While decision analysis and treatment protocols have begun to move from health insurance companies into medical settings, secure knowledge management initiatives are being driven by HIPAA (Health Insurance Portability and Accountability Act) legislation. The needs of practitioners, researchers and students require that access be granted to pertinent patient data; balancing access and compliance in an environment that embraces new technological advances is difficult. HIPAA privacy and security guidelines curtailed the enthusiasm of open access with risk analysts placing an emphasis on risk-neutral behavior. This research in progress paper uses a case-based approach to address the role of security within a teaching institution. A research plan to test knowledge security and access is formulated.