research-article

Towards HIPAA-compliant healthcare systems

Authors:

Hongxin HuAuthors Info & Claims

IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium

Pages 593 - 602

https://doi.org/10.1145/2110363.2110429

Published: 28 January 2012 Publication History

Abstract

In healthcare domain, there is a gap between healthcare systems and government regulations such as the Health Insurance Portability and Accountability Act (HIPAA). The violations of HIPAA not only may cause the disclosure of patients' sensitive information, but also can bring about tremendous economic loss and reputation damage to healthcare providers. Taking effective measures to address this gap has become a critical requirement for all healthcare entities. However, the complexity of HIPAA regulations makes it difficult to achieve this requirement. In this paper, we propose a framework to bridge such a critical gap between healthcare systems and HIPAA regulations. Our framework supports compliance-oriented analysis to determine whether a health- care system is complied with HIPAA regulations. We also describe our evaluation results to demonstrate the feasibility and effectiveness of our approach.

References

[1]

HIPAA-General Information. http://www.cms.gov/HIPAAGenInfo/.

[2]

openNLP. http://incubator.apache.org/opennlp/.

[3]

U.S. Department of Health and Human Services. Health Insurance Portability and Accountability Act (HIPAA). http://www.hhs.gov/ocr/privacy/.

[4]

G. Ahn, H. Hu, J. Lee, and Y. Meng. Representing and reasoning about web access control policies. In 2010 34th Annual IEEE Computer Software and Applications Conference, pages 137--146. IEEE, 2010.

Digital Library

[5]

E. Allman. Complying with compliance. Queue, 4(7):18--21, 2006.

Digital Library

[6]

A. H. Association. Aha hospital statistics. Health Forum LLC, 2009.

[7]

A. Barth, A. Datta, J. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In Security and Privacy, 2006 IEEE Symposium on, IEEE Computer Society, 2006.

Digital Library

[8]

A. Barth, A. Datta, J. C. Mitchell, and sharada sundaram. Privacy and utility in business processes. In Proc. of 20th IEEE Computer Security Foundations Symposium, July 2007.

Digital Library

[9]

L. Bashar, B. Nuseibeh, D. Ince, M. Jackson, and J. Moffett. Introducing abuse frames for analysing security requirements. In In Proc. of 11th IEEE International Requirements Engineering Conference (RE'03), 2003.

Digital Library

[10]

D. Basin, F. Klaedtke, and S. Müller. Monitoring security policies with metric first-order temporal logic. In Proceeding of the 15th ACM symposium on Access control models and technologies, pages 23--34. ACM, 2010.

Digital Library

[11]

E. Bertino, E. Ferrari, and A. Squicciarini. Trust negotiations: concepts, systems, and languages. Computing in Science and Engineering, pages 27--34, 2004.

Digital Library

[12]

T. Breaux and A. Antón. Analyzing regulatory rules for privacy and security requirements. IEEE transactions on software engineering, pages 5--20, 2007.

Digital Library

[13]

T. Breaux, M. Vail, and A. Antón. Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In In: Proc. of the 14th IEEE International Requirements Engineering Conference. (2006, pages 46--55. IEEE Computer Society, 2006.

Digital Library

[14]

H. DeYoung, D. Garg, D. Kaynar, and A. Datta. Logical specification of the GLBA and HIPAA privacy laws. CyLab, page 72, 2010.

[15]

N. Dinesh, A. Joshi, I. Lee, and O. Sokolsky. Reasoning about conditions and exceptions to laws in regulatory conformance checking. Deontic Logic in Computer Science, pages 110--124, 2008.

Digital Library

[16]

P. Ferraris, J. Lee, and V. Lifschitz. Stable models and circumscription. Artificial Intelligence, 2010.

Digital Library

[17]

M. Gelfond and V. Lifschitz. The stable model semantics for logic programming. In Proc. of the Fifth International Conference on Logic Programming, pages 1070--1080, 1988.

[18]

P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Modeling security requirements through ownership, permission and delegation. In In Proc. of RE'05, pages 167--176. IEEE Press, 2005.

Digital Library

[19]

T. Grandison and R. Bhatti. HIPAA Compliance and Patient Privacy Protection. Studies In Health Technology And Informatics, 160(Pt 2):884--888, 2010.

[20]

C. Haley, R. Laney, J. Moffett, and B. Nuseibeh. The effect of trust assumptions on the elaboration of security requirements. In Proc. of the 12th International Requirements Engineering Conference (RE'04). Kyoto Japan, IEEE Computer, pages 102--111. Society Press, 2004.

