An Overview of the HIPAA-Compliant Privacy Access Control Model

An Overview of the HIPAA-Compliant Privacy Access Control Model

Vivying S.Y. Cheng, Patrick Hung
DOI: 10.4018/978-1-59904-690-7.ch003
(Individual Chapters)
No Current Special Offers


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a set of rules to be followed by health plans, doctors, hospitals and other healthcare providers in the United States of America. HIPAA privacy rules create national standards to protect individuals’ health information; it is therefore necessary to create standardized solutions to tackle the various privacy issues. This chapter focuses on the e-healthcare privacy issues based on a prior extension of role-based access control (RBAC) model. We review an access control enforcement model in Web services for tackling HIPAA privacy rules and protecting personal health information (PHI) called the Privacy Access Control Model. First, we discuss related backgrounds of, and privacy requirements in the HIPAA legislation. Next, four privacy-related entities (purposes, recipients, obligations, and retentions) are incorporated into the core RBAC model. The HIPAA rules are then embedded into the extended RBAC model as constraints. Then, we present a vocabulary-independent Web services privacy framework in a layered architecture for supporting healthcare applications.

Complete Chapter List

Search this Book: