[nathanaldensr]

I was wondering something similar. If Party B acquires Party A's anonymized-but-subject-to-HIPAA data and successfully deanonymizes it, who is liable? If the data is deanonymized, doesn't this mean the data wasn't sufficiently anonymized to begin with and Party A has some liability? Is Party B also liable since their goal from the start was to deanonymize the data?

[leecarraher]

Hopefully ICA susceptible De-anonymization techniques are no longer HIPAA best practice. Or perhaps this is a study to prove that newer additive and multiplicative techniques, are also susceptible to De-anonymization attacks.