I now work on the IT side of Big Pharma, and let me tell you, people around here are scared poopless about keeping PII under wraps. Our test data is scrambled and sanitized like you wouldn’t believe, and I see radical system changes get made just to keep the transmission of PII over unsecured networks (Internet, mainly) to an absolute minimum.
There’s always a danger, especially with so much offshoring, but healthcare companies do take this seriously. They’ve got to. If they let PII slip out, they know the size of the crapstorm that’s going to result and the financial hit they will take from the lawsuits.
}:-)4