Institutions which value their customer’s privacy should only use free software for their day to day business and record keeping. The rapacious behavior of banks, insurance companies and marketing firms has received a great deal of attention, and sane countries are making data privacy laws but the issue of non free software is seldom raised. Medical records are a particularly sensitive area where morals and ethics should trump profit. Ethical medical practitioners know that the records they create belong to the patient and that those records must be guarded and only surrendered to the patient or other health care professionals serving the patient. Bankers, insurance companies and other companies should be forced by law to abide by similar rules but no one can actually comply if they use propitiatory software which hides operations from users.
The US is in the midst of an insurance industry push towards electronic medical records. Tax breaks and other incentives have been offered to doctors who make the move to electronic records keeping. This will be good if adequate protections are in place.
The privacy of electronic records is supposed to be protected by the Health Insurance Portability and Accountability Act of 1996, but there are obvious and gaping problems. Frequently raised concerns include nosy clerks especially at satellite institutions like pharmacies, unauthorized remote intrusion, court orders and a lack of action by regulators who take complaints. Mostly overlooked is the fact that software owners like Microsoft will have unfettered access to any medical record that any Windows system has access to. Google recently proved that Microsoft was spying on ordinary users, so the threat is no longer a theoretical matter of the company exercising the broad rights to snoop they gave themselves in their EULAs a decade ago  with or without your permission.
Every business and government office that uses non free software should realize this threat and end it by migrating to free software. Moving to free software won’t protect institutions from malicious clerks and other commonly mentioned problems but it is the only solution to unauthorized access to records by software owners. That access and power is at the heart of the bad deal propitiatory software has always offered but is exposed in an ugly way when all of our records are electronic and computers must be on a network to be considered useful.
Businesses that do not move out of customer and self interest should be forced by law. Customers and citizens concerned about their privacy should be protected. Because no such privacy can be guaranteed by propitiatory software, no propitiatory software should be allowed to operate on customer business records. Only software with the four software freedoms should be allowed.