Great video, thanks for sharing.

TL;DW: HIPAA was actually created to allow insurance companies to share patient data without having to get patient consent. Before HIPAA, data was more fractured and less commonly shared. The only privacy protections it offers is, e.g., your doctor not giving your data to your boss. But about 1.5 million private entities can legally access your data (everything from health startups to insurance companies to hospitals)