This question was posted on a doctor's blog who insisted that not only should we stay on paper but that they themselves would never use a universal EHR because of privacy. That is one approach, and there are times when paper items are still very applicable (e.g. psychotherapy processing notes).
But given that your very identity is held in massive server files protected by the government and other commercial interests, including health care companies, having a universal health record wouldn't be terrible or impossible to make safe and secure. I envision a two-tiered system that requires provider credentials and biometrics.
The top tier would be relatively straightforward information: medications, allergies, diagnoses, providers, demographic info, power of attorney/custody, past surgeries, family history, educational history, and some social history. To get into the bottom tier of sensitive social information, sexual history, medical history, exam findings, and provider assessments/plans would require specific action on the part of the provider and patient.
For instance, if you went to the doctor, the provider would have to put in their credentials, and the patient would have to put in biometric data (hand print, palm print, retinal scan) for the bottom tier to be unlocked. This gives patients security that they are the ones in charge of their medical records, and it allows providers security knowing that records they input are only accessed when a provider can be present to discuss what's there (instead of the patient resorting only to Dr. Google).
HIPAA would still be in effect for anyone accessing data that shouldn't or trying to extract data that they shouldn't. But each file would then be easily reviewable for the state's general health fund so that reimbursement won't be an issue. Lastly, it cuts down on all redundancy because all necessary caregivers would be able to view the info that they need.