The HIPAA laws passed in the US to provide for better privacy an security of medical information seem to be a joke in many of the situations in which I've dealt with medical providers. It almost seems like signing a HIPAA acknowledgment form is a formality and as patients, we should understand that HIPAA provides for standard requirements and protections for our data. However I'm not sure that's the case. 

This article talks about the HIPAA laws being a floor, not a ceiling, and a patchwork of laws in various states superceed what HIPAA requires. However in doing so, they create inconsistent regulations and rules that people struggle to understand, and with which technology cannot keep up. I'd take issue with the comment that "Digital systems to move information need simplicity". It's not true. Our digital systems are very adept at handling exceptions and variable routing and security when they are programmed to do so. The problem is ensuring the people writing the code understand all of the rules for the exceptions.

Read the rest of "Data Freedom and Regulation" at SQLServerCentral.