The legislative agenda of the U. S. Congress with respect to the EHR remains to be determined. The Privacy/Confidentiality Regulations established by DHHS for the HIPAA issues leave a number issues unresolved. One issue in particular is that of a “Universal Patient Identifier” that would uniquely identify an individual patient and enable potential linkage of fragmented entries in individual health enterprises for use by practitioners in being able to view a “Longitudinal Health Record” over time and distance when trying to assess an individual’s personal health conditions. The legislative agenda must resolve the technology-independent constraints on who may know what external information beyond the enterprise’s EHR record of care delivered to an individual. Legislation would leave to voluntary consensus standards activities alternative ways to document how these constraints will be realized in practice using carefully engineered components in enterprise health information architectures. These components can then be validated and their behavior in individual system architectures verified using testing and other controls within the Life Cycle management of that individual architecture needed to produce the defined result. Congress, however has not yet addressed this step and has specifically forbade within HIPAA definition of a UPI until it acts.