A tale of two standards: strengthening HIPAA security regulations using the PCI-DSS

This paper both illustrates the inadequacy of current Health Insurance Portability and Accountability Act (HIPAA) regulations in protecting health-care information and proposes a more cohesive strategy to protect such information based on the organizational model that undergirds the Payment Card Industry Data Security Standards (PCI-DSS). The evidence indicates that the industry consortium model used to develop the PCI-DSS works rapidly and effectively. The success of these standards suggests that their strengths provide a favorable base from which to develop a robust set of standards to enhance information security within health care. A national organization consisting of industry representatives that is devoted to creating a more comprehensive and less vague set of security standards is required to protect health- care information more effectively than is possible under the current HIPAA approach.