Electronic medical records are the future, and the government is encouraging their adoption through the HITECH act. InfoSecurity.com has analysis of the first phase of HITECH:
Phase I implementation (2011–2014) provides a graduated series of financial incentives to physicians and hospitals. At the same time, certain information security measures must be implemented along with the expanded use of electronic health records and information exchanges.
For healthcare facilities, these security measures include implementation of access control; data integrity; emergency management; encryption of data at rest, in motion, and removable media; identity proofing; log analysis and management; and system timeout.
Healthcare organizations are advised to use an encryption algorithm that meets FIPS 197 standards or better. It's important to ask your vendor about their encryption certifications, as not all password-protected devices are truly secure.