This article from Kansas City Info Zine says it well, right in the title: Electronic Medical Records Have Potential for Misuse---
Advocates of Electronic Health Records say the system will have the tightest possible security. But recent large-scale thefts of credit card and banking information have shown that all databases, even those with state-of-the-art security protections, can be compromised. Electronic medical records systems now in operation have already sprung some serious security leaks. In 2003, a medical transcriptionist in Pakistan threatened to post patient records from the University of California San Francisco's Medical Center on the Internet unless she was paid for her work for a transcription service company hired by the university. The dispute was resolved but meanwhile patients had no idea their records were being sent overseas. In another breach, two computers that held a disc containing the confidential records of close to 200,000 patients of a medical group in San Jose, California, were posted for sale on Craigslist.org. The FBI recovered the information and the medical group informed current and former patients of the theft.The full report on electronic medical records appears in the March 2006 issue of Consumer Reports which goes on sale February 7, 2006 wherever magazines are sold. The investigation will be available online to subscribers of ConsumerReports.org at www.ConsumerReports.org.
We need to be paying attention to this. HIPAA already has a reputation as a clumsy, intricate, annoying, but toothless tiger. If all of that compliance work that we have all struggled to accomplish can be simply bypassed through idiocy, poor implimentation, or loopholes that allow abuse, then shame on us for letting it happen.