Unless there’s a subpoena, no one may review your medical records except the practitioners who treat you and the facilities where they do it, the insurance company that covers you and hospital overseers charged with evaluating doctors’ competency.

It’s federal law—the Health Insurance Portability and Accountability Act (HIPAA). Penalties for breaching medical record privacy are stiff. Civil penalties can reach $50,000 per violation. Criminal penalties for breaches committed for "commercial advantage, personal gain or malicious harm" can cost $250,000 and 10 years in jail. State laws accord patients the right to sue for such breaches of privacy.

You might remember when a UCLA medical clerk went celebrity-record snooping a few years ago, and got caught. We wrote about it, and how the feds slammed the university with an $865,000 fine.