The incremental adoption of electronic media in U.S. health care has created increased risk of security and privacy violations in provider organizations. Protective regulatory efforts have been proposed to address ineffective security of patient information, with severe noncompliance penalties. Using data from a nationwide survey of health information managers, this study examines how industry-wide knowledge management trends may influence the degree of security program adoption in health-care organizations. Results suggest that significant nonadoption of mandated security measures continues to occur across the health-care industry. Paper-based systems still prevail, and computerized settings tend to have less security measures. Implications for document management and knowledge policy are discussed.