The National Health Insurance Research Database (NHIRD), derived from Taiwan’s mandatory National Health Insurance program with registration files and original claim data for reimbursement, were established by the National Health Insurance Administration (NHIA, the former Bureau of National Health Insurance, BNHI) in 1996 and maintained by the National Health Research Institute (NHRI). The database is commonly used for different types of researches such as biomedical, pharmacoepidemiological, and public health ones in Taiwan. However, the secondary use of individuals’ healthcare data has raised legitimate privacy concerns, including potential infringements of information privacy and privacy autonomy, lack of transparency, delineation of public interest, and information security. Legal suits against NHRI and NHIA were also brought by human rights advocates. This article analyzed the legal requirements and techniques for de-identification of personal data under Taiwan’s privacy and personal data protection laws, with focus on the definition and concept of de-identification and different approaches and tools that can be applied to remove personal information from data and to delink relationships between data so that specific persons and their identities cannot be identified.