In all, ok most, articles I read about data breaches, there seems to be this standard phrase:
“there was no financial, bank, credit card or health insurance information…”
HIPAA is not about financial info or bank info or credit card numbers.
It is about personal, private health information being viewed by unauthorized people.
Yes, it is possible, with PHI to steal one’s identity, but again, this isn’t what HIPAA is about.
Why you are visiting a physician is not anyone’s business but your own.
Your co-workers and boss don’t need to know.
This is what HIPAA is about.