This is pretty ridiculous: Nonprofit hospitals survive on fundraising, volunteer efforts, etc. Some would close without that type of support. HIPAA allows covered entities to use the demographic information they have on patients to solicit donations from those patients. There are some good, effective safeguards: the Notice of Privacy Practices the covered entity gives the patient at the beginning of the relationship must state that fundraising may occur (presumably the patient could seek to be opted-out in advance), the covered entity can't use disease-specific or treatment-specific information to target-market the patient (can't solicit for a new cancer center by selectively soliciting from past cancer patients, for example), and the soliciation must include an opt-out provision for the patient to request that no more solicitations be sent. Apparently, that's not enough for some people.
Give me a break. This is a very good balance between reasonable fundraising activities and patient's privacy.