Medical text sharing poses re-identification risks for patients and healthcare providers due to indirect identifiers—attributes that, when combined with auxiliary information, enable identity inference. Method: We propose the first threat-model-aware, structured taxonomy of nine categories of indirect identifiers, covering diverse attacker scenarios (e.g., acquaintances, family members, clinicians). Leveraging 100 MIMIC-III discharge summaries, we conduct fine-grained, human-in-the-loop annotation (6,199 labeled spans with document IDs), augmented by rule-based heuristics and a BiLSTM-CRF sequence labeling model. Contribution/Results: We release the first publicly available medical text dataset explicitly annotated for indirect identifiers. Our best-performing baseline achieves an F1-score of 78.3%, significantly improving detection of context-sensitive privacy-sensitive information. This advances beyond conventional de-identification methods—which focus solely on direct identifiers—and enables granular, risk-adaptive privacy assessment in clinical NLP applications.

Sharing sensitive texts for scientific purposes requires appropriate techniques to protect the privacy of patients and healthcare personnel. Anonymizing textual data is particularly challenging due to the presence of diverse unstructured direct and indirect identifiers. To mitigate the risk of re-identification, this work introduces a schema of nine categories of indirect identifiers designed to account for different potential adversaries, including acquaintances, family members and medical staff. Using this schema, we annotate 100 MIMIC-III discharge summaries and propose baseline models for identifying indirect identifiers. We will release the annotation guidelines, annotation spans (6,199 annotations in total) and the corresponding MIMIC-III document IDs to support further research in this area.