All data is subject to a breach. The best that we can hope for is to minimize the extent and damage. The current fractured, compartmentalized structure of health care works wonderfully for this. If one area is compromised, you are limited to the victims in that area. If we go to a state or national system of information, it only takes one breach to threaten everyone.
I have my doubts existing health information management structures are sufficient to protect patient privacy. I believe there is a lot of human error in this field and people need to better understand the seriousness of their jobs. I believe people in the health care industry fail to understand the importance of privacy and they lack training on it.
Most health information management structures are patchwork crazy quilts of different uncoordinated products, each with its own limitations. So caled "legacy" systems were implemented long before current law, and need manual oversight. But patient privacy can leak out through a thousand different pores of the health care systems' body. A comprehensive solution is required. The vendors claim to have one (to sell, of course). But they don't.
No, they're not sufficient in protecthing the privacy of patients because they're outdated. They're either on paper (terrible) or they're on a system that hasn't been updated in a decade. The only way that luck out is that no one cares enough to know the diseases that everyone on the Earth has. It's time for a new system though.