"What we found was that privacy laws are getting in the way of hospitals'" trying to exchange information with each other, she said. "Policy makers are going to have to choose how much EMR adoption they want and at what cost to patient privacy."

It's a viewpoint that is unlikely to sit well with privacy advocates, who are already nervous about the accelerated move to a nationwide EMR system under a announced by President Obama earlier this year. The Health Information Technology for Economic and Clinical Health Act was introduced by Obama as part of the economic stimulus package earlier this year. It provides US$20 billion for the creation of a that would fundamentally improve the way in which health information is electronically accessed, stored and shared.

Health care security experts and privacy advocates cautiously lauded the bill for the many provisions it includes for protecting patient health care data. However, they claimed it doesn't go far enough in addressing all the privacy concerns raised by EMR systems, although they have acknowledged the bill is a step in the right direction.

Among the welcomed provisions are those that require health-care entities and professionals to implement better controls for who can access and share different categories of health-care information. Also seen as long overdue is a provision that prohibits health-care providers from selling protected health information in electronic medical records and imposes limitations on marketing such data.

Such requirements have been considered long delayed in the health-care sector. "However, if the end result of Obama's new privacy legislation is to add extra layers of complexity and necessitate hospital-specific customization of privacy filters then there is the potential for there to be a negative effect," Tucker said.