I now work on the IT side of Big Pharma, and let me tell you, people around here are scared poopless about keeping PII under wraps. Our test data is scrambled and sanitized like you wouldn’t believe, and I see radical system changes get made just to keep the transmission of PII over unsecured networks (Internet, mainly) to an absolute minimum.
There’s always a danger, especially with so much offshoring, but healthcare companies do take this seriously. They’ve got to. If they let PII slip out, they know the size of the crapstorm that’s going to result and the financial hit they will take from the lawsuits.
}:-)4
the report (IMHO) seems to imply the IT side of security is pretty strong. Where the problem seems to be is keeping information available to health care workers as needed and still protecting it once it has been retrieved and out of IT control system controls.