I know of an attempt to anonymise voting data from previous years to test a proposed new nomination and voting method for an annual literary award. Despite initial statements by the people writing the code it turned out the historical voting data couldn't be anonymised sufficiently to prevent reconstruction of personal identification without destroying the information the test software needed to see what effects it would have on nominations and voting. Just removing the basic ID fields (name, address etc.) wasn't enough to prevent someone willing to put in the effort to determine who had voted in previous years and what they had voted for if they got hold of the raw data.
It's could be that health records are in the same boat, either they are processed by experimental software in a secure, trusted and licenced sandbox with only the aggregate results made available to researchers or they cannot be used safely at all as research material.