"Frankly, I'm quite scared about what's happening today," Bedoya said. "We don't know what these folks do with this data."
And yet, the policy response has been lacking. Consumer privacy legislation that would set new parameters for the commercial sector hasn't seen serious consideration in recent sessions of Congress, and the near-term prospects for breaking that "legislative stasis," as Bedoya puts it, are not bright.
"There is a sad fact in commercial privacy," he says. "Nothing's happening and nothing's going to happen" in the U.S. Congress.
Privacy advocates call on FTC to pursue consumer protections from mobile device data brokers
As a privacy advocate, Bedoya is calling on state legislatures and regulators at the Federal Trade Commission, which has signaled its concerns about both mobile devices and the practices of data brokers, to take up the issue and press forward with consumer protections.
However, some officials at the federal level caution that the promise of health IT applications has always been hampered by interoperability issues, and that that challenge could only be exacerbated should states go in their own direction in passing privacy laws.
"As we try to build standards for how the healthcare system will operate with technology, if we have rules that vary from state to state, it's just monumentally harder to build a nationwide system because Texas is doing something different from California," says Lucia Savage, chief privacy officer at the Office of the National Coordinator for Health IT, a division of the Department of Health and Human Services.
Nevertheless, experts stress the importance of getting the legal and regulatory structure right. Fu makes the practical point that the adoption of health IT applications, and their potential to improve care and even save lives, could flag if consumers and providers are spooked about privacy and security issues.
"My biggest concern is what happens if patients begin to not accept medical care because of fears of cybersecurity problems," Fu said. "I think it will be a real tragedy if we are not able to give patients the confidence to accept the recommendations of their physicians and their medical teams."
Sign up for CIO Asia eNewsletters.