A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules

Ahmed Al Faresi, Duminda Wijesekera, Khaled Moidu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

Health care entities publish privacy polices that are aligned with government regulations such as Health Insurance Portability and Accountability Act (HIPPA) and promise to use and disclose health data according to the stated policies. However actual practices may deliberately or unintentionally violate these policies. To ensure enforcement of such policies and ultimately HIPAA compliancy there is a need to develop an enforcement mechanism. In this paper we extend our work on IT-enforceable policies, submitted to the International Journal of Medical Informatics. The submitted work involved a detailed analysis of HIPPA privacy rules to extract object related conditions needed to make a disclosure decision. In this paper we extend this work to propose machine enforceable policies that embody HIPAA privacy disclosure rules and a health care entity access control rules. We also propose a comprehensive access/privacy control architecture that enforces the proposed polices. The architectural model is designed to allow for a dynamic configuration of policies without reconfiguring the architecture responsible for enforcement. Both the proposed policies and the architecture allow for multiple stakeholders to adjust the privacy preferences to manage the disclosure of data by adjusting the designated parameters in their respective policies. The objective of this study is to provide a comprehensive model for privacy protection, access and logging of PHI, that is HIPAA compliant.

Original languageEnglish
Title of host publicationIHI'10 - Proceedings of the 1st ACM International Health Informatics Symposium
Pages637-646
Number of pages10
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event1st ACM International Health Informatics Symposium, IHI'10 - Arlington, VA, United States
Duration: Nov 11 2010Nov 12 2010

Publication series

NameIHI'10 - Proceedings of the 1st ACM International Health Informatics Symposium

Other

Other1st ACM International Health Informatics Symposium, IHI'10
Country/TerritoryUnited States
CityArlington, VA
Period11/11/1011/12/10

Keywords

  • access control
  • ehr
  • hipaa
  • itepp
  • phi
  • privacy policy

ASJC Scopus subject areas

  • Health Informatics
  • Health Information Management

Fingerprint

Dive into the research topics of 'A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules'. Together they form a unique fingerprint.

Cite this