Comment by ethbr1

Do you have any details on this?

I'm sure there are legal HIPAA data escape pathways (given the financial incentives for companies to find them), but I'm curious on the details.

Afaik, there's no way to make HIPAA-covered data non-HIPAA-covered, and absent that everyone in the custody chain is responsible for anywhere it eventually ends up.

That said, I expect the way this works in practice is more likely data that originates with non-HIPAA-covered entities, but can be massaged/combined into a similar product.