In support of your point about "sufficently aggregated" data, I occasionally work on projects that publish aggregate health statistics, and you have to be very careful about the size of your denominators. For instance, even without telling what numbers you are dividing, you probably couldn't publish the percentage of HIV positive results among pacific islanders in Nebraska. Because there might be only six such people.
Yes, but what personal or privacy-compromising information does "6 of this list of 836 people have HIV" convey? That that population has a higher-than-normal incidence of HIV as compared the US at large? That's potentially valuable aggregate health information, but I don't see how that compromises anyone's privacy.
It would if you reported "6 of 836 were HIV+ on Tuesday. The next day, a new couple moved into town. On Wednesday, 7 of 838 were HIV+." I don't think the aggregated data that is contemplated here is released on nearly that frequency.
IIRC this is why HHS and HIPAA regulations specify "all ages over 89" as protected health information for purposes of data deidentification – there just aren't that many people who have lived that long.
It also specifies all date elements for patient-specific events (including treatment) more specific than the year must be removed for deidentification generally.
So "I treated a skier with a broken leg in the last skiing season" is something a doctor can't say? (Skiing season is shorter than a year.)
Actually, giving a year of a winter/summer sport-related accident already provides a shorter window for when the accident has occurred. So should all case reports about such be giving at least a two year long window?
