A Formalization of HIPAA for a Medical Messaging System

Authors:
Peifung E. Lam;John C. Mitchell;Sharada Sundaram
Affiliations:
Stanford University, Stanford;Stanford University, Stanford;Stanford University, Stanford and Tata Research Development and Design, Pune, India
Venue:
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Year:
2009

Citing 15
Cited 15

A Prolog model of the income tax act of Canada

ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
PROLOG and the law: using expert systems to perform legal analysis in the United Kingdom

Software Law Journal
Role-Based Access Control Models

Computer
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
Logic, Programming, and PROLOG

Logic, Programming, and PROLOG
Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy

RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
An XPath-based preference language for P3P

WWW '03 Proceedings of the 12th international conference on World Wide Web
On permissions, inheritance and role hierarchies

Proceedings of the 10th ACM conference on Computer and communications security
Specifying privacy policies with P3P and EPAL: lessons learned

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Inside JetBlue's Privacy Policy Violations

IEEE Security and Privacy
Enterprise privacy promises and enforcement

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Privacy and Contextual Integrity: Framework and Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
HIPAA's Effect on Web Site Privacy Policies

IEEE Security and Privacy
Privacy and Utility in Business Processes

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium

Experiences in the logical specification of the HIPAA and GLBA privacy laws

Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Privacy policies with modal logic: the dynamic turn

DEON'10 Proceedings of the 10th international conference on Deontic logic in computer science
The production rule framework: developing a canonical set of software requirements for compliance with law

Proceedings of the 1st ACM International Health Informatics Symposium
On the equivalence between the L1 action language and partial actions in transaction logic

RR'11 Proceedings of the 5th international conference on Web reasoning and rule systems
Reasoning with actions in transaction logic

RR'11 Proceedings of the 5th international conference on Web reasoning and rule systems
Policy auditing over incomplete logs: theory, implementation and applications

Proceedings of the 18th ACM conference on Computer and communications security
Declarative privacy policy: finite models and attribute-based encryption

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
An analytical solution for consent management in patient privacy preservation

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Towards HIPAA-compliant healthcare systems

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Understanding and protecting privacy: formal semantics and principled audit mechanisms

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
A dynamic logic for privacy compliance

Artificial Intelligence and Law - Special issue on Deontic Logic and Normative Systems
On XACML's adequacy to specify and to enforce HIPAA

HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
Privacy is a process, not a PET: a theory for effective privacy practice

Proceedings of the 2012 workshop on New security paradigms
Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule

Proceedings of the 18th ACM symposium on Access control models and technologies
A Web Architecture Based on Physical Data Separation Supporting Privacy Protection in Medical Research

International Journal of Reliable and Quality E-Healthcare

Quantified Score

Hi-index	0.00

Visualization

Abstract

The complexity of regulations in healthcare, financial services, and other industries makes it difficult for enterprises to design and deploy effective compliance systems. We believe that in some applications, it may be practical to support compliance by using formalized portions of applicable laws to regulate business processes that use information systems. In order to explore this possibility, we use a stratified fragment of Prolog with limited use of negation to formalize a portion of the US Health Insurance Portability and Accountability Act (HIPAA). As part of our study, we also explore the deployment of our formalization in a prototype hospital Web portal messaging system.