Network security is a practice, not a destination. Too many AC users disregard basic security practices in the name of speed, convenience, cost, etc. While it is true that data can be stolen from any system, you better make sure that it is not your system. Your patients will not be too happy if your EMR databases is stolen and now all of their private information is out in the open (whether it actually is or not is a mute point).
Especially if the attitude is "well a determined hacker can get it anyways so why bother".
"Reasonable standard" is an open ended question. I do not worry about being HIPPA compliant, I worry about being out of compliance. Since that standard is going to be determined in a court of law at some point, I certainly would not want to be that person.
I wish that we could practice medicine exclusively however that is not the case. IT security should be taught in medical school as far as I am concerned and basic competency assessed. You do not have to be a networking guru but the basics are still important. Solid understanding of basic IT security is essential. You need to hire out what you do know how to do however.
However there are situations where just using the basics can work. A home environment is fine with WPA2 and perhaps a small installation of two or three wireless clients. But just remember there are worse things than having you data stolen. A hacker could steal off of your internet access and start downloading kiddy porn. Try explaining that to your patients or the police.
At least make sure the you use the WPA2 w/ AES encryption and change the keys regularly and use very long passphases. Also I would place an internet filter on the router or through the ISP to limit porn, file sharing, facebook, etc on your network.
