Organizations often release and receive medical data with all explicit identifiers, such as name, address, telephone number, and Social Security number (SSN), removed on the assumption that patient confidentiality is maintained because the resulting data look anonymous. However, in most of these cases, the remaining data can be used to reidentify individuals by linking or matching the data to other data bases or by looking at unique characteristics found in the fields and records of the data base itself. When these less apparent aspects are taken into account, each released record can map to many possible people, providing a level of anonymity that the recordholder determines. The greater the number of candidates per record, the more anonymous the data.
Sweeney, Latanya. "Weaving Technology and Privacy Together to Maintain Confidentiality." Journal of Law, Medicine and Ethics 25 (1997): 98-110.