Blur User Guide - Introduction



What is Blur-Data?

Blur is an application used to remove or mask Patient Health Information (PHI) from clinical trial data, typically in the form of SAS datasets or transport files. Examples of PHI include names, addresses, dates and medications associated with a specific illness, adverse events, etc. There are a minimum of 18 identified fields under the HIPAA privacy rule, which may need to be modified during the data de-identification process, as well as a variety of European expectations, emerging practices and conventions such as EMA Policy 0070.  In practice, however, there are varieties of emerging expectations for the de-identification of clinical trials, which expand on the baseline HIPAA fields. For more information, see the Blur-Data section of this User Guide.

What is Blur-Risk?

Blur-Risk is an optional add-on module that customers can license to provide metrics for measuring the risk of patient re-identification in SAS data sets as well as simulation capabilities to quickly explore and select the best combination of de-identification methods to achieve risk scores that balance maintenance of patient privacy while supporting data utility. For more information, see the Blur-Risk section of this User Guide. Blur-Risk includes the following functionality:

  • Define Anonymization Simulation Hierarchies and Weights
  • Subject Identifiers
  • Subject Level Risk Scoring
  • Project Level Risk Scoring
  • Probability of Attack Assessment
  • Simulation Results – All Permutations Display
  • Simulation Results – Best Fit Display
  • Risk Metrics for Patients Found in CSRs
  • Probability of Successful Attack Distribution Plot

What is Blur-CSR?

Blur-CSR is an optional add-on module that customers can license to provide functionality to import and anonymize study documents (CSRs and Module 2 documents) to help customers prepare these documents for EMA Policy 0070 submission. Blur-CSR leverages Blur-Data, Blur-Risk, and advances in Natural Language Processing to assist users in finding and anonymizing PPD in study documents.

Blur-CSR uses a combination of Entity (ex. Study Participant), Identifier (ex. Subject ID), and Context (ex. table or narrative) to locate and annotate PPD. For more information, see the Blur-CSR section of this User Guide. Blur-CSR includes the following functionality:

  • Upload Study Documents
  • Finding Sensitive Terms in Study Documents
  • Replacing Subject Keys with Anonymized Values
  • Action text (Entity, Identifier, Method, and State)
  • Manually select text to be actioned
  • Find images in document
  • Generating Redaction/Anonymization Proposal PDFs
  • Generating Final PDFs
  • Review & Final Packages & Preserving CCI [snapshots]
  • Section Inclusion/Removal via PDF bookmarks
  • Integrate NLP Rules and Lexical Resources for Table & Report Document Parts

How Blur-Data Works

De-identifying data within Blur is completed in the scope of a project. 

A Project Manager, who also controls access to the projects and user roles on the project, creates a project.

A project De-identifier uploads the clinical trial data and any additional supporting documentation files. Blur automatically identifies SAS tables during upload and extracts metadata about each table—column names, types, column value frequencies, etc. Blur will attempt to identify dates or numbers, which might be in character columns to allow those columns to be handled in an appropriate manner. The system also has the flexibility to recognize partial and non-ISO8601 SAS date formats. This allows a character column containing a date variable which is not recognized as a date, be treated as one. If the date does not match the selected format, it will be set to blank or missing.

The De-identifier next identifies any keys for the project (study), and how dates are to be handled. Keys are columns that occur in multiple tables and should be de-identified in the same way each time. Then, on a table-by-table basis, the De-identifier examines table columns and chooses a de-identification method to transform the data in that column. In addition, the De-identifier can assign specific methods to act on a subset of the data in a column. De-identification results are previewed on a subset (sample) of the data in real time, and then an entire table can be de-identified and examined. When all tables have been marked complete, the De-identifier submits a request for the project to be reviewed.

A project Reviewer is responsible for examining the de-identified project, and either accepts or rejects the project. The Reviewer can view all de-identified data, the methods, which were chosen, and the parameters used.

Once a Reviewer has accepted a project, the De-identifier can create a package (ZIP file) of the project and export it out of the Blur system.

Blur Data Process Flow






Blur Technical Support

Blur technical support is available by clicking: or the customer specific technical support link included with your Blur licensing agreement.

Blur User Roles

Each user is assigned a specific role based on their responsibility for the project. Multiple roles can be assigned to a single user. The Roles are:

Users with an Administrator role are responsible for overseeing the administrative aspects of all projects within the system. These include creating Users, Templates, Numeric Bands, and Term Lists as well as reviewing Audit reports, Log files and performing Maintenance functions.

Project Manager
Users with a Project Manager role are responsible for managing the projects within the system. This includes creating and editing projects, assigning users to projects as well as viewing project details. Users with the Project Manager role can access certain Administrative features such as Numeric Bands, Templates, and Term Lists by logging into the Admin Tab with their current credentials.

Users with a De-identifier role are responsible for all of the data associated with the projects within the system. This includes uploading data, applying de-identification methods and templates, confirming data is correctly de-identified, and exporting the files to a destination outside of the system. Users with a De-identifier role also have the ability to reset Methods (rules), Keys, Parameter values, Row Sets, Templates, and Date Parameters.

Users with a Reviewer Role are responsible for reviewing project data upon completion. This includes confirming projects have been correctly de-identified prior to final release of the de-identified data. The Reviewer can download a draft version of the package in order to review prior to approving or rejecting the project. The Reviewer must sign off on a project, which has been submitted for review. The Reviewer role does not apply to CSR reviews. CSR reviews are conducted independent of Blur.

Users with an Inspector Role are responsible for viewing projects upon completion. This includes confirming projects have been correctly de-identified prior to final release of the de-identified data. This role does not have the authority to sign-off on a project, but rather to simply inspect it once completed and reviewed.

Key Manager
Users with a Key Manager Role are responsible for managing the keys related to de-identified data within the system.

Users with an Archiver role are responsible for managing saved archives, including deleting and granting (or denying) access to an archive so it can be applied to a new project.

A user with an Anonymizer role anonymizes and redacts Protected Personal Data (PPD) within Study Documents. This role is only applicable for the CSR Core module.

Blur Data Role Process
The chart below demonstrates the process flow for the roles within the Blur system.