1. Should you give the data out?
Absolutely not! I am not the owner of the data, the patient is. Providing such a detailed information is a major risk that could identify the specific person and sharing that is a violation of a HIPAA regulation.
2. How do you not violate any of the general principles of informatics ethics (and) 3. If you want to provide the data to them, what and how will you do it?
First, a research team must fill in an official form and make a request through the responsible organisation. They must disclose their scope of study and state their requirements and data specifications through the ethics committee. Then, the data must be encrypted or de-identified/anonymised/pseudonymised prior to distribution and ensure data safeguarding with the HIPAA rule.