As hospitals and physicians transition to greater use of electronic patient data, it's becoming clear that the last generation of privacy laws may not be sufficient to deal with a world in which EMRs are commonplace, according to a growing number of privacy experts.

HIPAA privacy rules, which took effect in 1995, did a good job of protecting patient data from unauthorized spying into their health information, and giving them access to that information. However, it doesn't give patients the right to own or control their own health data, an issue that is becoming particularly pressing as health exchanges arise in various forms and patients want more control on a case-by-case basis over who sees their data.

David Brailer, former national coordinator for health IT and chair of health Evolution Partners, said lawmakers should transform privacy regs to allow patients to opt in to information sharing on a per-case basis. This kind of system would allow patients to manage their records, keep their privacy and move from one physician to another easily, he told iHealthBeat.

To learn more about this issue:
- read this iHealthBeat.org piece

Related Articles:
How will California's tougher-than-HIPAA privacy laws impact U.S.?
Stimulus bill sets new HIPAA rules, but will it make a difference?
HIPAA privacy rules not enough, IOM says