The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA rules create American national standards for protecting individuals' health information and privacy....[ Read more ]

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines a set of security and privacy rules to be followed by healthcare providers in the United States of America. The HIPAA rules create American national standards for protecting individuals' health information and privacy.

In this thesis, we present a privacy access control model based on the Role-Based Access Control (RBAC). The model is extended with four privacy related entities, namely purposes, recipients, obligations, and retentions. The HIPAA privacy rules are embedded into the model as constraints. Then, we present a vocabulary independent Web services privacy framework in a layered architecture for supporting healthcare applications. For illustration, we adopt the eXtensible Access Control Markup Language (XACML) as a language in expressing privacy rules, and demonstrate the feasibility of the privacy access control model in the framework. Finally, we conclude the thesis with possible future work such as extending the model with privacy policy negotiations and consent management.