I've little doubt you're asking rhetorically Trigun, but I'll play anyway ;)
1) that the "anonymised" data cannot be easily de-anonymised within the life time of the person
<1a> It's been declared that consensually granted data can be retracted on request, so the declared pseudo-anonymous data is traceable.
<1b> Given large enough data sets, anyone proficient in data manipulation can cross reference with a high enough degree of accuracy to negate even fully anonymised data.
2) that the central database can never be hacked now or in the life time of anyone who's data is in it
<2a> No known systems are infallible, so nope.
3) that a law will never be changed or created within the life time of a person to allow their data to be de-anonymised
<3a> Simply, no.
4) that the data will never be used for anything other than medical study
<4a> Due to <1b>, <2a> and <3a>, no, as control over the original data cannot be guaranteed.
5) that the data will never be used to the detriment of the personal providing it
<5a> No, due to <3a> and <4a>
Well, waddaya know, we agree after all! Have a beer on me --->
Just to pretend to play devil's advocate, I quote Dr. Walter Bishop "Leprechauns are possible!".