Please use this identifier to cite or link to this item:

Health Insurance Portability and Accountability Act (HIPAA)-compliant privacy access control model for Web services

Authors Cheng, Sin Ying
Issue Date 2006
Summary The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA rules create American national standards for protecting individuals' health information and privacy. In this thesis, we present a privacy access control model based on the Role-Based Access Control (RBAC). The model is extended with four privacy related entities, namely purposes, recipients, obligations, and retentions. The HIPAA privacy rules are embedded into the model as constraints. Then, we present a vocabulary independent Web services privacy framework in a layered architecture for supporting healthcare applications. For illustration, we adopt the eXtensible Access Control Markup Language (XACML) as a language in expressing privacy rules, and demonstrate the feasibility of the privacy access control model in the framework. Finally, we conclude the thesis with possible future work such as extending the model with privacy policy negotiations and consent management.
Note Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2006
Language English
Format Thesis
Access View full-text via DOI
Files in this item:
File Description Size Format
th_redirect.html 345 B HTML
Copyrighted to the author. Reproduction is prohibited without the author’s prior written consent.