When you go to a new doctor, you probably don't pay much attention to the document you are required to read and sign that discloses how information about your condition and treatment is shared with others. And even if you did study the form, called a "Notice of Privacy Practices," you might still have no idea who has access to your medical records and how their contents can be used.

Don't feel bad. Despite committing millions of dollars over the past three years to set up an electronic "health information exchange" in Vermont, state policymakers are far from understanding how to control the spread of sensitive patient information in the digital age.

In an effort to figure it out, an advisory group of attorneys, consumer advocates and health professionals has begun meeting to discuss how information should be shared electronically among physicians and insurers. Burlington attorney Anne Cramer, a member of the group, said the discussions are a response to concerns by the American Civil Liberties Union and other consumer groups that the state's long-range plan for the exchange lacks detailed privacy provisions.

"I call this step two of [the exchange]," Cramer said. "The work we've been involved in is focused on specific areas, like patient-consent language. All users of the system need to be playing by the same legal rules."

Vermont's health-information exchange is being developed by the Vermont Information Technology Leaders, or VITL, a private nonprofit, and will be funded largely through fees on claims paid by Vermont health insurers. The legislature created the fund this year, with the goal of raising $32 million by 2015.

VITL's role is to "host" a statewide, interconnected network of hospitals and physicians, all of whom may be using different hardware and software systems. The exchange would become part of a "national health information network," conceived by the Bush administration in 2002. The goal is to digitally link the health information in the files of, say, a dentist in Duluth with those maintained by a heart surgeon in Miami. Conceivably, any doctor or insurance provider would have access to myriad databases set up and maintained by regional networks like VITL, which has already launched a pilot project to help five primary-care practices in Vermont set up an electronic records system. VITL has contracted with GE Healthcare to build out the network to encompass half of the state's 634 primary-care physicians by 2011.

Consumer advocates raised concerns over patient privacy earlier this year, during the state's review of Fletcher Allen Health Care's plan to build an electronic records system for its network, which encompasses roughly half the doctors in Vermont. Allen Gilbert, of the ACLU of Vermont, argued that VITL's promise to adhere to privacy "standards and principles" instead of proposing specific protocols for exchange users, left patient data at risk of being shared in potentially harmful ways.

"When the ACLU does polling on privacy," Gilbert said in an interview, "one of the most important areas for folks is medical privacy. It's because you can really get screwed if your medical information gets in the wrong hands. It's because an insurance company now has a reason to deny you coverage. Or it could be because an employer decides not to take you on because you're going to have high medical bills."

Steve Larose, VITL's communications director, said VITL is "going to great lengths" to ensure the confidentiality of electronic health information. That includes convening Cramer's advisory group and requiring the highest security standards from the certified vendors who will build the exchange's hardware and software systems.

But, peruse the archives of any major newspaper and you'll find dozens of reports on how electronic health information has ended up in the public domain. According to the Health Privacy Project at Georgetown University, patient-identifiable records can be exposed without the patient's knowledge, as in the case of a woman whose complete medical history ended up on the Internet after she had an abortion.

Records are also vulnerable to security lapses such as the recent theft of a computer containing the private data of 2500 patients taking part in a clinical trial. And then there is human error: In a case at the University of Montana, 400 pages of detailed psychological records, including patient names and diagnoses, were accidentally posted on the Internet for eight days.

Paula McCann, who helped build HMOs for government health programs before becoming an attorney in Rutland, says patient data is especially vulnerable in rural states. "In Vermont, when we need specialized care, we could be dealing with five different doctors and three different hospitals, any of which may be located outside of the state and not subject to Vermont law," McCann said.

She'll be part of an ACLU-sponsored panel in Manchester on June 26 to talk about the threat to health-care privacy. "This has always been an issue: What electronic data are you gathering? How are you using it? Who has access to it?" McCann said. "But everything has changed in the last 10 years, and we need to address different people's perceptions of privacy rights and what our expectations are when it comes to privacy."

Those questions are also at the heart of the work of VITL's advisory group. At this stage, Cramer said, the group is trying to reconcile state and federal privacy laws. The federal law, known as HIPAA - the Health Insurance Portability and Accountability Act - allows health-care providers to disclose patient information without consent for a wide range of uses unrelated to treatment and payment. For example, the marketing of new medication and procedures, or "quality review" by drug companies and medical-device manufacturers.

Vermont's Patient Privacy Statute is "somewhat more stringent" than HIPAA, Cramer said. A "fair interpretation" of the statute, she noted, is that in most cases consent is required before physicians can share patient information. However, even experts disagree over how the Vermont law should be applied in the world of electronic health records.

"This is just difficult stuff," Cramer said. "It's an area of law that has a lot of interesting balance points. But it's also an area where there isn't a lot of precedent."

Patient Privacy Rights, a national organization that educates consumers on health privacy issues, estimates that four million entities - from doctors, nurses and technicians to attorneys, accountants and software vendors - have access to personal health information, in most cases without the knowledge or consent of the patient. Deborah Peel, a Texas psychiatrist, founded and chairs Patient Privacy Rights. She contends the lack of health privacy is the greatest threat to "the usual victims - the poor, the chronically ill, the mentally ill and minorities. They already don't trust the health-care system."

Few people have as clear a view of the need for strong privacy protections than Todd Centybear, executive director of the Howard Center for Human Services. The center, which administers the state's mental-health and substance-abuse programs, is quietly exploring an electronic network that would link to the statewide exchange. Like most people in the field, Centybear is convinced electronic records will reduce the cost and improve the quality of treatment. But, he said, patients must be confident that their health data is secure if such a system has a chance of succeeding.

"If we can get to a place where everyone feels as comfortable as they can with the system, then I think it's a win-win for clients, as well as staff," Centybear said. "But if we can't do that, it's just not going to work."