The ultimate customer for privacy and integrity of medical information is the patient, who is not directly involved in choosing a system to maintain their records. In the pressure to cut costs in health care, there is a very great risk that security will be left out of the design process because the constituency for security is not directly involved. As I mentioned previously, the primary costs should be incurred at the time of system design and development. Unfortunately, market pressures dictate that products need to be rushed to market, and all development that does not help in this goal will be under pressure for cuts. This is how we end up with security getting stuck on the outside after the system has been designed, and leads to higher overall costs, less convenience, and less security.