The Bush administration surprised many by the approval without major revisions of the Clinton administration's HHS medical records regulations, despite heavy lobbying from the health industry. Though these "privacy rules" are supposed to protect patient confidentiality, what has gone unmentioned are the regulations' major lapses that breach informed consent and confidentiality. Recently issued "clarifications" of the regulations reveal that they do not prevent unconsented access to sensitive medical information by marketers, health plans, health care clearinghouses, and law enforcement. These problems with the regulations constitute a serious breach of patient privacy, endangering the doctor-patient relationship and potentially driving up health care costs, and need to be addressed.