In the US, HIPAA would apply to individually identifiable health information. HIPAA Providers share information with other HIPAA-covered entities all the time under contracts where the associate entities (non-providers) agree to comply with HIPAA privacy rules.
Those are generally with patient's previous consent though, right? Things get a lot easier if you have somebody sign some documents before you start working on them.
