We’ve all become accustomed to stories about credit card and identity theft. Regrettably, these events seem to be happening with regularity. In late March, Associate Press reported that hackers stole data from at least 45.7 million credit and debit card holders who shopped at TJ Maxx and Marshalls.

''It's not clear when information was deleted, it's not clear who had access to what, and it's not clear whether the data kept in all these files was encrypted, so it's very hard to know how big this was,'' said Deepak Taneja, chief executive of Aveksa, a Waltham, Mass.-based firm that advises companies on information security. The case has led banks to reissue cards to customers as far away as Sweden and Hong Kong.

While it’s bad enough to have one’s identity stolen and credit rating compromised, imagine the damage that could be done to the release of your personal medical records. In the electronic age, medical facilities are rushing to digitize patient records. It’s not unusual to see nurses sitting in front of keyboards in patient examination rooms enter data in the presence of the patient. Johns Hopkins has established a network that enable virtual consultations between doctors as far away as Asia while they simultaneously look at digitized images of patients’ X-rays. Insurance companies now transmit much of their health care claims, patient records, etc. online. This in turn has pushed the private sector to establish private medical record banks and health information exchanges.

One such exchange is the Medical Information Bureau, a not for profit life insurance organization, which provides information on behalf of its members. Wal-Mart, Intel and other companies announced that they were creating a huge database that could store the personal health records of more than 2.5 million employees and retirees. While the companies promise “stringent privacy policies and procedures,” I am not comforted. That’s a whole lot of terabits floating around in cyberspace.

It also raises concerns. Making available information more easily also has a downside because it also makes it accessible to hackers. The reasons for the big digital push? U.S. Department of Health and Human Services, Social Security Administration, Veterans Affairs, and others are pushing hard because of policies such as HIPFAA, Medicare prescription drug program, homeland security, and bottom line drivers such as efficiency and cost savings. The problem is that there is no clear strategy to protect the privacy of patients.

A recent GAO study stated that the administration had a “jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other care providers”. The GAO is the investigative arm of Congress. The Secretary of Veterans Affairs who supervises one of the nation’s largest health care systems said “I concur with the GAO findings.” Mark A. Rothstein, chairman of a panel that advises the government on health information policy “essentially agreed with the GAO findings. Health privacy has not received adequate attention at the Department of Health and Human Services. “A sense of urgency is lacking”. While doubts about privacy and adequate security could slow the adoption and use of electronic medical records, another fundamental problem emerges. Consumers cannot opt out. You cannot tell your health care provider or insurance company not to digitize its records.

Consumers are truly at the mercy of the privacy policies that the government implements, if and when they get implemented. And consumers are totally dependent upon the quality of the security systems, and information sharing practices of the companies.

So what does this mean? The federal government needs to aggressively move forward with implementing its privacy policies. The Federal government should, however, leave the spericic compliance methodologies to the organizations, both public and private. Trying to micromanage this details would be counterproductive. establishing privacy and security policies/objectives will require federal, state and local governments and private organizations to significantly upgrade their security technologies and practices.

Obviously, both the government and private companies need to adopt new standards, new technologies because what they have now is clearly not working. And therein lies the opportunities for new technologies and new and existing companies. The market opportunity is huge.