Clinical epidemiology and patient-oriented health care research that incorporates neighborhood- level data is becoming increasingly common. A key step in conducting this research is converting patient address data to longitude and latitude data, a process known as geocoding. Several commonly used approaches to geocoding (e.g. GGMAP or the tidygeocoder R package) send patient addresses over the internet to online third-party geocoding services. Here we describe how these approaches to geocoding disclose patient’s Personal Identifying Information (PII) and then subsequent publication of the research findings discloses these same patient’s Protected Heath Information (PHI). We explain how these disclosures can occur and strategies to maintain patient privacy while studying neighborhood effects on patient outcomes.