[dahinds]

I can go to a data broker and purchase access to de-identified EMR data for most of the U.S. population. There are much more useful de-identified datasets around than ours, if someone is motivated to try to re-identify those datasets. That data is all bought and sold without anyone's consent and this is all fine under HIPAA.

[dekhn]

I wasn't trying to convince anybody otherwise. I think the noise about 23&Me's data to be pretty uninteresting. I published my own genome (through PGP) for anybody to download, and I know that people have identified me from my post https://news.ycombinator.com/item?id=7641201 and other comments.