Https only helps a little. Let's say you need to see a medical specialist. The first thing you need to do is go to the doctor's web site and fill out a new patient form. It's easy for a ISP to see where you connected and that you pushed a block of data (filled out a form). Therefore you must have what ever problem the specialist treats. So much for HIPAA and other privacy protections.