[dragonwriter]

> Do you honestly think patient information would be safer without HIPAA?

Quite possibly; the privacy and security portions of HIPAA were included to mitigate the risks associated with the push for electronic systems and standardized data that were more central to HIPAA -- and the enhanced privacy and security features added later in amendments to HIPAA were furthering that in the context of increased standardization and automation that was being promoted in the same legislation; without HIPAA, you might not have as much formal protection of patient data, but you also might have a lot less data in forms that were easy to compromise en masse in the first place.

(Of course, that would also have consequences for administrative efficiency and quality of care, and without HIPAA and the related subsequent acts that included those patient protections as mitigations to potential negative effects of their primary functions, the US might have the least efficient health care system in the developed world by an even larger margin than it currently does, which, even if HIPAA does net some increased risk to patient information, might not be worth the cost.)