How many people do you see posting all of their conditions and the medications they're taking on Facebook? I can't think of any friend who is THAT open.
Also, whether or not people care about their privacy doesn't mean it shouldn't be protected. Not just for themselves, but for their family as well. --Let's say I don't allow my medical information to be used, by my brother does. If he has a genetic disease and a potential employer finds out about it, they might decide not to hire me because there's a chance I may have it as well, which could cause problems if it ended up needing treatment. Laws that prevent discrimination are all well and good, but the problem can be proving the reason they decided not to hire you.
Never said privacy shouldn't be protected, only that it's not exactly valued by BOTH sides of the equation (and of course, YMMV). Up until recently (Omnibus rule), HIPAA had little practical power in that department from both an audit perspective and a fine/mediation perspective. The largest fine levied? It was for inadequate patient access to their own health information, not a security breach.
And even with the new rule, there are currently no regulations surrounding de-identified PHI being used for marketing purposes, research, or sold for whatever other purposes. So now you have data wharehousers like IMS spinning up software dev depts with the specific goal of harvesting patient data.
As far as identity vs membership vs attribute disclosure, I linked to a good study below.
I find it interesting that there are more comments in the average HN healthcare-related thread than on any of the recent NPRM. Hell, there are more comments here than people who actually showed up for FDASIA.
I support regulation in a lot of cases, and feel that that FDA took a reasonable approach to the recent mobile medical device guidelines. What I, and pretty much everyone else (other than the AMA) rails against is the indiscriminate flip flopping of what regulations, standards, etc will be required, and on what time horizon.
Also, whether or not people care about their privacy doesn't mean it shouldn't be protected. Not just for themselves, but for their family as well. --Let's say I don't allow my medical information to be used, by my brother does. If he has a genetic disease and a potential employer finds out about it, they might decide not to hire me because there's a chance I may have it as well, which could cause problems if it ended up needing treatment. Laws that prevent discrimination are all well and good, but the problem can be proving the reason they decided not to hire you.