Impact of HIPAA provisions on the stock market value of healthcare institutions, and information security and other information technology firms

Computers and Security

Volumn 31, Issue 6, 2012, Pages 750-770

  Khansa, Lara ^a   Cook, Deborah F ^a   James, Tabitha ^a   Bruyaka, Olga ^b  

^a PAMPLIN COLLEGE OF BUSINESS   (United States)

^b VIRGINIA POLYTECHNIC INSTITUTE AND STATE UNIVERSITY   (United States)

Author keywords

Event study; Healthcare; HIPAA; Information security; Information technology

Indexed keywords

ABNORMAL MOVEMENT; ELECTRONIC HEALTHCARE; EVENT STUDIES; FINANCIAL MARKET; HEALTH INFORMATION SYSTEMS; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACTS; HEALTH-CARE INSURANCE; HEALTH-CARE SYSTEM; HEALTHCARE INSTITUTIONS; HIPAA; MARKET EFFECT; MARKET REACTIONS; POLICY ANALYSIS; PRODUCTS AND SERVICES; SECURITY AND PRIVACY; STOCK MARKET; STOCK PRICE;

COMMERCE; FINANCE; HEALTH INSURANCE; INDUSTRY; INFORMATION TECHNOLOGY; LAWS AND LEGISLATION; PROFITABILITY; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

HEALTH CARE;

EID: 84865238396     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.06.007     Document Type: Article

References (70)

