I had a doctor that used first name, last name, birth month, and birth day as their primary identifiers. I was checking in one year for my physical, and was asked for these four data points. The next question was about current medication. The receptionist nurse asked me the question, but before I could answer, she got a really, really odd look on her face, then started glancing between me and the computer. Finally, she asked, with a bit of a smirk on her face, what year I was born. When I responded, she chuckled. Turned out the only record that came up was for someone 30 years my senior, and on a medication that only someone that age would be on. The receptionist nurse dug around in the system and was finally able to find my records, but if she hadn't noticed that the listed prescription didn't match my apparent age, my checkup info would have ended up in someone else's record and it could have gotten messy.
False positives are an interesting case, where things can definitely get messy. That doctor may have used the same system for decades without ever seeing a name collision, but if the receptionist hadn't noticed in that instance, both of you might have had significant problems in the future. Likewise, if someone decides to track another person with malicious intent (say, "that guy I saw my ex with in the restaurant who was wearing the [university] shirt and talked about being in [field] and growing up in [place]") and they end up locating the wrong target, things could get ugly. Or if a company starts sending potentially offensive material to someone they've misidentified, it can trigger family drama or even retaliation.
So it's a two-edged sword. People aren't very anonymous, but mistakes in the de-anonymization process can wreak havoc.
When I worked in Medical Records in a capital city in the UK, your date of birth was the primary key of filing: not querying for the year is then a basic procedural error, but then again doctors surgeries have far lower standards than outpatient departments. Incidentally, I have found my experience as a filing clerk to be far more useful to my coding life than any of the other crap jobs I did..
Here in the UK we have an NHS number, which curiously is not the same as your NI number (equiv to an SSN). Unlike the SSN in the US, the NHS number isn't used for anything else, and the NI number is only used for tax.
Based on the interaction, I could obviously deduce that there was someone else with the same four data points that saw the same doctor and was 30 years older. I don't know if that, in and of itself, is breaking confidentiality.
If they had started entering my data into that person's record and subsequently realized the error, then they might have had to break some confidentiality in order to clean up our conjoined record.