‘Tis the season for studies and surveys on the “state of IT security” in healthcare. I had the opportunity to attend a webinar today where one of the presenters referenced this year’s PriceWaterhouseCoopers (PwC) study – Old data learns new tricks – that was published in September. I had not reviewed it yet, so I took some time this afternoon to do so.

The findings herein will not come as a surprise to anyone that practices in this field. As an industry, we continue to fail our patients. We continue to fail our business partners who are vital to our success and us to theirs. We are failing to protect the most important asset that we have in our mission of care – the data to which we are entrusted. The data we rely upon to make millions of critical care decisions each and every day.

Will this year’s finding in this study and the others, in this era of Meaningful Use, sound a call to action that our industry will actually pay attention to? Will we use this information to build our business cases for improvement? Or, will we “spin” the data in these studies to justify our shared mediocrity? Is the “middle of the pack” really the place you can afford to be?

We have a lot of clients tell us that they don’t aspire to a best practice, cutting edge information security program but they want to meet their obligations, do the best they can with the resources they have, and have a respectable information security program. They share our belief that there is a new standard of care that is emerging for information security management in healthcare. This has become their benchmark.

The PwC study and the others published this year tell us that if you are in the “middle of the pack” you are likely not performing to this new standard of care. How are you doing?