Once your data is inside the hospital it can still be widely shared, though subject to regulation. I was part of two research efforts called SHARPS and THaW that studied trust, privacy, and security in medical systems:
One research group analyzed how patient data is shared inside medical systems and found that in some cases as many 300 different entities had access to your data. The billing companies, consultants, out of network clinicians, staff, testing companies, supply companies, IT management companies, outside expert consultations, insurance companies, medical device companies, data analysis companies, and many more. In some cases it was unclear if the data was further shared with subcontractors and other third parties.
https://sharps.org/ https://thaw.org/
One research group analyzed how patient data is shared inside medical systems and found that in some cases as many 300 different entities had access to your data. The billing companies, consultants, out of network clinicians, staff, testing companies, supply companies, IT management companies, outside expert consultations, insurance companies, medical device companies, data analysis companies, and many more. In some cases it was unclear if the data was further shared with subcontractors and other third parties.