Adrian, Thank you for commenting and I’m glad that we can agree that HIPAA should not simply be extended to apps & other online platforms.

As to the many other issues you raise, well, not gonna go there; we don’t agree on everything. Readers can decide for themselves.

It remains to be seen how much of TEFCA will depend on extending HIPAA.

The Goldilocks Dilemma is due to the lack of consent in HIPAA. It’s wishful thinking that we can build any stable interoperability framework on the basis of HIPAA. It’s easy to understand why but nobody really wants to reopen the HIPAA consent issue in Congress at a time when we have 10 different privacy bills in play on top of various state and international initiatives. Interest in privacy continues to grow, as evidenced in the NY Times series as well as a bit of discussion on the campaign trails.

The net result of lack of consent in HIPAA is a rush by various interests as represented in CARIN Alliance to fill the regulatory void through self-serving definitions of consent. The problem with this is that the CARIN Alliance is replacing open regulatory or political process with intense lobbying by a long list of data brokers eager to act as intermediaries outside of HIPAA.

HIPAA covered entities and their vendors have their lobbies. Data brokers have the CARIN Alliance lobby. What do patients have? Hopefully, a strict interpretation and intense enforcement of information blocking by ONC that promotes practice innovation by clinicians and does it without mandated data brokers.