An Ontology for a HIPAA compliant cloud service

Thumbnail Image

Files

837.pdf (374.06 KB)

Links to Files

https://ebiquity.umbc.edu/paper/html/id/756/An-Ontology-for-a-HIPAA-compliant-cloud-service

Permanent Link

http://hdl.handle.net/11603/11867

Collections

UMBC Information Systems Department
UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Author/Creator

Author/Creator ORCID

Date

2016-06-03

Type of Work

conference papers and proceedings pre-print
Text

Department

Program

Citation of Original Publication

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

Ontology
cloud service
Health Insurance Portability and Accountability Act (HIPAA)
Healthcare services
UMBC Ebiquity Research Group

Abstract

With increasing adoption of digitized patient records and physician’s notes, managing patient records and medical data has become a major challenge for healthcare providers. Hence, cloud based healthcare services have flooded the market with their promise of ubiquitous access, scalability and low cost. The Health Insurance Portability and Accountability Act (HIPAA) regulates the privacy and security of this data maintained by the healthcare providers and all cloud based healthcare services in the United States must comply with it. The HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). The Security Rule protects a subset of information covered by the Privacy Rule, which includes all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. We have developed a semantically rich Web Ontology Language (OWL) ontology to define the HIPAA privacy and security rules. This ontology extends the service lifecycle ontology that we have developed for automatically acquiring and consuming cloud based services in that it helps define healthcare domain specific security and privacy measures. Our HIPAA ontology defines in detail the concepts that have been specified in the act. Using this ontology in conjunction with our Cloud lifecycle ontology and incorporating the compliance and security guidelines in, users can discover and acquire Healthcare services that will comply with HIPAA security requirements. In this paper we describe this ontology.