If you stole the records, you could be prosecuted for theft, not a HIPAA violation. The hospital or provider, however, could be prosecuted under HIPAA if they had not done due diligence in securing the medical records in the first place.
I work out of my home, and I read medical records every day. If I leave them out on my desk, and someone walks into my office, and takes them while I was gone, that would be a HIPPA violation on my part only. But if I had them in a locked file cabinet, and you broke in and stole them, I probably wouldn't be, because I had used "due diligence".
I am sure the patient could sue you in a civil court for the release of information, but criminally you would probably get only the theft, and possibly breaking and entering.
Thanks for the explanation.