I am not putting down/trashing anyone's security, but IMHO a reasonable goal is to protect against improper disclosure of patient data using "reasonable measures."
Can the CIA hack into my data? Probably. Could a determined thief assisted by a team of East European computer geeks crack my code? Yep, if any of these groups were interested enough.
But in all likelihood the data is safe from the more likely threats, such as a nosey employee, cleaning lady, or patient; or the casual computer snatcher. And I recently discovered that Indiana has the most stringent, most penal law regarding protection of electronic patient data out of all 50 states--yet I would meet their criteria.
Everything uses basic encryption (AES etc etc) and the computer is bolted down VERY firmly. I have good locks on my door and video surveillance.
