usenix conference policies
On XACML’s Adequacy to Specify and to Enforce HIPAA
Omar Chowdhury, The University of Texas at San Antonio; Haining Chen, Purdue University; Jianwei Niu, The University of Texas at San Antonio; Ninghui Li and Elisa Bertino, Purdue University
In the medical sphere, personal and medical information is collected, stored, and transmitted for various purposes, such as, continuity of care, rapid formulation of diagnoses, and billing. Many of these operations must comply with federal regulations like the Health Insurance Portability and Accountability Act (HIPAA). To this end, we need a specification language that can precisely capture the requirements of HIPAA. We also need an enforcement engine that can enforce the privacy policies specified in the language. In the current work, we evaluate eXtensible Access Control Markup Language (XACML) as a candidate specification language for HIPAA privacy rules. We evaluate XACML based on the set of features required to sufficiently express HIPAA, proposed by a prior work. We also discuss which of the features necessary for expressing HIPAA are missing in XACML. We then present high level designs of how to enhance XACML’s enforcement engine to support the missing features.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
title = {On {XACML{\textquoteright}s} Adequacy to Specify and to Enforce {HIPAA}},
booktitle = {3rd USENIX Workshop on Health Security and Privacy (HealthSec 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/healthsec12/workshop-program/presentation/Chowdhury},
publisher = {USENIX Association},
month = aug
}
connect with us