(no title)

1) I have never seen a health care organization ANYWHERE where the physicians determine the IT policy (including and especially the IT security policy).

2) Universally, healthcare organizations use the bloated garbage that gets passed off as EMRs and affiliated garbage software. None of this is up to physicians. It's up to the administrative and bureaucratic parasites that have infested healthcare at every level and based largely (I assume) on crony relationships, because it's certainly not based on competence.

3)Healthcare IT is the most abysmal software anyone anywhere has ever devised to perform any task. Systems like EPIC are bloated, barely functional trash that systems have wasted billions of dollars on. The various components of departmental IT do not co-ordinate with one another, crash on a daily basis, are not fit for purpose and would embarrass engineers in any other industry.

It comes as no surprise that security for these systems is piss-poor, just like everything else about these systems. Blaming doctors for this administrative mess, whilst not unexpected, is disingenuous at best (of course this is what healthcare administration excel at - making a mess and blaming physicians).