Could this be one of your employees? 

According to the indictment, Howell disclosed "personally identifiable health information" to two people from June to August, knowing they would use it to commit "access device fraud" and identity theft.

How much "personally identifiable health information" gets inadvertently disclosed just to those in your admitting areas or waiting rooms? 

Privacy is a big deal to your patients, clients - and employees.  Maybe you've got a pretty strict document security policy in place.  But what have you done about the acoustic security of your "human network"? 

Walk through your admitting area/waiting room or stand near a nursing station at a peak time and listen.

What information do you hear?