As part of the stimulus package, $20 billion will be pumped into the health care system to accelerate the use of electronic health records. The goal is both to improve the quality and lower the costs of care by replacing cumbersome paper records with electronic records that can be easily stored and swiftly transmitted.

The idea is sound, but it also raises important questions about how to ensure the privacy of patients. Fortunately, the legislation would impose sensible privacy protections despite attempts by business lobbyists to weaken the safeguards.

With paper records the opportunities for breaches are limited to over-the-shoulder glimpses or the occasional lost or stolen files. But when records are kept and transferred electronically, the potential for abuse can become as vast as the Internet.

Electronic health records that can be linked to individual patients are already protected by laws that apply primarily to hospitals, doctors, nursing homes, pharmacists, laboratories and insurance plans. The stimulus bill that has passed in the House, and a similar bill awaiting approval in the Senate, would strengthen the privacy requirements and apply them more directly to “business associates” of the providers, like billing and collection services or pharmacy benefit managers, that have access to sensitive data but are not readily held accountable for any misuse.