Belated reply, sorry: This is the Correct Answer™.
Mid 2000s, I worked with electronic medical records. I eventually determined anon isn't worthwhile.
For starters, deanon will always beat anon. This statement is unambiguously true, per the research. Including the differential privacy stuff.
My efforts pivoted to adopting Translucent Database techniques. My current hill to die on is demanding that all PII be encrypted at rest, at the field level.
(It's basically applying paper password storing techniques to protecting PII. The book shows a handful of illuminating use cases. Super clever. No weird or new tech required.)
Mid 2000s, I worked with electronic medical records. I eventually determined anon isn't worthwhile.
For starters, deanon will always beat anon. This statement is unambiguously true, per the research. Including the differential privacy stuff.
My efforts pivoted to adopting Translucent Database techniques. My current hill to die on is demanding that all PII be encrypted at rest, at the field level.
(It's basically applying paper password storing techniques to protecting PII. The book shows a handful of illuminating use cases. Super clever. No weird or new tech required.)