1. A. Akhigbe, and A.D. Martin Valuation impact of Sarbanes-Oxley: evidence from disclosure and governance within the financial services industry Journal of Banking & Finance 30 2006 989 1006
2. F.K. Andoh-Baidoo, and K.M. Osei-Bryson Exploring the characteristics of Internet security breaches that impact the market value of breached firms Expert Systems with Applications 32 3 2007 703 725
3. F.K. Andoh-Baidoo, K. Amoako-Gyampah, and K.M. Osei-Bryson How internet security breaches harm market value IEEE Security & Privacy 8 2010 36 42
4. G. Annas HIPAA regulations - a new era of medical-record privacy The New England Journal of Medicine 348 2003 1486 1490
5. A. Appari, and M.E. Johnson Information security and privacy in healthcare: current state of research International Journal of Internet and Enterprise Management 6 4 2010 279 314
6. R. Arora, and M. Pimentel Cost of privacy: a HIPAA perspective. Privacy policy, law and technology 2005 Dec Carnegie Mellon University [cited 2012 March 6]. Available from: http://lorrie.cranor.org/courses/fa05/mpimenterichaa.pdf
7. K. Beaver, and R. Herold HIPAA cost considerations The practical guide to HIPAA privacy and security compliance 2003 Auerbach Publications Boca Raton, FL 23 33 [chapter 3]
8. J.J. Binder Measuring the effects of regulation with stock-price data Rand Journal of Economics 16 1985 167 183
9. J.J. Binder The Sherman antitrust act and the railroad cartels Journal of Law and Economics 31 2 1988 443 468
10. T.D. Breaux, A.I. Anton, and E.H. Spafford A distributed requirements management framework for legal compliance and accountability Computers & Security 28 2009 8 17
11. K. Campbell, L.A. Gordon, M.P. Loeb, and L. Zhou The economic cost of publicly announced information security breaches: empirical evidence from the stock market Journal of Computer Security 11 3 2003 431 448
12. S.D. Cannoy, and A.F. Salam A framework for health care information assurance policy and compliance Communications of the ACM 53 2010 126 131
13. H. Cavusoglu, B. Mishra, and S. Raghunathan The effect of Internet security breach announcements on market value: capital market reactions for breached firms and Internet security developers International Journal of Electronic Commerce 9 2004 69 104
14. H.H. Chen, J.K. Hu, and T.W. Hou A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations Computer Standards & Interfaces 32 2010 274 280
15. Computer Security Institute 14th annual CSI computer crime and security survey 2009 Dec [cited 2012 March 6]. Available from: http://i.cmpnet.com/v2. gocsi.com/pdf/CSISurvey09-Executive-Summary.pdf
16. G. Dhillon Principles of information systems security 2006 John Wiley & Sons New York, NY
17. S. Dynes Emergent risks in critical infrastructure M. Papa, S. Shenoi, Critical infrastructure protection II 2009 Springer 3 16
18. E.F. Fama Efficient capital markets: a review of theory and empirical work Journal of Finance 25 2 1970 383 417
19. E.F. Fama Efficient capital markets II Journal of Finance 46 5 1991 1575 1617
20. A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, and D. Chadwick How to break access control in a controlled manner Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06) 2006 847 854
21. D.S. Friedman HIPAA and research: how have the first two years gone? American Journal of Ophthalmology 141 2006 543 546
22. A. Garg, J. Curtis, and H. Halper Quantifying the financial impact of IT security breaches Information Management and Computer Security 11 2 2003 74 83
23. K.M. Gatzlaff, and K.A. McCullough An examination of the effect of data breaches on shareholder wealth Risk Management & Insurance Review 13 1 2010 61 83
24. L.O. Gostin, and S. Nass Reforming the HIPAA privacy rule: safeguarding privacy and promoting research Journal of the American Medical Association 301 13 2009 1373 1375
25. J.G. Heiser The regulation of information security Intermedia 32 2 2004 29
26. J. Horowitz, D. Mom, B. Bernstein, and K. Bell Defining key health information technology terms 2008 Department of Health and Human Services, Office of the National Coordinator for Health Information Technology
27. A. Hovav, and J. D'Arcy The impact of denial-of-service attack announcements of the market value of firms Risk Management & Insurance Review 6 2 2003 97 121
28. A. Hovav, and J. D'Arcy Capital market reaction to defective IT products: the case of computer viruses Computers & Security 24 2005 409 424
29. R.E. Hoyt Medical informatics: practical guide for the healthcare professional 3rd ed. 2009 Lulu.com
30. A.C. Johnston, and M. Warkentin Information privacy compliance in the healthcare industry: do healthcare professionals want to comply with HIPAA? Information Management & Computer Security 16 1 2008 5 19
31. K. Kannan, J. Rees, and S. Sridhar Market reactions to information security breach announcements: an empirical analysis International Journal of Electronic Commerce 12 2007 69 91
32. Khansa L. Dissecting the market dynamics of the information security sector: demand-pulled innovation and industry convergence. Ph.D. Dissertation, University of Wisconsin-Madison; 2008.
33. L. Khansa, and D. Liginlal Quantifying the benefits of investing in information security Communications of the ACM 52 2009 113 117
34. L. Khansa, and D. Liginlal Whither information security? Examining the complementarities and substitutive effects among IT and information security firms International Journal of Information Management 32 3 2012 271 281
35. Kroll Fraud Solutions 2010 HMSS analytics report: security of patient data 2010 April [cited 2012 March 6]. Available from: http://ebookbrowse.com/ 2010-kroll-himss-study-final-pdf-d54792515
