Data de-identification is increasingly necessary to reduce organisational risk. Expert determination to assess re-identification risk is an explicit pathway for HIPAA compliance, but can also be used to provide assurance of compliance in Australian (OAIC / APPs), European (GDPR), and mixed international regulatory contexts. In many cases this kind of analysis can be completed promptly providing a better value alternative than large privacy orgs.