Securing the Hipaa Security Rule

Journal of Internet Law, Spring 2007

Case Legal Studies Research Paper No. 06-26

18 Pages Posted: 26 Dec 2006

See all articles by Sharona Hoffman

Sharona Hoffman

Case Western Reserve University School of Law

Andy Podgurski

Case Western Reserve University


Both patients and health care providers have much to gain from the electronic processing of health data. Its advantages include speed, efficiency, and flexibility of information processing, which can result in long-term cost savings and improved patient outcomes. Unfortunately, many of the positive attributes of medical record computerization enable the operation of a market in illicitly-obtained private health information. The Internet provides a nearly ideal channel for trafficking in health information because it allows data to be transmitted anywhere in the world quickly, inexpensively, and with relatively little risk of detection.

The threat to data security associated with the electronic storage and transmission of health information is serious enough that it has merited regulatory intervention, which came in the form of the HIPAA Security Rule, promulgated as part of the HIPAA Privacy Rule on April 20, 2005. Based on a close reading of the Security Rule and on empirical evidence, we argue that the Rule has thus far fallen far short of fulfilling its goal of safeguarding the security of electronic health information. This article briefly describes the provisions of the Security Rule and then offers a critique of it. It details the Rule's major shortcomings, emphasizing the many ways in which it fails to provide meaningful compliance guidance to covered entities. The article also develops recommendations for revisions to the Rule, focusing on a proposed "best practices" standard.

Keywords: HIPAA, HIPAA Security Rule, Health Data, Data Security, Internet, Health Privacy

JEL Classification: K23, K32

Suggested Citation

Hoffman, Sharona and Podgurski, Andy, Securing the Hipaa Security Rule. Journal of Internet Law, Spring 2007, Case Legal Studies Research Paper No. 06-26, Available at SSRN:

Sharona Hoffman (Contact Author)

Case Western Reserve University School of Law ( email )

11075 East Boulevard
Cleveland, OH 44106-7148
United States
216-368-3860 (Phone)


Andy Podgurski

Case Western Reserve University ( email )

10900 Euclid Ave.
Cleveland, OH 44106
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics