[flukus]

Seen the same working with hospital datasets. We only used them on site (office of third party provider, not the hospital) and anonymized them, but from what I now know about fingerprinting our anonymizations wasn't strong enough and it was also up to us to do, after we received the real data. We mostly did it because we had friends, family and possibly ourselves in some of the hospitals.

We were told it was ok and all the paperwork had been done (we had a somewhat legitimate need), but if that's the case the standards are far too loose and there are far too many copies of patient data around.

It was great for development though.

[sdiq]

Worked as a hospital clerk at one of the top hospitals in my country. This was in the mid 2000s. I thus had access to the system and all the information contained in the same. One day, I got an opportunity to serve a certain female legislator who was/is married to someone from my small city. A nephew of the the legislator's husband is a good friend. Now, I actually needed help from the legislator and thought it was unethical of me to get her contact details from the hospital's system. I eventually got the contact details from my friend. But, while I was careful about this ethical issues, I knew of a colleague of who didn't. While I didn't get the help I wanted from the legislator, I sometimes ask myself whether getting in touch with her, regardless of how I got the contact, was ethical. This dilemma is as a result of the fact that I only met the legislator courtesy of the privilege accorded me by the hospital.

[girvo]

> It was great for development though.

Oh gosh yes. I couldn't have done the project without it, to be honest, not in the time frames needed. Still makes me a little queasy though, although I was the only person given access to said data sets and met with executives from said companies prior to, so I suppose it's not quite as crazy as I made it sound...