In an era of rapid-pace technological innovation and political focus on healthcare, the federal government is pushing for nationwide interoperability of electronic health records. While there are many benefits from such a program, the lack of federal or state privacy regulations for patients' personal data opens up the possibility of widespread dissemination of private and sensitive information. This inattention to privacy will cause major problems if exploited.

Currently, there are no federal or Colorado laws that protect against potential privacy violations and provide recourse for a patient if a medical professional decides to insert nonmedical information, such as information about the patient's housing status, into a patient's electronic health record without the patient's prior consent. Although innocuous enough when only the doctor has access to this record, with the increased use of health information exchanges, this information can be disseminated to thousands of healthcare providers around the country. This Comment argues that a comprehensive privacy protection act is critical and long past due for patient protection in the quickly evolving intersection of health care and technology.