From CDT:
The California Healthcare Foundation has published a major issue brief by Deven McGraw, director of CDT’s Health Privacy Project, which analyzes the health privacy landscape in California before 2009 and changes made by enactment of recent improvements to both California and federal health privacy laws. As electronic medical records become more widely used in the changing U.S. health care environment, will consumer privacy be at risk in the process?
McGraw’s paper examines numerous improvements in federal health privacy law, but also notes significant gaps in privacy protection that deserve further attention from state and federal policymakers. May 14, 2009
CDT Issue Brief [PDF] May 12, 2009
I have not yet the full paper yet, but I noted one conclusion in skimming it that is consistent with what I have been arguing for years:
Extent of coverage. Neither ARRA-enhanced HIPAA nor CMIA fully protects all health information because certain entities that hold health data fall outside the coverage of both these laws. Privacy and security protections should be extended to data regardless of who created it or now has custody or control over it.