There are 18 identifiers (PHI). If doctors, nurses, and staff need to access medical records how are they going to ID the patient if according to the law the person reading the information should not be able to ID the individual? I think this needs to be clarified. I can understand how it applies to case studies, research/testing, and protecting individals in the work place. But how does it effect the end user in the medical office, and how can we implement a functional, and HIPPA suitable SharePoint site.