Digital Library

[21]

C. Haley, J. Moffett, R. Laney, and B. Nuseibeh. Arguing security: Validating security requirements using structured argumentation. In in Proc. of the Third Symposium on Requirements Engineering for Information Security (SREIS'05), co-located with the 13th International Requirements Engineering Conference RE'05, 2005.

[22]

M. Hilty, D. Basin, and E. Pretschner. On obligations. In In: Proc. ESORICS. (2005), pages 98--117, 2005.

[23]

M. Kanovich, P. Rowe, and A. Scedrov. Policy compliance in collaborative systems. In 2009 22nd IEEE Computer Security Foundations Symposium, pages 218--233. IEEE, 2009.

Digital Library

[24]

P. Kilbridge. The cost of hipaa compliance. New England Journal of Medicine, 348(15):1423--1477, 2003.

[25]

P. Lam, J. Mitchell, and S. Sundaram. A formalization of HIPAA for a medical messaging system. Trust, Privacy and Security in Digital Business, pages 73--85, 2009.

Digital Library

[26]

S. Lee, R. Gandhi, D. Muthurajan, D. Yavagal, and G. Ahn. Building problem domain ontology from security requirements in regulatory documents. In Proc. of the 2006 international workshop on Software engineering for secure systems, pages 43--50. ACM, 2006.

Digital Library

[27]

D. Lewis and K. Jones. Natural language processing for information retrieval. Communications of the ACM, 39(1):92--101, 1996.

Digital Library

[28]

V. Lifschitz. What is answer set programming. In Proc. of the AAAI Conference on Artificial Intelligence, pages 1594--1597, 2008.

Digital Library

[29]

V. Lifschitz and A. Razborov. Why are there so many loop formulas? ACM Transactions on Computational Logic (TOCL), 7(2):261--268, 2006.

Digital Library

[30]

C. Manning, H. Schutze, and MITCogNet. Foundations of statistical natural language processing, volume 59. MIT Press, 1999.

Digital Library

[31]

V. W. Marek. Stable models and an alternative logic programming paradigm. In In The Logic Programming Paradigm: a 25-Year Perspective, pages 375--398. Springer-Verlag, 1999.

[32]

J. Maxwell and A. Antón. The production rule framework: developing a canonical set of software requirements for compliance with law. In Proc. of the 1st ACM International Health Informatics Symposium, pages 629--636. ACM, 2010.

Digital Library

[33]

M. May, C. Gunter, and I. Lee. Privacy apis: Access control techniques to analyze and verify legal privacy policies. In In CSFW'06, pages 85--97. IEEE, 2006.

Digital Library

[34]

P. Otto, A. Antón, and D. Baumer. The choicepoint dilemma: How data brokers should handle the privacy of personal information. IEEE Security & Privacy, pages 15--23, 2007.

Digital Library

[35]

A. Van Lamsweerde. Elaborating security requirements by construction of intentional anti-models. 2004.

[36]

D. Xu, V. Goel, and K. Nygard. An aspect-oriented approach to security requirements analysis. In Computer Software and Applications Conference, 2006. COMPSAC'06. 30th Annual International, volume 2, pages 79--82. IEEE, 2006.

Digital Library

Cited By

Jayaraj IShanmugam BAzam SThennadil S(2024)Detecting and Localizing Wireless Spoofing Attacks on the Internet of Medical ThingsJournal of Sensor and Actuator Networks10.3390/jsan1306007213:6(72)Online publication date: 1-Nov-2024
https://doi.org/10.3390/jsan13060072
Rauniyar AHagos DJha DHåkegård JBagci URawat DVlassov V(2024)Federated Learning for Medical Applications: A Taxonomy, Current Trends, Challenges, and Future Research DirectionsIEEE Internet of Things Journal10.1109/JIOT.2023.332906111:5(7374-7398)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3329061
Abu-Tair MAli AGebresilassie SRafferty JCui Z(2024)Regulation Compliance System for IoT Environments: GDPR Compliance as a Use-CaseAdvanced Information Networking and Applications10.1007/978-3-031-57853-3_13(147-160)Online publication date: 10-Apr-2024
https://doi.org/10.1007/978-3-031-57853-3_13
Show More Cited By

Index Terms

Towards HIPAA-compliant healthcare systems
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
    2. Privacy policies

Recommendations

A comprehensive privacy-aware authorization framework founded on HIPAA privacy rules
IHI '10: Proceedings of the 1st ACM International Health Informatics Symposium

