Home Tuck Dartmouth Search Site Map Contact Us
IT Investment and HIPAA

Investment in healthcare IT, particularly electronic medical record systems (EMR), is the centerpiece of many quality and efficiency initiatives.  Yet, as one of the most regulated industries, healthcare faces significant pressures to safeguard patient information.  Enacted over ten years ago, the Health Information Portability and Accountability Act (HIPAA) continues to spark debate over patient privacy and information security.  The Center for Digital Strategies is examining the costs and benefits of IT investment in the context of HIPAA compliance.  Specifically, we have ongoing efforts to consider:


    HIPAA Compliance: An Examination of Institutional and Market Forces presented at WEIS 2009.

    Neo-Institutional View of HIPAA Compliance in Home Health Care, presented at WISP 2009 and SPIMACS 2009.

    Video: Eric Johnson on security challenges

    • The State of Current Research: Involving an exhaustive survey of literature in the health care domain focusing on a broad spectrum of issues salient to information security and privacy concerns. This literature survey identifies new research directions that may enable developing a broader research agenda on healthcare IT and security [see recent article].

    • HIPAA Compliance: Using a national level survey data, we are examining the drivers of compliance for rules governing transactions, privacy, and security. Our early findings show that for-profit hospitals are more likely to be compliant with HIPAA rules as opposed to non-profit hospitals. In addition, hospital systems considered as leaders in health IT use, are more likely to be compliant with security rules [see paper presented at WEIS].

    • Investments in IT and Performance: Building on our compliance research, this stream of work is considering the impact of IT investments on hospital operating performance, including delivery cost and quality.

    This research is supported by the Department of Homeland Security, through the Institute for Security, Technology, and Society (ISTS).

    Return to the Center's Information Security Project