data Protection

GCDMP – see in particular

  • Chapter “Data Privacy” – Strategies and consideration for securing and protecting data

Swiss Clinical Trial Organisation – see in particular

  • Regulatory Affairs Watch, Issue 1, April 2019 – Essential information on data protection

Swissethics – see in particular

  • Coding and storage subject information – Coding of trial subjects


ICH GCP E6(R2) – see in particular guidelines

  • 2.11 Confidentiality of records
  • 4.9 Records and reports
  • 5.5 Trial management, data handling, and record-keeping

Swiss Law

HRA – see in particular articles

  • Art. 3 Definition of coded and anonymised health related data and biological material
  • Art. 56 Transparency and data protection
  • CDMS – Clinical Data Management System
  • CTU – Clinical Trials Unit
  • GCDMP – Good Clinical Data Management Practice Guide
  • SI – Sensitive Information
Development ↦ Data Handling ↦ Study Database ↦ Data Coding and Anonymisation

Provides some background knowledge and basic definitions

Basic Protocol
Basic Statistics
Basic Monitoring
Basic Drug or Device
Basic Biobanking

Starts with a study idea

Ends after having assessed and evaluated study feasibility

Concept Protocol
Concept Statistics
Concept Drug or Device
Concept Biobanking

Starts with confidence that the study is feasible

Ends after having received ethics and regulatory approval

Development Protocol
Development Statistics
Development Drug or Device
Development Biobanking

Starts with ethics and regulatory approval

Ends after successful study initiation

Set-Up Protocol
Set-Up Ethics and Laws
Set-Up Statistics
Set-Up Drug or Device
Set-Up Biobanking

Starts with participant recruitment

Ends after the last participant has completed the last study visit

Conduct Protocol
Conduct Statistics
Conduct Drug or Device
Conduct Biobanking

Starts with last study visit completed

Ends after study publication and archiving

Completion Protocol
Completion Statistics
Completion Drug or Device
Completion Biobanking
Current Path (click to copy): Development ↦ Data Handling ↦ Study Database ↦ Data Coding and Anonymisation

Please note: the Easy-GCS tool is currently under construction.