This article, based on a Ponemon Institute survey, fairly summarizes what many of us know through anecdotal evidence to be the state of privacy & security within the healthcare industry. Simply put, it remains dismal, almost five years after the HITECH Act.
Part of the reason is cultural. Healthcare has been, and remains, the most insular and myopic industry in the U.S., bar none. Based on a million and one false assumptions, the culture within healthcare has been "we are SO different than everyone else" and therefore the same rules don't apply. Those illusions (and delusions) are in the process of being significantly disrupted. However old ways of thinking die hard!
I once had a Chief Medical
Officer of a major hospital tell me that
he would rather retire and move to
Mexico than comply with the HITECH
Act...
We may literally have to wait for a generation of old docs (mostly men) to retire before we see real progress in healthcare, and not just regarding privacy & security. All the change that the healthcare industry is currently struggling with is destroying the "world view" of a generation that refuses to believe this kind of disruption is possible. Change is hard for everyone, BUT for a few that were once so privileged it may be devastating, and just too much to handle.