• Wireless access points in hospitals - How many of you measure your time in the waiting room by the number of IVs you collect? Raise your hand.

• Health care professionals - NOT security professionals (would a hacker know how to remove a gall bladder?)

• Government regulations issued without a thought about consequences or increased cost (The American recovery and Reinvestment Act (ARRA) of 2009 authorizes the Centers for Medicare and Medicaid Services (CMS) to provide incentive payments to eligible Medicare and Medicaid health care professionals and hospitals, to encourage the adoption and meaningful use of certified electronic health record (EHR) technology. - src: CMS dot gov) Where is the incentive payment for security?

Hopefully, there will be some administrators who hope that by thinking about the concept of security, that can be a differentiation - but where's the incentive for that?  Hope and pray hackers can't find your Windows 2000 servers?  How many doctors are taking time away from patients trying to learn the new whizzbang custom programs on tablets?  Any secure code review on those things?  Not in my area.  If the form works, then what's the problem?