Meg Alexander of KFOR in Oklahoma reports that hundreds of medical files containing Social Security number and medical records from the office of from Dr. David Cavallaro, a podiatrist, were found in a dumpster.
Oklahoma reportedly has no law governing disposal of medical files.
Now if there was a national data protection law that required proper disposal of paper records containing PII/PHI, that might help. Unfortunately, H.R. 2221 does not cover paper records and only calls for a study on expanding protection to paper records.