[valarauko]

Still seems fishy. Does the pharmacy section not require HIPAA and siloing off from the regular consumer data?

[SkyPuncher]

HIPAA doesn’t require that. Or not in the sense you are suggesting.

This seems like a pretty easy analysis while stating in the confine of HIPAA.

Your basically looking at two data points:

* is [drug] buyer

* total grocer spend

There is no PHI in that analysis and no way for there to be PHI.