You are smart to ask this question, since patient address data is considered PHI. Per the rules, the only part of an address that is not PHI are the first three digits of the ZIP code provided it contains more than 20,000 people. There are a couple of different HIPAA-compliant geocoders. You can see a comparison of them in this article: Geocodio+HIPAA -- generally the most affordable option and is fully HIPAA compliant. Cloud-based by default but with on prem available. (API and spreadsheet upload) MelissaData -- usually more expensive. API, spreadsheets via FTP, or PC software Texas A&M, but only by special board review as mentioned above. More affordable. API only. Spatialitics Health, powered by Esri. Like Tableau but for health. Pricing not listed on website. Most of the popular geocoders are not HIPAA compliant and will not sign a BAA. This includes Google Maps Platform, Bing Maps, HERE, Census Geocoder, and so forth. (A full list of the non-compliant geocoders is in the article above).
... View more