Neither the Health Insurance Portability and Accountability Act (HIPAA) nor California's Confidentiality of Medical Information Act (CMIA) do enough to address the privacy and security of patients' health information. That's the conclusion of the Consumers Union and the Center for Democracy & Technology, as outlined in their recently released policy brief. Achieving the Right Balance: Privacy and Security Policies to Support Electronic Health Information Exchange observed that both HIPAA and CMIA are based on Fair Information Practice Principles (FIPs), a set of comprehensive guidelines that govern the way healthcare providers and related organizations collect, use, and safeguard personal information.