One example. A friend of mine who works at a hospital told me about a colleague (a nurse) who looked up her own test results since she was anxious and could not wait using her login to the main system (for providers). She got flagged in the system and reprimanded. Every access is logged.

it's worth noting for others that this was almost certainly a hospital policy violation, not a hipaa violation. There's nothing in hipaa that prevents a person from accessing their own record (though I have heard hospital administrators try to claim otherwise).

You need to be part of a patient’s care team, using that data to further their care. Any other access is a violation.

Med students get a little grey area on this because their job is to absorb as much info as possible without necessarily providing care, but even they shouldn’t venture outside the census of their supervising physician.

That's absolutely false. Many other people need to be able to access the data just to keep systems working. I've worked in a HIPAA environment (as well as FDA class 1 / ISO 13485) for nearly 15 years now.