Discuss two violations concerning medical privacy

What will be an ideal response?

In April 2011, Texas Comptroller Susan Combs announced that a publicly accessible state computer server had contained the personal information for 3.5 million people for at least a year. The information included names, addresses, Social Security numbers and some dates of birth, and driver's license numbers.
Also in April 2011, a college in the United Kingdom e-mailed a list intended for staff to a class of students. The list contained the names, medical histories, and medical conditions of 300 students. The students listed had physical, mental, or learning disabilities. One student with a brain tumor was named, as was another with anorexia. Detailed descriptions were included. The students who received the e-mails were asked to delete them.
In December 2010, a computer at St. Louis University in Missouri was hacked, leading to unauthorized access to personal information, including the Social Security numbers of 12,000 employees. The computer also contained health information ("names, dates of birth, dates of service, testing assessments, diagnoses and treatments" of 800 students who had been counseled by the Student Health Service.
In February 2011, several of Health Net's, a California health insurer, had several of its servers containing personal information and demographic data for 1.9 million patients nationally go "missing." The data included names, Social Security numbers, as well as "sensitive health information." The same company lost data on 1.5 million people in 2009.