Article doesn't explain why: All data is stored as plaintext. Including all demographic data.

Because otherwise there is no way to match patient records across our (USA) heterogenous IT systems.

The two possible technical fixes are

#1 Centralization, where every patient is issued an UUID (aka MRN, PID), their demographic data is hidden, and UUID is used to retrieve medical data (ala Translucent Databases).

#2 Individualization, where every patient "carries" around their own medical data.

We can discuss the social, cultural, bureaucratic, workflow hurdles to either of these solutions, if this thread gets traction.

FWIW, I designed and implemented 5 regional health care exchanges 2007-08.