anonymised data is not anonymous
While a sample of 1 event from each patient maybe able to be anonymised, full history from all patients quickly becomes much easier to re-identify. You can scramble the DOB but if you have access to other patient records (a health provider or private health insurer in Australia) then they become easier to match. If you convert DOB to an age at time of attendance/treatment event then with the full history of health events you can narrow down the DOB. Google et. al. can guess a family who have been sick (the keywords you've been using for searches, map searches). Facebook et. al. data can be used if you've been posting about yourself or others you have been sick or injured. It may not be open slather but some companies can potentially utilise the data available.
The ethical way is to let clients & users know the external parties who have access and potential use of their data. Not just a generic warning but to be more specific and log the access. And allow uses to block access until specifically asked to grant access prior to data being shared.
Biting the hand that feeds IT
