Thanks for this, Derek!
Us too. If someone can identify the requesting organization and the address being geocoded then if there was only one patient at that address then the patient could be identified.
As a healthcare organization, there are only 2 types of addresses we would geocode: providers and patients. By far the most volume would be patients. So, by default when you geocode an address you identify that one of your patients lives there. Be paranoid and you avoid HIPAA fines.
Sent from my iPad
There are several HIPAA-compliant geocoders, as outlined in this article comparing them:
Most geocoders are not HIPAA-compliant, including Google Maps, Bing, Mapquest, HERE, and so forth.