The lawyer looking over the records was probably fine. Him paying his neighbor to help him look through them is more questionable.

> The lawyer looking over the records was probably fine. Him paying his neighbor to help him look through them is more questionable.

I don't think so. The "paying" part is important - the neighbour becomes an employee for the duration of the work, which is fine, as then there's a contract between the employer and employee which includes, even if only implicitly, that the employers data is not to be exfiltrated.

If he were simply sharing it with his neighbour for shits and giggles that would be a different story.

If there is anything true in this article "What Are The Requirements For Storing Physical HIPAA Documents"[0], laws were broken. But, I'm not a lawyer, what do I know?

[0 https://www.medicaltranscriptionservicecompany.com/blog/what...]

There was one case where the HHS levied a fine on somebody leaving a stack of boxes on the street. If they are under lock and key it isn’t an issue.

And yes, I think the lawyer does know more than you.

Yup: “An attorney whose legal services to a health plan involve access to protected health information.”