MPhil Thesis Defence


"Health Insurance Portability and Accountability Act (HIPAA)-compliant
Privacy Access Control Model for Web Services"

By

Miss Sin Ying Cheng


Abstract

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
defines a set of security and privacy rules to be followed by healthcare
providers in the United States of America. The HIPAA rules create American
national standards for protecting individuals' health information and
privacy.

In this thesis, we present a privacy access control model based on the
Role-Based Access Control (RBAC). The model is extended with four privacy
related entities, namely purposes, recipients, obligations, and
retentions. The HIPAA privacy rules are embedded into the model as
constraints. Then, we present a vocabulary independent Web services
privacy framework in a layered architecture for supporting healthcare
applications. For illustration, we adopt the eXtensible Access Control
Markup Language (XACML) as a language in expressing privacy rules, and
demonstrate the feasibility of the privacy access control model in the
framework. Finally, we conclude the thesis with possible future work such
as extending the model with privacy policy negotiations and consent
management.


Date:			Friday, 23 June 2006

Time:			2:30p.m.-4:30p.m.

Venue:			Room 5508
			Lifts 25-26

Committee Members:	Dr. Cunsheng Ding (Supervisor)
			Dr. Patrick Hung (Supervisor, Univ. of Ontario
					  Inst. Of Tech.)
			Dr. Shing-Chi Cheung (Chairperson)
			Dr. Qing Li (Comp. Sci., City Univ.)



**** ALL are Welcome ****