I think his point is that this only addresses patient consent and website publicity, and nothing about what they do to actually keep patient data secure and private.
You'd think they conform to HIPAA, which everyone knows is primarily a shield from lawsuits. As long as you follow HIPAA rules you are immune from liability after data exfiltration incidents. The seemingly inexhaustible amount of patient data on the Interwebs would confirm this view.
I think prettymuch anything they could do would be better than paper files sitting in unsecured rooms protected only by people's sense of individual decency; or worse, no files at all.
Maybe your local dentist is like this, but almost all 'large-ish' hospitals are totally digital these days. The compliance rules for patient data safety and security are really crazy too, I would not be worried. That said, paper is in fact more secure in general, as it is very difficult to just 'grep' a filing cabinet, move several of them in a few seconds, or ransom-encrypt all of them before anyone notices.