With patient privacy and medical identity theft a growing concern, healthcare professionals are closely examining the risks of outsourcing electronic medical record systems to foreign companies, which are not subject to the rigorous security requirements mandated by U.S. law. Twenty percent of U.S. hospitals currently use electronic health records (EHR), but the Patient Protection and Affordable Health Care Act of 2010 requires all hospitals to switch from paper to electronic health records to remain eligible for certain federal funding. That mandate is expected to generate an estimated $50 billion in IT technology spending in the next two years, according to Forrester Research Inc. Foreign-based companies, particularly from India, are looking to win a big part of that business. According to a recent survey by the Health Information and Management Systems Society, 38 percent of U.S. hospitals reported at least one instance of medical identity theft in the past year. Those numbers are driving initiatives to make patient records more secure. And the fear is they will be less secure overseas. Key point An estimated 1.42 million Americans have been victimized by medical identity fraud at an average per person cost of $20,160. Source: Ponemon Institute David Thun is an Associate Editor at the National Notary Association.