Healthcare in the United States is going digital, which brings both tremendous opportunities and security risks. Digital healthcare brings the promise of increased quality of care, reduced errors and reduced cost and overhead in the provision of care. Yet the United States lags other countries in the use of technology in healthcare records. Fewer than 10% of hospitals and 16% of doctors use electronic health records. This is about to change.

The stimulus act (American Recovery and Reinvestment Act of 2009) contains a Title IV entitled the Health Information Technology for Economic and Clinical Health Act (HITECH Act). The government has included more than $19 billion in direct funding as well as enticements (carrot) and regulatory controls (stick) in this part of the bill. It is likely that more healthcare reforms and digitization efforts will follow both in the general budget and in specific healthcare bills in the near future. On the technology innovation and vendor side an enormous amount of money is being poured into development of technologies and standards around Electronic Health Records (EHR). There is also a high likelihood of new tax incentives pushing for the use of EHRs in the provision of care.

All of this points to an explosion of technology in healthcare and more specifically in the digitization of medical records. With increased digitization, new privacy regulations and more integration between different provider systems bring new risks and an increased burden of regulatory compliance. For security professionals in healthcare this all represents both a tremendous opportunity for skills and career development and a whole load of new responsibilities and work.

Let's face it: a lot of the privacy and security we enjoy with respect to our medical records is not just a result of the Health Insurance Portability and Accountability Act -- it is a result of the enormous inconvenience imposed by mounds of paper. You can't hijack a fax transmission as easily as a file server. You can't steal all the records in a single sweep when they're in file cabinets, not file servers. Inconvenience buys us privacy. If medical records get digitized and standardized, encoded and transmitted then all of that inconvenience goes away. If we're not careful our privacy goes with it.