Please use this identifier to cite or link to this item: http://hdl.handle.net/1783.1/5829

Health Insurance Portability and Accountability Act (HIPAA)-compliant privacy access control model for Web services

Authors Cheng, Sin Ying
Issue Date 2006
Summary The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA rules create American national standards for protecting individuals' health information and privacy. In this thesis, we present a privacy access control model based on the Role-Based Access Control (RBAC). The model is extended with four privacy related entities, namely purposes, recipients, obligations, and retentions. The HIPAA privacy rules are embedded into the model as constraints. Then, we present a vocabulary independent Web services privacy framework in a layered architecture for supporting healthcare applications. For illustration, we adopt the eXtensible Access Control Markup Language (XACML) as a language in expressing privacy rules, and demonstrate the feasibility of the privacy access control model in the framework. Finally, we conclude the thesis with possible future work such as extending the model with privacy policy negotiations and consent management.
Note Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2006
Subjects
Language English
Format Thesis
Access
Files in this item:
File Description Size Format
th_redirect.html 345 B HTML