[laurenstill]

Never said privacy shouldn't be protected, only that it's not exactly valued by BOTH sides of the equation (and of course, YMMV). Up until recently (Omnibus rule), HIPAA had little practical power in that department from both an audit perspective and a fine/mediation perspective. The largest fine levied? It was for inadequate patient access to their own health information, not a security breach.

And even with the new rule, there are currently no regulations surrounding de-identified PHI being used for marketing purposes, research, or sold for whatever other purposes. So now you have data wharehousers like IMS spinning up software dev depts with the specific goal of harvesting patient data.

As far as identity vs membership vs attribute disclosure, I linked to a good study below.

I find it interesting that there are more comments in the average HN healthcare-related thread than on any of the recent NPRM. Hell, there are more comments here than people who actually showed up for FDASIA.

I support regulation in a lot of cases, and feel that that FDA took a reasonable approach to the recent mobile medical device guidelines. What I, and pretty much everyone else (other than the AMA) rails against is the indiscriminate flip flopping of what regulations, standards, etc will be required, and on what time horizon.