Former HIPAA security officer here; to be abundandly clear, there _are_ very specific guidelines for which information must be anonymized.
I don't think you were saying the alternative, just sounded a little like "anything goes" which is definitely not the case.
As for your point about guidelines, that's entirely true - last time I read the section about encryption, it just specified "state of the art encryption" which is... a poor way to specify that.