Do we really need more rules to protect health information?  Certain health experts seem to think so.   Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights Foundation, believes that "thousands" of electronic databases that contain patients’ health records exist, and that those patients don’t have any way to keep their personal information from being shared with third parties. 

Dr. Peel also believes that HIPAA leaves major gaps in privacy because it gave many organizations with ties to health-care vendors, including offshore transcription vendors, insurance brokers and others, authority to use health care records.  "Because of this confusion that HIPAA engendered," she states "data is being exchanged and used for reasons that have nothing to do with people getting well."  

At an electronic health-records privacy forum sponsored by public relations firm Dittus Communications, panelists agreed that some type of comprehensive privacy policy for e-health records is needed, but disagreed on how to accomplish it. 

David Merritt, project director at the Center for Health Transformation and the Gingrich Group, called for private groups to develop privacy standards.  The U.S. Department of Health and Human Services proposed moving a privacy commission to the private sector, but a bill sponsored by Senator Edward Kennedy, a Massachusetts Democrat, would keep that commission in the federal government.  Merritt, however, points out that in most other industries, private organizations have developed privacy policies, and calls on a public and private partnership to create new privacy standards for EHR. 

in New Jersey, there is significant activity on both the public and private front to develop privacy policies that balance protecting individuals privacy rights with the benefits of beginning implementation and utilization of e-Health Records.