Gravar-mail: Evaluating re-identification risks with respect to the HIPAA privacy rule