Why would a letter to an insurance company on behalf of a patient not include PII? The letter itself is surely mostly PII. And is almost certain to contain privileged information.
Probably not. You fill in the PII afterwards and it’s essentially just metadata. Patient has this condition, needs this test, has had this and that happen” those things aren’t PII. Leave out names, places, ID numbers, etc and you have appropriately deidentified a document.
How do you envision that happening? There’s no big database of people’s medical conditions out there that you can use to lookup their name and address, so it’s kind of like an impossible reverse lookup that would need to be done right? Unless you’re talking about a state level actor or something that is tailing someone’s movements around like Jason Bourne and cross referencing it with medical GPT queries, but in that case you’re gonna be compromised anyway in probably far easier ways.
