Regarding "Audit reports hit HHS on digital security":
I don't want to second-guess my government's organization decisions, but there does seem to be a tenuous link between vigilance against discrimination and unauthorized patient record access. And the nuclear attack on the ONC and meaningful use does seem out of proportion with the dangers. The very basis for national standards for the storage and transfer of patient information, even with the Health IT Standards Panel's work, has been to first identify, authenticate and protect before allowing the transmission of data—everything about a patient has to be inside of that envelope.
We've been rapidly (and effectively) playing catch-up on the electronic health-records front with the goal of improving patient care while lowering costs. Yes, I understand that the mining of my health records could somehow damage me, possibly economically, but when I'm lying on that gurney in the emergency room, I want that doctor a state away to have my images within 30 seconds, know what medicines I took this morning, and that I'm allergic to the anesthetic she's about to give me. If I survive, I'll worry if an "obsolete and vulnerable encryption protocol" was used to give a janitor access to my chest X-ray.