As regards making a hash out-of-hashing the patient data... From the DT article just above:
"There’s also a real risk that the anonymized data may be exposed and linked to your actual identity. It’s possible to de-anonymize these databases in a variety of ways. We’ve seen accidental leakages of personal information. What one needs to keep in mind, is that if you have this anonymized dossier, it only takes one rogue employee, one time, somewhere, to associate real identities with these databases for all of those putative benefits of privacy anonymity to be lost. 'Pseudonymous', you’re not really anonymous. There’s also evidence of a growing industry that’s aiming to tie together your online tracking with your offline purchasing habits: Onboarding companies"