Technology is radically altering the patient privacy landscape. For centuries, the physical nature of medical records limited accessibility to generally one location, restricted transfer, limited the impact of privacy breaches, and made the large scale aggregation and study of medical data impractical.Health information technology (HIT) has none of these limitations. Electronic health records offer the promise of better care and higher efficiency since they can be accessed in multiple locations, instantly transferred, and efficiently aggregated and mined for research. But this digital “liquidity” also threatens patient privacy. Electronic records may be more vulnerable to staff or subcontractor carelessness or misconduct and once a breach has occurred it may be impossible to undo the transfer or distribution of the information. Furthermore, legal remedies for privacy breaches are often of limited value since litigation is costly and generally requires a showing of financial damages. To highlight some of the ethical challenges associated with patient privacy, this paper examines four contested issues involving privacy and emerging health information technologies: Do informed consent and privacy policies related to HIT adequately protect the patient? Who owns and controls the electronic health record of the patient? Can patients be effectively protected from the unique privacy vulnerabilities in electronic health records? Is the large scale aggregation and mining of patient data ethically defensible?