Is the healthcare field really this bad?

So i was in a conversation with an IT director for a private cancer center (mid size) and he was telling me that the organization finally got email encryption. That they were looking at getting a more secure way of logging into computers (multiple staff using same username and password) like token based. He went on and on about all of the things he had planned to do and it made me wonder......
......for an organization dealing with HIPPA etc... how in the hell could they be so far from compliance and still be running a very very sucessful clinic.
I was giving him ideas on how to secure various parts of the operation but it kinda scared me that the healthcare field treated patients info in such an unsecure manner
......for an organization dealing with HIPPA etc... how in the hell could they be so far from compliance and still be running a very very sucessful clinic.
I was giving him ideas on how to secure various parts of the operation but it kinda scared me that the healthcare field treated patients info in such an unsecure manner
Comments
They are not all like this, but a majority are. Most do not even know what type of regulatory compliance laws they are required to follow. This is mostly the result of poor IT governance from the top. In smaller shops the resources available to focus on IT governance and regulatory compliance are usually non-existent, and the only thing that causes anything to be done about it is some sort of data security breach. On the flip side there are some places that have things tightened up like a fortress, but still end up being compromised (VA comes to mind).
M.S. - Cybersecurity and Information Assurance
B.S: IT - Network Design & Management