[AnthonyMouse]

You're now talking about a different section of the same act. There are some separate provisions in there to fight insurance fraud, but that doesn't really have a lot to do with privacy for medical records, except to the extent that having somebody else's medical records might make it easier to commit insurance fraud against their insurance policy.

[URSpider94]

The quote explicitly says that the act covers “how PII ... should be protected from fraud and theft.” HIPAA is ostensibly about protecting patient privacy and data. It’s certainly possible that the insurance industry went along with it because they figured it would help them keep their patient data proprietary, but that most certainly wasn’t the goal of the legislation.

[AnthonyMouse]

What do you think "fraud and theft" mean in this context? Sick people aren't great fraud targets, they're frequently unable to work and have already lost what money they had to medical bills. The "fraud" is insurance fraud, for which the PII would be things like your name and policy number (i.e. what's needed to file a fraudulent claim against your policy) rather than your actual medical records. And the parties most interested in having access your medical records are the insurance companies themselves, as already mentioned. There is a fairly large financial incentive for a shady insurance company to use patient medical records to poach low risk patients.