From CDT.org:
The public has significant privacy concerns about having their medical records on-line. That mistrust of health IT poses a serious obstacle to its widespread adoption. We need to build on the privacy rules already found in HIPAA and create new protections leading to a comprehensive privacy and security policy framework for the evolving e-health environment. But persistent myths about HIPAA’s privacy provisions create obstacles to moving forward with workable policy solutions. Our “HIPAA and Health Privacy: Myths and Facts-Part II” paper debunks some of the most common myths, clearing the way for more productive discussions about the policies needed to build the public’s trust in health IT.
HIPAA and Health Privacy: Myths and Facts-Part I [PDF], March 11, 2008
HIPAA and Health Privacy: Myths and Facts-Part II [PDF], January 09, 2009
For a previous commentary on some of the issues discussed in CDT’s discussions, see my June commentary. Although I agree with CDT that informed consent (not just “consent” as they call it) is not a panacea, it must still be a bedrock principle in developing any new legislation.