Increasingly, medical records are being stored in computer databases that allow for efficiencies in providing treatment and in the processing of clinical and financial services. Computerization of medical records has also diminished patient privacy and, in particular, has increased the potential for misuse, especially in the form of nonconsensual secondary use of personally identifiable records. Organizations that store and use medical records have had to establish security measures, prompted partially by an inconsistent patchwork of legal standards that vary from state to state. There is widespread appreciation among policy makers regarding the need for legal reform. The Health Information and Portability Accountability Act of 1996 mandated that the Administration develop regulations regarding the control of medical records. The Administration has offered regulations from the Department of Health and Human Services (Standards for Privacy of Individually Identifiable Health Information; Proposed Rule 45 CFR Parts 160 through 164). Survey data reveal what healthcare professionals who have access to sensitive medical records believe are the greatest threats to patients' privacy. The overlap between Administration proposals and the responses of healthcare professionals is striking.