Mobile Health App Data De-Identification Checklist

Data Removal & Masking

All direct identifiers (name, email, phone number, address) removed
Dates related to individuals (except year) removed or generalized
Geographic details (except state or regional info) removed or generalized
All unique identification numbers or codes replaced or masked

Data Generalization

Birth dates, ages, or other sensitive numeric values generalized if relevant
Rare or outlying conditions aggregated into broader categories

Review for Indirect Identifiers

Combinations of data points checked for risk of re-identification
All metadata (file names, device IDs, timestamps) reviewed and sanitized
Free-text fields manually reviewed for embedded identifiers

Documentation

De-identification approach and methods documented
All fields and changes tracked and logged

Review & Testing

De-identified data reviewed by a second person or team
Sample datasets tested against re-identification attempts