Explore our sister journals here.

Maintenance Notice

Due to necessary scheduled maintenance, the JMIR Publications website will be unavailable from Wednesday, July 01, 2020 at 8:00 PM to 10:00 PM EST. We apologize in advance for any inconvenience this may cause you.

Who will be affected?

Accepted for/Published in: JMIR Formative Research

Date Submitted: May 23, 2025
Date Accepted: Mar 9, 2026

The final, peer-reviewed published version of this preprint can be found here:

Fully Anonymized Digital Health Data Acquisition in a Research Partnership Using a Blinded Deidentification Proxy in the HerzFit App: Implementation Study

Reimer LM, Nissen L, Starnecker F, Stepanova O, Dufour F, Ney R, Al Najem S, Schunkert H, Jonas SM

Fully Anonymized Digital Health Data Acquisition in a Research Partnership Using a Blinded Deidentification Proxy in the HerzFit App: Implementation Study

JMIR Form Res 2026;10:e77983

DOI: 10.2196/77983

PMID: 42097603

Fully Anonymized Digital Health Data Acquisition in a Research Partnership: Implementation in the HerzFit App

  • Lara Marie Reimer; 
  • Leon Nissen; 
  • Fabian Starnecker; 
  • Olga Stepanova; 
  • Florent Dufour; 
  • Ruth Ney; 
  • Sinann Al Najem; 
  • Heribert Schunkert; 
  • Stephan M Jonas

ABSTRACT

Background:

Scientific data collection is strictly regulated regarding data protection and privacy. The European General Data Protection Regulation (GDPR) regulates rights and responsibilities regarding the processing of personal information. Anonymization simplifies data handling by reducing restrictions but requires removing identifiers from data and metadata. Specifically, internet protocol (IP) addresses are considered personal data, as they could be used to track users. In mobile data collection, even if data from a device is fully anonymized, transmitting it via standard protocols still exposes the IP address, preventing full anonymization.

Objective:

To develop a GDPR-compliant concept that enables fully anonymized scientific data collection on mobile devices.

Methods:

We designed a concept enabling scientific data collection on mobile devices using a proxy-architecture and encryption mechanisms to ensure anonymization. The concept is targeted at partnerships between research entities and operators of mobile applications, for example, foundations or companies. In this setup, such companies and foundations can act as data trust agencies to enable scientific data collection without being responsible for the collection of sensible data.

Results:

The proposed concept was integrated and tested in the HerzFit application for cardiovascular prevention with more than 150,000 downloads in German speaking countries. Since the release of the data donation feature in HerzFit, we have received data donations from 6,124 users.

Conclusions:

The proposed concept enables GDPR-compliant, anonymized data collection using mobile devices, facilitating scientific data collection at scale.


 Citation

Please cite as:

Reimer LM, Nissen L, Starnecker F, Stepanova O, Dufour F, Ney R, Al Najem S, Schunkert H, Jonas SM

Fully Anonymized Digital Health Data Acquisition in a Research Partnership Using a Blinded Deidentification Proxy in the HerzFit App: Implementation Study

JMIR Form Res 2026;10:e77983

DOI: 10.2196/77983

PMID: 42097603

Download PDF


Request queued. Please wait while the file is being generated. It may take some time.

© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.