“It’s working, but it’s got a ways to go,” suggests William Braithwaite, chief medical officer of San Diego-based security and identity management company Anakam. He says that current federal and state privacy rules generally do not address new technologies such as mobile Internet access and personal health records (PHR) platforms.

Deborah Peel, founder and chair of Patient Privacy Rights and the affiliated Coalition for Patient Privacy, begs to differ. She says the August 2002 amendments to the original HIPAA privacy rule effectively eliminated the patient’s right to consent to the use of protected health information by adding permission to share such data for “treatment, payment, and health care operations.”