Your “deidentified” electronic health record data can flow to outside parties—having some benefits, but many times not. In a New England Journal of Medicine perspective piece, Dr. Eric Peraskslis along with Dr. Kenneth Mandl say to protect patient privacy we need more best practices and legal and regulatory oversight.