Two powerful forces, seemingly at odds, are sweeping through Americas healthcare system: the accelerating implementation of digital and information technologies (IT) and society's demand that our personal medical information be protected from improper disclosure. Lawmakers in Congress, the Executive Branch, and the states are struggling to develop public policies which strike the right balance between encouraging the use of healthcare IT and protecting the privacy of our personal health information.

The truth is that even the most thoughtful, carefully honed privacy policy, standing alone, will fail to prevent purposeful or inadvertent disclosures of protected healthcare information. Instances of digital health records being released through email or via the Internet due to human error, or worse, are regularly reported. Such events undermine the publics confidence not only in the company that releases the information but in Americas private healthcare system. Understandably, patients are increasingly reluctant to share sensitive medical information with their clinicians for fear their secrets will become known by family, friends, neighbors, employers or even strangers.

The incentives to assure privacy protections have become even sharper as medical privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), begin to be enforced. The civil and criminal penalties which may be levied under HIPAA and other federal and state laws, not to mention market consequences, should focus the attention of health insurers, providers, physicians, data companies and others on using strategies to keep personal health information private. Beyond the risk of governmentally imposed sanctions, lie platoons of trial attorneys who are sharpening their focus on this new area of liability.