1. Union Pac. Ry. Co. v. Botsford, 141 U.S. 250 (May 25, 1891).

2. The American Academy of Family Physicians (AAFP), Confidentiality, Patient/Physician. Available at: https://www.aafp.org/about/policies/all/confidentiality-patient-physician.html. Accessed Jan 15, 2023.

3. AMA Principles of Medical Ethics: 3.1.1. Available at: https://code-medical-ethics.ama-assn.org/sites/default/files/2022-08/3.1.1.pdf. Accessed Jan 31, 2023.

4. 45 CFR § 160.103. means information in any form or medium that is received by Business Associate from or on behalf of Covered Entity, is created by Business Associate, or is made accessible to Business Associate by Covered Entity regarding the past, present or future physical/mental condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual, and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual. For purposes of this article, PHI is used generally to also include electronic protected health information (ePHI) (also defined in 45 CFR §160.103), and electronic health information (“EHI”) as defined in 45 CFR § 171.102.

5. U.S. Department of Justice, Former Hospital Employee Indicted for Criminal HIPAA Violations (Jul. 3, 2014). Available at: https://www.justice.gov/usao-edtx/pr/former-hospital-employee-indicted-criminal-hipaa-violations; see also CISA, Ransomware Activity Targeting Healthcare and Public Health Sector, https://www.cisa.gov/uscert/ncas/alerts/aa20-302a. (last revised Nov. 2, 2020).