At this year's show, you'll find no shortage of clinical data technology vendors who assure you that their security protections are impenetrable. And you'll be able to attend any number of sessions (see Datebook, below) in which IT leaders share how they security-proofed their particular institution's systems. This is all well and good. The thing is, vendor promises usually have a lot of "yes, but"s in them, and case studies only give you a snapshot of how one provider's processes and technology changed. That's the trouble with security; it's easy to brag about but tough to implement right for your unique needs.
You'll certainly find the traditional infosec options on display at HiMSS, such as network access controls and access management solutions. Still, the number of consultants on hand to pitch their security management and integration services seems to outweigh the number of security technology vendors by a considerable margin. For the foreseeable future, that's just how it's likely to be, at least until key clinical data elements like EMRs standardize a bit more. Everyone's going to need custom work, so they're going to flourish.
What you're not likely to find at the show, meanwhile, is the major brand names in the security industry. Maybe the next thing to do, after the show, is to get in the face of traditional giants and make them understand your needs. Don't let them tell you healthcare is just like banking or military security or the like; after all, you know better. Those industries have tough security issues to crack, but they just aren't providers. In the mean time, it's worth giving some props to the security vendors who do show up and try to understand the industry.