Toward a privacy preserving HIPAA-compliant access control model for web services

Author

Alshugran, Tariq ; Dichter, Julius

Author_Institution

Univ. of Bridgeport, Bridgeport, CT, USA

fYear

2014

fDate

5-7 June 2014

Firstpage

163

Lastpage

167

Abstract

Most of the modern health-related information is collected, maintained, and accessed through computerized systems. However, the interaction with this information needs to comply with the U.S. federal regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Due to the complexity of healthcare regulations, it´s not easy to deploy a complaint system, especially for heterogeneous systems designed to allow data transfer and communication. Web services can be used to solve the problem of incompatible systems intercommunication; however, a generic model for HIPAA enforcement is required. In this paper we propose a generic HIPAA complaint privacy access control model for web services that can be easily applied to any existing covered entity web services.

Keywords

Web services; authorisation; data privacy; health care; medical administrative data processing; HIPAA enforcement; Health Insurance Portability and Accountability Act of 1996; US federal regulations; United States; Web services; computerized systems; data communication; data transfer; health care regulations; health-related information; heterogeneous systems; privacy preserving HIPAA-compliant access control model; Access control; Data models; Data privacy; Medical services; Privacy; Web services; Access control; Data privacy; HIPAA; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Electro/Information Technology (EIT), 2014 IEEE International Conference on

Conference_Location

Milwaukee, WI

Type

conf

DOI

10.1109/EIT.2014.6871755

Filename

6871755