6.1. Overview of anonymisation
You set things up as follows.
You start with one or more source database(s) and blank destination database(s), plus blank secret database(s) that CRATE uses for temporary storage and storing PID-to-RID lookup information.
You may need to preprocess your source database a little, if it has an odd or inconvenient format.
You create an anonymiser config file that points to your databases and governs high-level parameters relating to the anonymisation process.
You create a data dictionary that describes what to do with each column of the source database(s). For example, some columns may be allowed through unchanged; some may be skipped; some may contain patient identifiers; some may contain free text that needs to have identifiers “scrubbed” out. You tell your config file about your data dictionary.
CRATE can draft one for you, but you will need to check it manually.
You run the anonymiser, pointing it at your config file.
There are some additional options here (for example, to restrict to specific patients or eliminate all free text fields), which allow you to use a standard config file and data dictionary but produce variant versions of your database without too much effort.