On a related note, I read an article yesterday about the proposed new Health Data Base, with all encounters with any medical institution or any health care provider of any sort being cross-linked and cross-referenced. The privacy concerns are supposedly handled by having "security tickets" for various hospital officials, researchers (!!), insurance companies, and law enforcement. (I put the "!!" next to the "researchers" because I don't recall releasing my medical and dietary history to any so-called "researchers." While I have no doubt that many "data miners" would like access to such national data bases, and that some potentially valuable information could be gleaned, I didn't release this information for Joe Gradstudent, Ph.D. candidate to sift through.)
Don't get me wrong - I'm not disagreeing with you about how grim your points are. I just wanted to point out that information "could" be released to researchers without identifying the patient - researchers are generally interested in statistical data, such as the incidence of cancer per zip code, etc., which doesn't require your name to be released. Zip codes are sufficiently populated that this probably is of no danger to privacy. OTOH, the potential for mis-use of such records is high, and allowing access to a huge number of commercial sites, and their employees, certainly opens a lot of holes. - r.w.