36. S. Kumar, A. Henseler, and D. Haukaas HIPAA's effects on US healthcare International Journal of Health Care Quality Assurance 22 2 2009 183 197
37. J. Lamont Keeping pace with compliance KM World 16 8 2007 12 13
38. W.B. Lee, and C.D. Lee A cryptographic key management solution for HIPAA privacy/security regulations IEEE Transactions on Information Technology in Biomedicine 12 2008 34 41
39. D. Liginlal, I. Sim, and L. Khansa How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management Computers & Security 28 2009 215 228
40. D. Liginlal, I. Sim, L. Khansa, and P. Fearn HIPAA Privacy Rule compliance: an interpretive study using Norman's action theory Computers & Security 31 2012 206 220
41. A. McWilliams, and D. Siegel Event studies in management research: theoretical and empirical issues Academy of Management Journal 40 1997 626 657
42. Medical Economics Staff Feds cracking down on HIPAA violations 2011 March Medical Economics [cited 2012 March 6]. Available from: http://www. modernmedicine.com/modernmedicine/Health+Law+%26+Policy/Feds-cracking-down-on- HIPAA-violations/ArticleStandard/Article/detail/709732
43. R.T. Mercuri The HIPAA-potamus in health care data security Communications of the ACM 47 2004 25 28
44. J.H. Mulherin Measuring the costs and benefits of regulation: conceptual issues in securities markets Journal of Corporate Finance 13 2007 421 437
45. F.R. Neale, and P.P. Peterson The effect of Gramm-Leach-Bliley Act on the insurance industry Journal of Economics and Business 57 4 2005 317 338
46. R. Nosowsky, and T.J. Giordano The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research Annual Review of Medicine 57 2006 575 590
47. L. Nunn, and B.L. McGuire The high cost of HIPAA Evansville Business Journal 2005 Aug [cited 2012 March 6]. Available from: http://business.usi.edu/ news/2005/2005-08-02-ebj-Nunn-McGuire.aspx
48. J. Paton How your technology vendor can help achieve - not guarantee - HIPAA compliance Behavioral Healthcare Tomorrow 11 2002 Sr33 Sr36
49. J.F. Peterson, G.J. Kuperman, C. Shek, M. Patel, J. Avorn, and D.W. Bates Guided prescription of psychotropic medications for geriatric inpatients Archives of Internal Medicine 165 2005 802 807
50. A.M. Polinsky, and S. Shavell Handbook of law and economics vol. 2 2007 North-Holland Amsterdam
51. R.A. Prager Using stock price data to measure the effects of regulation: the Interstate Commerce Act and the railroad industry Rand Journal of Economics 20 2 1989 280 293
52. Privacy Rights Clearinghouse HIPAA basics: medical privacy in the electronic age 2011 June [cited 2012 March 6]. Available from: https://www.privacyrights.org/fs/fs8a-hipaa.htm
53. L.D. Pumphrey, K. Trimmer, and J. Beachboard Enterprise resource planning systems and HIPAA compliance Research in Healthcare Financial Management 11 10 2007 57 75
54. SANS Institute HIPAA compliance: cost-effective solutions for the technical security regulations 2001 [cited 2012 March 6]. Available from: http://www.sans.org/reading-room/whitepapers/legal/hipaa-compliance-cost- effective-solutions-technical-security-regulations-51
55. N.I.T. Saranummi Applications for pervasive, personal, and personalized health IEEE Transactions on Information Technology in Biomedicine 12 1 2008 1 4
56. K. Schipper, R. Thompson, and R.L. Weil Disentangling interrelated effects of regulatory changes on shareholder wealth: the case of motor carrier deregulation Journal of Law and Economics 30 1 1987 67 100
57. E.E. Schultz Sarbanes-Oxley - a huge boon to information security in the US Computers & Security 23 2004 353 354
58. S.H. Teoh, I. Welch, and S.P. Wazzan The effect of socially activist investment policies on the financial markets: evidence from the South African boycott Journal of Business 72 1 1999 35 89
59. B. Thomas HITECH Act driving EHR implementation and standards Internal Auditing 26 3 2011 19 22
60. US 104th Congress Health Insurance Portability and Accountability Act (HIPAA) US Public Law 104-191 1996 [cited 2012 March 6]. Available from: http://aspe.hhs.gov/admnsimp/pl104191.htm
61. US Department of Health and Human Services Standards for privacy of individually identifiable health information Federal Register 67 157 2002 53181 53273
62. US Department of Health and Human Services Rules and regulations Federal Register 68 34 2003 8334 8374
63. US Department of Health and Human Services Rules and regulations Federal Register 74 209 2009 56123 56131
64. US Department of Health and Human Services Breach notification rule Federal Register 74 163 2009 42962 42985
65. US Department of Labor The Health Insurance Portability and Accountability Act (HIPAA) 2004 Dec [cited 2012 March 6]. Available from: http://www.dol.gov/ebsa/newsroom/fshipaa.html
66. A.R. Williams, D.C. Herman, J.P. Moriarty, T.J. Beebe, S.K. Bruggeman, and E.W. Steger HIPAA costs and patient perceptions of privacy safeguards at Mayo Clinic Joint Commission on Quality and Patient Safety 34 1 2008 27 35
67. J.F. Wilson Health Insurance Portability and Accountability Act Privacy rule causes ongoing concerns among clinicians and researchers Annals of Internal Medicine 145 2006 313 316
68. H.S. Yildirim, S.A. Kwag, and M.C. Collins An examination of the equity market response to the Gramm-Leach-Bliley Act across financial service firms Journal of Business Finance & Accounting 33 9-10 2006 1629 1649
69. I.X. Zhang Economic consequences of the Sarbanes-Oxley Act of 2002 Journal of Accounting & Economics 44 2007 74 115
70. Z. Zhou, and B.J. Liu HIPAA compliant auditing system for medical images Computerized Medical Imaging and Graphics 29 2005 235 241