A tale of two standards: strengthening HIPAA security regulations using the PCI-DSS

This paper both illustrates the inadequacy of current Health Insurance Portability and Accountability Act (HIPAA) regulations in protecting health‐care information and proposes a more cohesive strategy to protect such information based on the organizational model that undergirds the Payment Card Industry Data Security Standards (PCI‐DSS). The evidence indicates that the industry consortium model used to develop the PCI‐DSS works rapidly and effectively. The success of these standards suggests that their strengths provide a favorable base from which to develop a robust set of standards to enhance information security within health care. A national organization consisting of industry representatives that is devoted to creating a more comprehensive and less vague set of security standards is required to protect health‐care information more effectively than is possible under the current HIPAA approach.