An Overview of the HIPAA-Compliant Privacy Access Control Model

View Sample PDF

Author(s): Vivying S.Y. Cheng (Hong Kong University of Science and Technology, Hong Kong)and Patrick Hung (University of Ontario Institute of Technology (UOIT), Canada)
Copyright: 2008
Pages: 28
Source title: Healthcare Information Systems and Informatics: Research and Practices
Source Author(s)/Editor(s): Joseph Tan (McMaster University, Canada)
DOI: 10.4018/978-1-59904-690-7.ch003

Keywords: Health Information Systems / Medical Information Science Reference / Medicine & Healthcare

Purchase

View An Overview of the HIPAA-Compliant Privacy Access Control Model on the publisher's website for pricing and purchasing information.

Abstract

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of rules to be followed by health plans, doctors, hospitals and other healthcare providers in the United States of America. HIPAA privacy rules create national standards to protect individuals’ health information; it is therefore necessary to create standardized solutions to tackle the various privacy issues. This chapter focuses on the e-healthcare privacy issues based on a prior extension of role-based access control (RBAC) model. We review an access control enforcement model in Web services for tackling HIPAA privacy rules and protecting personal health information (PHI) called the Privacy Access Control Model. First, we discuss related backgrounds of, and privacy requirements in the HIPAA legislation. Next, four privacy-related entities (purposes, recipients, obligations, and retentions) are incorporated into the core RBAC model. The HIPAA rules are then embedded into the extended RBAC model as constraints. Then, we present a vocabulary-independent Web services privacy framework in a layered architecture for supporting healthcare applications.

The IRMA Community

Research IRM

An Overview of the HIPAA-Compliant Privacy Access Control Model

Purchase

Abstract

Related Content

IRMA Sponsors