UB ScholarWorks

Privacy Preserving HIPAA-Compliant Access Control Model for Web Services

Show simple item record

dc.contributor.author Alshugran, Tariq
dc.date.accessioned 2019-02-15T16:43:51Z
dc.date.available 2019-02-15T16:43:51Z
dc.date.issued 2019-02-08
dc.identifier.citation T. Alshugran, "Privacy Preserving HIPAA-Compliant Access Control Model for Web Services", Ph.D. dissertation, Dept. of Computer Science and Engineering, Univ. of Bridgeport, Bridgeport, CT, 2019. en_US
dc.identifier.uri https://scholarworks.bridgeport.edu/xmlui/handle/123456789/4001
dc.description.abstract Software applications are developed to help companies and organizations process and manage data that support their daily operations. However, this data might contain sensitive clients’ information that should be protected to ensure the clients’ privacy. Besides losing the clients’ trust, neglecting to ensure the clients’ data privacy may also be unlawful and inflict serious legal and financial consequences. Lately, different laws and regulations related to data privacy have been enacted specially in vital sectors such as health care, finance, and accounting. Those regulations dictate how clients’ data should be disclosed and transmitted within the organization as well as with external partners. The privacy rules in these laws and regulations presented a challenge for software engineers who design and implement the software applications used in processing the clients’ private data. The difficulty is linked to the complexity and length of the letter of the law and how to guarantee that the software application is maintaining the clients’ data privacy in compliance with the law. Some healthcare organization are trying to perform their own interpretation of the law privacy rules by creating custom systems. However, the problems with such approach is that the margin of error while interpreting the letter of the law is high specially with separate efforts carried out by individual companies. According to a survey carried out to check the Healthcare Insurance Portability and Accountability Act (HIPAA) requirements interpretation created for medical and healthcare related applications, none of the frameworks were well developed to capture the relationships specified in the law. To solve this problem, a standard framework is required that will analyze the regulatory text and provide a method to extract the relevant component that can be used during software roles engineering and development. The extracted components will include all the possible arrangements of roles, purposes, permissions, temporal factors, and any carried out obligations. In this work we propose a framework to analyze, extract, model, and enforce the privacy requirements from HIPAA regulatory text. The framework goal is to translate the law privacy rules text into more manageable components in the form of entities, roles, purposes, and obligations. Those components together can be used as building blocks to create formal privacy policies. The process concentrates on two main components; entities and their roles, and data access context. To accomplish the first part, the framework will parse the privacy sections of the regulatory text to mine all the subjects, and then categorize those subjects into roles based on their characterization in the law. To acquire the access context, the process will extract all the purposes, temporal clauses and any carried out obligations and classify them based on their permissibility. en_US
dc.language.iso en_US en_US
dc.subject Access control en_US
dc.subject Data modeling en_US
dc.subject Federal regulations en_US
dc.subject Health insurance portability and accountability act of 1996 (HIPAA) en_US
dc.subject Privacy policies en_US
dc.title Privacy Preserving HIPAA-Compliant Access Control Model for Web Services en_US
dc.type Thesis en_US
dc.institute.department School of Engineering en_US
dc.institute.name University of Bridgeport en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ScholarWorks

Advanced Search


My Account