Fair enough, but I'm not sure that will be good enough for much longer. With bigger and better datasets it should be increasingly easy to de-anonymize someone based on just knowing something like that.
I can confirm that's not and could never be a HIPAA violation. The information that Doctor X once ordered a blood test for John or Jane Doe with Result Z is totally fine. There's no non-HIPAA violating metadata that could make that information useful.