Health care entities publish privacy polices that are aligned with government regulations such as Health Insurance Portability and Accountability Act (HIPPA) and promise to use and disclose health data according to the stated policies. However actual ...
Privacy policies of personal health records: an evaluation of their effectiveness in protecting patient information
IHI '10: Proceedings of the 1st ACM International Health Informatics Symposium

In recent years, there has been growing demand by patients for access to their own health information via tools like Personal Health Records [1]. The Markle Foundation [2] defines the Personal Health Record (PHR) as an electronic application through ...
HIPAA Security Enforcement Is Here

Enforcement has been slow in coming for the administrative simplification rules under the US's Health Insurance Portability and Accountability Act (HIPAA). For more than five years, the Office of Civil Rights in the Department of Health and Human ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IHI '12: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium

January 2012

914 pages

ISBN:9781450307819

DOI:10.1145/2110363

General Chairs:
Gang Luo
IBM Research, USA
,
Jiming Liu
Hong Kong Baptist University
,
Program Chair:
Christopher C. Yang
Drexel University

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGHIT: ACM Special Interest Group on Health Informatics

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 January 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IHI '12

Sponsor:

SIGHIT

IHI '12: ACM International Health Informatics Symposium

January 28 - 30, 2012

Florida, Miami, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
824
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)7

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jayaraj IShanmugam BAzam SThennadil S(2024)Detecting and Localizing Wireless Spoofing Attacks on the Internet of Medical ThingsJournal of Sensor and Actuator Networks10.3390/jsan1306007213:6(72)Online publication date: 1-Nov-2024
https://doi.org/10.3390/jsan13060072
Rauniyar AHagos DJha DHåkegård JBagci URawat DVlassov V(2024)Federated Learning for Medical Applications: A Taxonomy, Current Trends, Challenges, and Future Research DirectionsIEEE Internet of Things Journal10.1109/JIOT.2023.332906111:5(7374-7398)Online publication date: 1-Mar-2024
https://doi.org/10.1109/JIOT.2023.3329061
Abu-Tair MAli AGebresilassie SRafferty JCui Z(2024)Regulation Compliance System for IoT Environments: GDPR Compliance as a Use-CaseAdvanced Information Networking and Applications10.1007/978-3-031-57853-3_13(147-160)Online publication date: 10-Apr-2024
https://doi.org/10.1007/978-3-031-57853-3_13
Paul SRiffat MYasir AMahim MSharnali BNaheen IRahman AKulkarni A(2021)Industry 4.0 Applications for Medical/Healthcare ServicesJournal of Sensor and Actuator Networks10.3390/jsan1003004310:3(43)Online publication date: 30-Jun-2021
https://doi.org/10.3390/jsan10030043
Anish PSonar PLawhatre PGhaisas S(2021)Automated Identification and Deconstruction of Penalty Clauses in Regulation2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)10.1109/REW53955.2021.00021(96-105)Online publication date: Sep-2021
https://doi.org/10.1109/REW53955.2021.00021
Sudha INedunchelian R(2019)A secure data protection technique for healthcare data in the cloud using homomorphic encryption and Jaya–Whale optimization algorithmInternational Journal of Modeling, Simulation, and Scientific Computing10.1142/S179396231950040510:06(1950040)Online publication date: 30-Dec-2019
https://doi.org/10.1142/S1793962319500405
Anish PJoshi VSainani AGhaisas S(2019)Towards enhanced accountability in complying with healthcare regulationsProceedings of the 1st International Workshop on Software Engineering for Healthcare10.1109/SEH.2019.00012(25-28)Online publication date: 27-May-2019
https://dl.acm.org/doi/10.1109/SEH.2019.00012
Fatima AColomo-Palacios R(2018)Security aspects in healthcare information systems: A systematic mappingProcedia Computer Science10.1016/j.procs.2018.10.003138(12-19)Online publication date: 2018
https://doi.org/10.1016/j.procs.2018.10.003
Hosseini ABuonocore CHashemzadeh SHojaiji HKalantarian HSideris CBui AKing CSarrafzadeh M(2017)Feasibility of a Secure Wireless Sensing Smartwatch Application for the Self-Management of Pediatric AsthmaSensors10.3390/s1708178017:8(1780)Online publication date: 3-Aug-2017
https://doi.org/10.3390/s17081780
Chen XYang PQiu TYin HJi J(2017)IoE-MPP: A mobile portal platform for internet of everythingJournal of Intelligent & Fuzzy Systems10.3233/JIFS-16925032:4(3069-3080)Online publication date: 29-Mar-2017
https://doi.org/10.3233/JIFS-169250
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten