In high school and college I worked as a pharmaceutical technician.  We entered every prescription in our new computer, but we still listed each prescription on a simple ledger sheet, too. In some cases, that information went back over 50 years. It was easy to see from looking at the record if anything was potentially amiss with a new prescription. We haven't progressed very far when that still seems to be the best method of archiving medical information. It's incredibly telling when only 17% of doctors utilize computers in their practice. No wonder that a visit to the same facility 18 months apart won't stop you from having to provide your entire medical history all over again. And just try avoiding a fresh set of x-rays when you switch dentists. Long story short, there is a definite, urgent need for upgrading our medical systems to be both more cost-effective and to provide better overall health care.  But while doing that, security needs to be baked in, not brushed on, as the expression goes. Right now, there is still no good answer as to how you allow access to the most sensitive of data while also preventing unauthorized intrusion. Congress has yet to answer that. PCI hasn't stopped credit card information data breaches, and it's highly doubtful that HIPAA will prevent security issues from arising when this new method of medical record storage is implemented. Regardless, with a massive implementation like this on the horizon, security professionals can at least feel good about one form of security...what they have in their jobs.