Some great information here about using SharePoint in HealthCare.
Compartmentalization with a robust security grouping strategy can pay dividends. in many cases SharePoint can be used to manage workflow because the process of managing the workflow does not require visibility to PHI/PII information. In these cases separate and compartmentalize the PHI/PII data and control access through security groups.
I built this capability in SharePoint 2007 using associated lists. This allowed teams to review case workload and progress without having to see member information. Yet the member information was accessible via a simple hyperlink, providing the viewer had adequate security rights.
As is correctly pointed out, this needs Administrator involvement from the outset and ideally the creation of utilities and web parts that support this approach so that we make it easy for site administrators/developers to create departmental and team workflows that remain HIPAA client and don’t divulge PHI or PII to unauthorized personnel.