[ars]

The US is trying to do this as well. The very famous HIPAA is actually about that, and not as much about the privacy provisions that made it famous.

Implementation of this goal though ..... not as successful. Mostly because those who make the electronic record systems don't understand the field well. See: https://news.ycombinator.com/item?id=18781264

[dublin]

Go read the requirements - HIPAA is really 90+% about disclosure and reporting of events that compromised private patient information. There is virtually nothing in HIPAA that is aimed at preventing privacy breaches in the first place. Once a breach is disclosed, the penalties in HIPAA pretty much vanish.