HKUST Library Institutional Repository Banner

HKUST Institutional Repository >
Computer Science and Engineering >
CSE Master Theses  >

Please use this identifier to cite or link to this item:
Title: Health Insurance Portability and Accountability Act (HIPAA)-compliant privacy access control model for Web services
Authors: Cheng, Sin Ying
Issue Date: 2006
Abstract: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA rules create American national standards for protecting individuals' health information and privacy. In this thesis, we present a privacy access control model based on the Role-Based Access Control (RBAC). The model is extended with four privacy related entities, namely purposes, recipients, obligations, and retentions. The HIPAA privacy rules are embedded into the model as constraints. Then, we present a vocabulary independent Web services privacy framework in a layered architecture for supporting healthcare applications. For illustration, we adopt the eXtensible Access Control Markup Language (XACML) as a language in expressing privacy rules, and demonstrate the feasibility of the privacy access control model in the framework. Finally, we conclude the thesis with possible future work such as extending the model with privacy policy negotiations and consent management.
Description: Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2006
xiii, 105 leaves : ill. ; 30 cm
HKUST Call Number: Thesis COMP 2006 ChengS
Appears in Collections:CSE Master Theses

Files in This Item:

File Description SizeFormat

All items in this Repository are protected by copyright, with all rights reserved.