A story in Sunday's NY Times discusses electronic health records and the potential costs. Most of the article focuses on the potential disruption better and more accessible patient information would have in the pharmaceutical industry.
Something the article doesn't cover is the disconnect between small business IT as represented by the computer systems in most doctor's offices and the need for world class privacy and interoperability.
Most doctors will turn to companies like General Electric, IBM, Microsoft, and other specialized companies in the healthcare IT space to provide the systems they need. This will largely take the problems of interoperability out of their hands. But outsourced health care systems can't make the computer at the reception desk running Windows 98 more secure.
For that to happen, most physicians will have to outsource the management of their PCs as well. (Disclaimer: I'm on the board of a company providing managed services to physicians, Direct Pointe.) Managing desktops, networks, and servers isn't sexy, but it's the foundation for using IT for any strategic purpose (like better or cheaper health care).
The problem isn't that solutions to managing PCs don't exist. They do, of course. The problem is that small business owners don't think about IT, don't want to think about IT, and aren't big enough to hire a CIO to worry about it for them. So, while managed services exist, most don't even know they need them.
HIPAA and electronic health records are going to force physicians into managed IT infrastructure. I suspect most other small businesses will continue to limp along. In the meantime, recognize that the privacy of your health data is no stronger than the information security of the PCs in your doctor's office. Scary thought.