Clinical free-text reuse in trusted research environments faces dynamic privacy risk accumulation, heterogeneous identifier types, and model performance decay over time. Method: We propose a context-aware privacy risk modeling and public-value-driven hybrid de-identification framework. Integrating empirical analysis of multi-source NHS data with public value consensus, we establish a risk-stratified assessment paradigm grounded in document type, clinical context, and data flow. Our approach combines rule-based engines, context-sensitive named entity recognition (NER), temporal performance monitoring, and participatory design to yield an interpretable, traceable, and adaptive de-identification decision-support prototype. Results: Validation reveals cross-institutional and multi-diagnosis privacy risk distribution patterns, and demonstrates that evolving clinical documentation practices significantly impair model robustness. This work delivers the first empirically grounded, scalable pathway for NHS clinical text governance—balancing technical precision with auditability and regulatory compliance.

Clinical free-text data offers immense potential to improve population health research such as richer phenotyping, symptom tracking, and contextual understanding of patient care. However, these data present significant privacy risks due to the presence of directly or indirectly identifying information embedded in unstructured narratives. While numerous de-identification tools have been developed, few have been tested on real-world, heterogeneous datasets at scale or assessed for governance readiness. In this paper, we synthesise our findings from previous studies examining the privacy-risk landscape across multiple document types and NHS data providers in Scotland. We characterise how direct and indirect identifiers vary by record type, clinical setting, and data flow, and show how changes in documentation practice can degrade model performance over time. Through public engagement, we explore societal expectations around the safe use of clinical free text and reflect these in the design of a prototype privacy-risk management tool to support transparent, auditable decision-making. Our findings highlight that privacy risk is context-dependent and cumulative, underscoring the need for adaptable, hybrid de-identification approaches that combine rule-based precision with contextual understanding. We offer a comprehensive view of the challenges and opportunities for safe, scalable reuse of clinical free-text within Trusted Research Environments and beyond, grounded in both technical evidence and public perspectives on responsible data use.