[vba616]

You really think that HIPAA prohibits distributing any data at all, providing it has a fig leaf of being deidentified?

I mean, aside from Facebook, how do you think people do medical research? Data sets are available to the public.

Decades ago, somebody showed that deidentification was completely meaningless because with just a few data points almost everybody can be relinked.

You are probably the only person in your zip code, with your gender, and your birthdate (including the year).

Distributing that information with any medical record you ever had is not prevented by anything I know of. As long as your name and SSN is not with it.