However, when researchers probed further, asking questions such as whether the executive had reviewed the corporate security policy in the past year and whether, if the company had a recent breach, the cause was understood, just 13 percent actually qualified as frontrunners.

At Austin Recovery, one concern was that former employees, friends, family or other outsiders could get into the center through unwatched, unlocked doors or by printing fake name tags. They could interact with vulnerable residents or bring contraband inside, Ross says. In the past, for example, employees had stolen detoxification medications a few times, he says.

Sometimes 12-step volunteers who weren't cleared to see residents would enter the facility anyway. Angry men have also tried to get in to find their wives or girlfriends in treatment, potentially jeopardizing the safety of other patients, he says.

Now the new system protects better. Without the right credentials programmed into their badges, employees cannot print, copy or fax information. This helps cut down on the risks of not complying with certain HIPPA regulations. "We have a log of everyone who prints and what they print," Ross says.