Privacy and and security seem to be an afterthought, at best, in these plans and associated documents. Given the fact that attacks on health care data are already growing at an alarming rate (as predicted by many analysts) and that the health care industry is 10-20 years behind financial services when it comes to security and fraud prevention, this plan seems premature. At the very least, it's stated goals need to place privacy and security at the forefront, for until that gap is closed, any effort to expand the footprint of such sensitive information is, to say the least, misguided.