"The vast majority of hospital systems have no way to keep staff out," she said. "Hospitals have very, very poor access control. But we do have the technology available to fix this."

Peel says "smart" technologies, such as role-based access control, and independent consent management tools can be used to better determine who should and shouldn't have access to a patient's medical records.

Spears would have had to sign a consent form for treatment, said Peel, the assumption being that the treatment is safe and private, but she would not have to give informed consent for anyone to look at her medical records.

Peel says hospital technology systems are built to make the process easy for end-users, but not with the patient in mind.

"You don't know who on your treatment team has access to your records, and this is in stark contrast to paper records, charts where they had to have your consent to see it and there was only one copy, " Peel said. "There (are) vast differences in vulnerabilities, and we need to get it right before we go any further. We have to make them ready for prime time."

Peel said smart technologies need to be teamed up with smart laws to keep patients' medical records private.

"Congress has to fix this mess," she said.

In February the Trust Act Bill, which is intended to give hospital patients control of their health privacy, was introduced to the House by Reps. Edward Markey (D-Mass.), Rahm Emanuel (D-Ill.) and Lois Capps (D-Calif.).