Three seemingly incongruous news items came across my computer screen yesterday:

Senators "scolded Google and Apple" for not doing enough to protect the privacy of smart phone users. As you may have heard by now, iPhones, Androids and other mobile devices collect data that can identify the exact location the device was used. Data is stored for nearly a year. "Senators accused the tech industry of exploiting location data for marketing purposes—a potentially multibillion-dollar industry—without getting proper consent from millions of Americans."

An email from Groupon suggested that I be among the first to try out Groupon Now! "Anytime you're hungry or just looking for something to do, check out Groupon Now! on your mobile device or online to find deals available near you, right now," the email cheered.

And finally, this: HHS plans to release new and improved HIPAA rules by the end of the year. The rules will be aimed at strengthening privacy and security protections as providers exchange more patient data. The department will also initiate a rulemaking for governing the security of electronic health records.

Individually, these are three interesting stories. Patched together, they can be used to illustrate the power—both good and bad—of technology. Your iPhone can track where you are and Groupon can send you an update that the spa on the corner is offering discounts for Swedish massages. It is a bit Orwellian, don't you think? But if your back is hurting, it's a great deal!

So what's the link to health care? As we reported in last month's cover story, smart phone users can download tens of thousands of mHealth apps, and that's just for consumers. Developers have yet to make a dent when it comes to the possibilities for providers.

Now I recognize that some of this is comparing apples to oranges, but stick with me. Last year, I wrote a column for the magazine very similar to this blog. It was called "The New Privacy Norm." In it I referenced a quote from Facebook co-founder Mark Zuckerberg saying that privacy is "no longer a social norm." Well here we are, a year later, and concerns over privacy and security are creeping into every aspect of our connected lives and if mobile devices are becoming little medical assistants connected to some cloud, aren't there bound to be some very big questions?
HIPAA was created in a paper world. Providers and regulators are now trying to figure out how to adapt to the digital, mobile world. What level of privacy and security should we expect? What is the new norm? I'd like to know your thoughts. Email me at