This means that Provider Organizations are just now talking about it. It will be slightly better next year, not because they are not changing, well some will be changing, but rather because it takes quite a bit of effort to make changes to a system that is not secure by design. (see #2 on my Three Security Concerns for 2010). The pressure needs to be kept up month after month (I also note three new breach notifications in healthcare just last week).
This article acts surprised that Healthcare Organizations are reactive and not proactive... This is because they have not had to be proactive, and lacking a motivation they will not be proactive:
EMR Data Theft BoomingAnd this one finds 'mixed results'. The story they weave is that Provider Organizations say they are compliant, but yet breaches are up. Not very useful.
Fraud resulting from exposure of electronic medical records has risen from 3% in 2008 to 7% in 2009, a 112% increase, researcher says. More
Health care professionals rated their organizations high for compliance with health IT regulations, but reports of data breaches in the past year were up from two years ago, according to a new biannual report released Monday, Health Data Management reports. MoreIt is true what they say: Lies, damned lies, and statistics. Yes we must get better, but we will get better by using Risk Assessment to apply reasonable controls against real risks. See my advise for Meaningful Use - Security Plan