Using encryption and multi-level (multiple) password access may delay most hackers but if there is valuable DATA (for hackers), they will crack the system and copy the data. Hackers can be really BAD. They may steal data and change/add/delete some data so that data is no longer reliable.

Common practices/security procedures restrict users' access to only relevant data necessary to provide care. The system itself always logs all accesses to data and protect the log book (or log file), so misuse or illegal access can be traced. ...

In short people who use data must be aware of data security procedures, the system mus be secured and all accesses to secured data must be accountable. Consult an IT professional.

You are right that we must protect patients' privacy; we must protect data reliability; and we must protect the security system too. Trusted Organizations like Google (mail), Microsoft (hotmail), Facebook. US Departments, ... have been hacked and data stolen,

Security of G2K members' personal data is unclear -- the best security policy: no one knows ;-)