Having some very in-depth knowledge of the states and widely deployed EMR (Electronic Medical Records) systems and networks, I can tell you that the large problem here is as some have stated,
THE INFO GETS RECORDED. Then shared EASILY with anyone. Some of the new state of the art EMR systems being used at large area hospitals (and all affiliated doctors are required to install the systems, this means most private practices that are affiliated in any way with the hospital) have wireless tablets that allow the doctors to record all of this info easily and clearly directly into your patient file during your visit.
Questions like, do you own firearms, are there guns in your house, do feel safe at home, have your parents ever yelled at each other, etc. are yes/no questions in the patient record. Along with any diseases you have, complaints you've had, things you've discussed etc.
Any person in this network (with the proper access) can pull it up, see all of your x-rays, any imaging, all your drugs current/past, all of your survey answers, blood test results, doctors notes, etc. etc. This information can and is being given to insurance companies, police, gov, etc.
Access to information and speed/ease of availability are a HUGE factor. Back in the day (tm) when something like this would be kept in a big paper folder in the basement, not much risk, as a lot of work had to be done to get to it. Now with info being aggregated and easily/quickly accessible to basically anybody (yes there are laws protecting medical data... lol.. but do laws stop crime?) this is a huge risk and invasion.
The old adage, you were always giving this information in the past, why should it be different now doesn't apply, as before you couldn't in 30 seconds pull up the names of almost every person in the state that answered YES to question 41 on their medical form. That would have taken months and thousands of man hours to do. Now it's a query in MRBINS fraud investigations screen.
You would be surprised at the information available and the waiver of almost ANY legal safeguards to persons engaging in insurance fraud investigations, or several other "excluded" categories. And these aren't difficult to obtain exclusions like national security, etc. (which I assume have their own exclusions). Selling the info is another loop hole.
Once your info is out there, and digitized, it's over. The classic start with a small amount, have them say yes, then once you have the info, change the rules.
Any legislation should focus on what can be and can't be included in your medical files. They can ask what they want and will be told to pound sand, it's the answer they put into your records that the problem.
Think VERY HARD about this the next time someone sitting in front of a computer asks you a question, ANY question.
Slippery slope is a turn we've taken a long time ago...