Anyhow, I think the right to privacy is also not absolute. If I'm in public and someone takes a photo, I can't stop that. I also can't force people not to look at me when I'm out in public, or stop them from saying they saw me on the street. Their rights to go about their business in public and their right to free speech are not trumped by my right to privacy.
Medical privacy is different, of course, but that's just another example of my point. In narrow circumstances, certain people (e.g., doctors, hospital staff) can be punished for violating your privacy about certain topics. But there are plenty of exceptions to that. The first hit on my search for "HIPPA exceptions" lists at least 10 reasonable exceptions, including public health and law enforcement: https://www.healthcarecompliancepros.com/blog/exceptions-to-...
In case it isn't clear, I think this is a fine example of balancing societal trade-offs.
Data protection is a huge latent cost in the dispensation of healthcare that goes unnoticed in discussions. And HIPAA can get expensive for the providers.
If you are a small covered entity, HIPAA should cost:
Risk Analysis and Management Plan ~$2,000
Remediation ~ $1,000 - $8,000
Training and policy development ~ $1,000-2,000
Total: $4,000 - $12,000
If you are a medium/large covered entity, HIPAA should cost:
Onsite audit ~ $40,000+
Risk Analysis and Management Plan ~ $20,000+
Vulnerability scans ~ $800
Penetration testing ~ $5,000+
Remediation ~ Varies based on where entity stands in compliance
Training and policy development ~ $5,000+
Total: $50,000+, depending on the entity’s current environment