This is the time for a mandate
The government needs to specify a format for EHR and require that it be used by all medical providers/insurers nationwide. (The VA probably already has a good handle on this.)
As for the medical data itself, it should be the property of the patient, stored on a thumbdrive carried by same. If treatment requires that data be shared with another physician, only the required data should be shared, and only after the patient is advised and signs a one-time authorization. All data should be encrypted. Data required for epidemiological analysis should be stripped of potential personally identifiable information until all that remains is "male, 65, 67", 238 pounds, non-smoker" or whatever else is required.
Yes, it will cost money, but the need for privacy of medical records justifies the expense.
