Who's afraid of the big, bad web-based EHR?

In his Software Advice blog (The Double Standard for Web-Based EMRs), Houston Neal argues that some physicians are unreasonably wary of using web-based electronic medical records:

Why are some physicians still fearful of web-based electronic medical records (EMRs) when most of them are comfortable using web banking and e-commerce sites?Many physicians allow all of their personal financial information to be transmitted over the Internet - including actionable credit card data - but fear using the same methods for managing their patient records.It’s not irrational to be worried about security breaches on the web. But what is the likelihood of compromising patient data through a web-based EMR? Is it a higher or lower risk than web banking or e-commerce? And who would try to hack that information anyways?

Neal suggests that the data on privacy and security violations don't support the notion that web-based EMRs are dangerous compared with traditional paper-based systems that fall into the wrong hands when they're thrown into the dumpster, faxed to the wrong party, or handed to the wrong patient. Neal advises physicians to review the 10 CCHIT criteria related to security and reliability and make sure their vendors are up to speed on them.I think Houston is about right. Web-based EHRs are really not that much of a threat to security if they're set up right.However, medical identity theft remains a big problem. I was surprised a few months ago to learn that stolen medical information is more valuable than stolen credit cards. (See Why stolen personal health information is so valuable.) I think that's because banks are quick to notice fraudulent card use and cancel cards, whereas insurance companies could take forever to notice someone's medical identity being used fraudulently. This problem would exist even without web-based EHRs, however.Thanks, Houston for an informative post.