Not just 'medical professionals', it's anyone involved with said entity...IT professionals included. That's a dozen plus years working on HR IT systems, as well as working in the IT shop of a medical insurance company, which all required annual refresher training. Fun with HIPAA, PHI, PIIHow is it personal if 100 people watched me get it?
It doesn't matter how many people know about it. It's personal medical information that is illegal for medical professionals to divulge.
Tom
This. They didn't used to be nearly as strict about training and the like but I've had to deal with medical records before and they made sure I knew the rules (and I was only seeing billing data, not the charts themselves.) Nowhere near the hoops that I understand apply these days but both of my parents were psychology teachers who sometimes provided help to students--I grew up knowing about the confidentiality of medical records. Not to mention that in IT you end up seeing things you never discuss without adequately anonymizing, also. (That wasn't spam, I know you're gay. I'm sure he never realized I knew and I never blew his cover.)