The Obama administration will spend more than $2 billion to stimulate the adoption of electronic medical records technologies. Solution providers see the president's emphasis on health care reform as a boon for their businesses, since it means everyone from large hospitals and insurers to local physical practices and pharmacies will have to invest in new software, hardware and services to digitize their records.

Nearly every solution provider I talk to understands implicitly that security is paramount when going electronic with medical records. Yet, despite the new government requirements to disclose security breaches of medical records and the attention given to recent high-profile health care data breaches, the vast majority of health care organizations do not consider data security a priority.

A new report by the Ponemon Institute found that 70 percent of health care organizations do not see data security and privacy as a top priority. More than six in 10 of those surveyed say they do not have the resources to ensure data privacy and security. And more than one-half say they do not have the policies and procedures, and do not take appropriate steps to safeguard medical records.

The report drips with irony, since there is ample evidence of the risk to medical records by malware and hackers. Four out of five of those surveyed say that they've experienced at least one data security breach, of which 42 percent have had two or more security incidents. And two-thirds of the health care organizations said that these incidents and attacks were directed squarely at databases containing medical records and personal identifying information.

On average, the cost of remediating a compromised health care record is $211. If you apply that cost to the recently disclosed breach of 160,000 records in a University of North Carolina mammogram study, the remediation cost would be nearly $34 million. Numbers like this are hard to believe, since previous record remediation estimates by the Ponemon Institute placed the cost of the TJX breach at $18 billion; the actual cost was somewhere between $250 million and $300 million. But even if you use an average of $3 per record, the UNC breach would still cost $480,000.

Considering that more than one-half of the survey participants say that their security systems are either somewhat or not effective, health care organizations are at tremendous risk of suffering a seriously embarrassing and expensive security incident.

Solution providers that I speak with talk about the ample opportunities in the health care industry, and they rightly see security as more than a deal amplifier but a necessary component to ensuring data protection. To capitalize on opportunities in the health care market and electronic medical records, they need to come up with a solid ROI equation to demonstrate the value of the systems they propose to deploy. And security is only part of that equation. Elimination of stacks of paper files, ability to collaborate with peers and expedite test orders and prescriptions, and greater payment management are the direct benefits of electronic medical records. Security is the glue that enables all that to happen with integrity and confidence.