People have significant privacy concerns about putting their medical records online. Those concerns can turn into a mistrust of health IT and stymie its widespread adoption. CDT believes there is a need to build on the privacy rules already found in HIPAA and create new protections leading to a comprehensive privacy and security policy framework for the evolving e-health environment. However, persistent myths about HIPAA’s privacy provisions slow efforts to move forward with workable policy solutions. CDT’s "HIPAA and Health Privacy: Myths and Facts-Part II" paper debunks some of the most common myths, clearing the way for more productive discussions about the policies needed to build the public’s trust in health IT.