Do you honestly think the EU privacy laws that we don't have in the US aren't doing anything?

Its incredible how the anti-regulation types think everything is fine and that no regulation has ever worked.

Regulation is a weapon to be used by powerful interests to bash competitors. For example, utilities love regulation as it gives them a de-factor monopoly and predictable income.

The medical industry widely ignores HIPAA in a holistic way. Ask any practice you visit about their handling of medical records, IT security practices, etc. Heck, ask them if they still use Windows XP.

This is kind of nonsense argument, because most utilities are monopolies by design. The idea is to give utilities a predictable income stream in return for agreeing to abide by certain public interest policies.

Models of efficiency, they are not, to the point that their inefficiency severely hinders their ability to serve "the public interest." They also tend to use their size to squash any potential competitors in their space (see power companies with private solar and the telecom industry versus VOIP).

Again, that's by design. The public authority sets rates at some fixed cost plus reasonable rate of return on capital. The idea is to encourage potentially very expensive capital investment without the perceived danger of subjecting a critical utility to the ups and downs of market pricing.

And utilities act to squash competitors because lack of competition is the whole quid-pro-quo of being a utility. Utilities don't make Twitter-like 30% margins with double-digit growth. The reason private capital is willing to sink money into them is that they get their consistent 10-15% return on a regular basis. Competitors not only upset the arrangement, they can quickly jeopardize that margin.

I'm not defending regulated utilities. I think they're mostly a bad idea, but judging by the discussions around here where people talk about the wonderfulness of water utilities, lots of people are on board with sanctioned monopolies with guaranteed rates of return. But the flaws you're pointing to aren't "abuses of regulation"--they're a conscious bargain between municipalities and utilities.

Quite possibly; the privacy and security portions of HIPAA were included to mitigate the risks associated with the push for electronic systems and standardized data that were more central to HIPAA -- and the enhanced privacy and security features added later in amendments to HIPAA were furthering that in the context of increased standardization and automation that was being promoted in the same legislation; without HIPAA, you might not have as much formal protection of patient data, but you also might have a lot less data in forms that were easy to compromise en masse in the first place.

(Of course, that would also have consequences for administrative efficiency and quality of care, and without HIPAA and the related subsequent acts that included those patient protections as mitigations to potential negative effects of their primary functions, the US might have the least efficient health care system in the developed world by an even larger margin than it currently does, which, even if HIPAA does net some increased risk to patient information, might not be worth the cost.)

One of the sources of a push for federal standards is frustration with multiple conflicting state standards doing the same thing.