The thesis is that you can waltz into a doctor's office AND a hospital with faked records and get the treatment needed. Basically the important bit is the insurance info - what has happened to "you" is less important than what you want to eventually happen to you (in the example given, a heart transplant).
I kinda doubt this, at least in a general sense. First off, you can show all the insurance cards and 'insurance info' to the medical provider all you want. The provider is going to query the insurance company before doing anything expensive. Fine, you say, call them all you want, the 'patient' is insured (it's just not the right patient). Now comes the hard part. The minute that the insurance company starts getting claims from both Peoria and Trenton, NJ flags are going to go up. Other old records would be sought (for something big like a transplant or joint replacement) which would likely not match.
Anything remotely resembling a heart transplant is going to fall apart unless both the real and fake patient have nearly identical physiques, ages and problems. More routine issues could go undetected for a while but persistent discrepancies would show up and as soon as the insurance company flagged the claim as problematic, big ticket items would be placed on hold until things go cleared up. When I worked in an early Medicaid HMO in the 1980's we had some problems with folks 'sharing' the Medicaid ID card (no picture, just a printout basically). It was pretty obvious when the patient's weight varied 30 pounds every other week. We soon insisted on photo ID.
And, in fact, the feds also insist on photo ID these days. Yes, if you're bleeding out we don't ask for it up front but as soon as your blood pressure normalizes we're poking around to figure out just who you are.
So it's possible that that full on medical records might be of value, but it's going to be much harder to monetize than a credit card number and likely would be of limited use. That doesn't mean that the information shouldn't be sealed up, of course. I'm just not sure how big a deal this is. And, in the case of the Community breach, they apparently did not get that information anyway.