Mama bear has had some shit going on that may be hereditary her day had the same symptoms
however he passed away 8-10 years ago

can she access his records?
are medical records kept in an online database or are we literally going to have to call every hospital in the country(her dad was a rolling stone :) )

In all likelihood, the latter (calling every hospital). If it were a VA or a KP, they may all be in one place, but that would assume all [old] records were put [scanned] online about 10 years ago, which is just newer than when both of those systems got their current online health records. Big assumption.

Your bigger hurdle is HIPAA. Unless the rolling stone filled out a release, they may be sealed for good unless Mama bear's doctor requires something specific from a specific place and even then I wouldn't hold my breath.
Sorry.

HIPAA dies with the patient.

I imagine going to her doctor and asking them would probably give you the best results

HIPAA dies with the patient.

I don't think that's correct. I thought HIPAA extended for 50 years after death unless the deceased had a personal representative(s) authorized to access the records. And there are others who can access the records, but they have to be an "authorized" person under HIPAA laws. Then again, I'm no lawyer so that info could be wrong.

Just found this on the HHS website:

Health Information of Deceased Individuals

45 CFR 160.103, paragraph (2)(iv) of the definition of “protected health information”

Background
The HIPAA Privacy Rule protects the individually identifiable health information about a decedent for 50 years following the date of death of the individual. This period of protection for decedent health information balances the privacy interests of surviving relatives and other individuals with a relationship to the decedent, with the need for archivists, biographers, historians, and others to access old or ancient records on deceased individuals for historical purposes. During the 50-year period of protection, the personal representative of the decedent (i.e., the person under applicable law with authority to act on behalf of the decedent or the decedent’s estate) has the ability to exercise the rights under the Privacy Rule with regard to the decedent’s health information, such as authorizing certain uses and disclosures of, and gaining access to, the information. With respect to family members or other persons involved in the individual’s health care or payment for care prior to the individual’s death, but who are not personal representatives, the Privacy Rule permits a covered entity to disclose the relevant protected health information of the decedent to such persons, unless doing so is inconsistent with any prior expressed preference of the deceased individual that is known to the covered entity.

How the Rule Works

The HIPAA Privacy Rule applies to the individually identifiable health information of a decedent for 50 years following the date of death of the individual. The Rule explicitly excludes from the definition of “protected health information” individually identifiable health information regarding a person who has been deceased for more than 50 years. See paragraph (2)(iv) of the definition of “protected health information” at § 160.103. Thus, for example, a HIPAA covered entity that maintains health or medical records, correspondence files, physician diaries and casebooks, or photograph collections that contain identifiable health information on individuals who have been deceased for more than 50 years may use or disclose the information without regard to the Privacy Rule because the information is not considered protected health information.

During the 50-year period of protection, the Privacy Rule generally protects a decedent’s health information to the same extent the Rule protects the health information of living individuals but does include a number of special disclosure provisions relevant to deceased individuals. These include provisions that permit a covered entity to disclose a decedent’s health information: (1) to alert law enforcement to the death of the individual, when there is a suspicion that death resulted from criminal conduct (§ 164.512(f)(4)); (2) to coroners or medical examiners and funeral directors (§ 164.512(g)); (3) for research that is solely on the protected health information of decedents (§ 164.512(i)(1)(iii)); and (4) to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating organ, eye, or tissue donation and transplantation (§ 164.512(h)). In addition, the Privacy Rule permits a covered entity to disclose protected health information about a decedent to a family member, or other person who was involved in the individual’s health care or payment for care prior to the individual’s death, unless doing so is inconsistent with any prior expressed preference of the deceased individual that is known to the covered entity. This may include disclosures to spouses, parents, children, domestic partners, other relatives, or friends of the decedent, provided the information disclosed is limited to that which is relevant to the person’s involvement in the decedent’s care or payment for care. See 45 CFR 164.510(b)(5). For uses or disclosures of a decedent’s health information not otherwise permitted by the Privacy Rule, a covered entity must obtain a written HIPAA authorization from a personal representative of the decedent who can authorize the disclosure. A decedent’s personal representative is an executor, administrator, or other person who has authority under applicable State or other law to act on behalf of the decedent or the decedent’s estate. See 45 CFR 164.502(g)(4), as well as guidance on personal representatives available at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/personalreps.html, for more information.