Forgive me for being blunt, but you're either being intentionally deceitful, or you have absolutely NO IDEA what you're talking about. Take your pick.
Here are the standards set forth in HIPAA regarding Individually Identifiable Health Information (IIHI). What does IIHI include? Well, HHS and 45 CFR Parts 160, spells it out this way...
(6) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.--The term 'individually identifiable health information' means any information, including demographic information collected from an individual, that--(A) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual, and--
(i) identifies the individual; or
(ii) with respect to which there is a reasonable basis to believe that the information can be used to identify the individual.
Gee, do you think that a BIRTH CERTIFICATE could be used to IDENTIFY someone? Or, in your world, do you think it's just fine and completely compatible to leave those old things just laying about for whatever passer-by to take?
HIPAA protects more than just a patients medical information. It protects ANY personal information the hospital collects on the patient, to include any personally identifiable, billing or even demographic information on the patient.
Either educate yourself, or quit making things up.