No your interpretation is wrong. Date does not means month.
Date contains Day/Month/Year. Here are 2.5 Million raw inpatient visits released by New York State meeting criteria for HIPAA Limited data, as you can see not only do they contain month and year but also day of the week. [1,2]
Elements of date other year, what must be removed to meet the blanket, by element test, means both month and date must be removed.
The alternate standard, which is typically used by large scale releases, is review by a professional expert (the specific expertise and determination is in the reg I cited) to validate that they aren't reidentifiable.
Your first link is not what you describe, it's a description of the definition of a limited data set under HIPAA, which can be disclosed for research, public health, and health care operations purposes. It notes that it can include full dates, and also explicitly notes that it is explicitly not considered deidentified, but is still PHI under HIPAA.
Your second link is unrelated to the first, and does contain day of week and year, but I don't see month. In any case, it's the kind of release from the kind of organization that is likely to have professional on staff and not rely on the blanket, by-element deidentification standard. That's not true of most practices and practitioners.
Actually individual physicians who have treated patients have far far lower requirements, otherwise they would not be able to discuss cases with their colleagues and would have a chilling effect on practice of medicine. What the links show is that its considered acceptable even at level of millions of patients.
I might be missing the obvious, but I don't see any months in the de-identified dataset you linked?
Your second link also says a limited dataset is considered PHI and can only be shared with third party under certain conditions and with a data use agreement.
Elements of date other year, what must be removed to meet the blanket, by element test, means both month and date must be removed.
The alternate standard, which is typically used by large scale releases, is review by a professional expert (the specific expertise and determination is in the reg I cited) to validate that they aren't reidentifiable.
Your first link is not what you describe, it's a description of the definition of a limited data set under HIPAA, which can be disclosed for research, public health, and health care operations purposes. It notes that it can include full dates, and also explicitly notes that it is explicitly not considered deidentified, but is still PHI under HIPAA.
Your second link is unrelated to the first, and does contain day of week and year, but I don't see month. In any case, it's the kind of release from the kind of organization that is likely to have professional on staff and not rely on the blanket, by-element deidentification standard. That's not true of most practices and practitioners.