Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Published byFelipe Lier Modified over 9 years ago

Similar presentations

Presentation on theme: "Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas."— Presentation transcript:

1 Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas

2 Overview Previous Work SPIN Results Conclusions Project Overview HIPAA Overview Previous Work Verification Tool - SPIN Formalization Results Conclusions Further Work Overview

3 Previous Work SPIN Results Conclusions What is HIPAA? Timeline - 1996:main act is passed - 2000:HHS releases privacy rule - 2003: In response to criticism, HHS releases updated privacy rule Goals - Prevent malicious parties from obtaining protected health information (phi) -Allow flows of information necessary for health care -Allows patients reasonable discretion Overview

4 Previous Work SPIN Results Conclusions Privacy and Contextual Integrity Barth, Datta, Mitchell and Nissenbaum Uses typed, first order, linear temporal logic. With types  = Agent |Message | Property | Context With grammar: With invariants: With norms (e.g.): inrole(p1, covered-entity)  inrole(p2, individual)  (q = p2)  (t  phi) Previous Work

5 Overview Previous Work SPIN Results Conclusions Privacy APIs Previous Work Gunter, et al Defined a formalism for legal privacy rules “auditable privacy systems” Created a language (HRU) that preserved the subtleties of law and was accessible to non- experts Investigated several properties, found one “unexpected ambiguity” about patient consent Converted HRU to Promela and used SPIN verification

6 Overview Previous Work SPIN Results Conclusions Verification Tool SPIN SPIN = Simple Promela Interpreter Software verifier for parallel, distributed systems LTL model checker Promela Model M  Xspin LTL Translator Verifier Counter Example (Trace) SPIN

7 Overview Previous Work SPIN Results Conclusions Promela SPIN From: Theo R. Ruys – SPIN Beginner’sTutorial, 2002 Promela = Protocol/Process Meta Language Communication via message channels (synchronous/asynchronous) Non deterministic scheduling of processes Model consists of Type declarations Channel declarations Variable declarations Process declarations [ init process ]

8 Overview Previous Work SPIN Results Conclusions Promela SPIN From: Theo R. Ruys – SPIN Beginner’sTutorial, 2002 /*******#defines **************/ mtype { one}; mtype {pharmafrnd,frndpharma}; /*********global variables *************/ chan q[N] = [2] of { byte}; bool pharma_frnd=0; /************** processes ****************/ proctype pharmacist (chan friendin,friendout ){ byte mesg; end:do ::friendin?one(mesg) -> printf("pharmacist gets mesg frm friend \n"); ::friendout!one(mesg) -> printf("pharmacist sends mesg to friend \n"); ::break od }

9 Overview Previous Work SPIN Results Conclusions Promela SPIN From: Theo R. Ruys – SPIN Beginner’sTutorial, 2002 proctype friend (chan pharmain,pharmaout){ byte mesg; end:do ::pharmain?one(mesg) -> pharma_frnd=1; printf("friends gets mesg frm pharmacist \n"); ::pharmaout!one(mesg) -> printf("friend sends mesg to pharmacist \n"); ::break od } /************init process**************/ init { atomic{ run friend(q[pharmafrnd],q[frndpharma]); run pharmacist(q[frndpharma],q[pharmafrnd]) } LTL property: <> pharma_frnd /* does the pharmacist send a message to the friend */

10 Overview Previous Work SPIN Results Conclusions Formalization Results Results Properties checked A friend cannot find out what medicine you're taking without your knowledge Your protected health information won't be transmitted to a third party who is not covered by HIPAA privacy rule A doctor may not disclose a patient’s record for TPO after the patient has denied consent. Approach: Check validity of ( HIPAA  Desired Property)

11 Overview Previous Work SPIN Results Conclusions Formalization Results Results A friend cannot find out what medicine you're taking without your knowledge. ( HIPAA  Desired Property) returns FALSE Desired Property inrole(p1, pharmacist)  inrole (q, patient)  inrole (p2, friend[q])  t  prescription  send(p1, p2, t)  (! send(q, p1, deny-identification) S send(q, p1, identify-friend)) HIPAA Norms § 164.510(b)(1) [Positive Norm] inrole(q, patient)  inrole(p1, hcp)  t  phi  inrole(p2, familyfriend[q])  send(p1, p2, t)

12 Overview Previous Work SPIN Results Conclusions Formalization Results Results [Positive Norm] inrole(q, patient)  inrole(p1, hcp)  t  phi  send(p1, p2, t)  (!send(q, p1, deny-identification) S send(q, p1, identify-friend)) § 164.510(b)(2) [Negative Norm] inrole(q, patient)  inrole(p1, hcp)  t  phi  available-sane- agrees(q)  send(q, p1, object-disclosure[t])   !send(p1, p2, t) § 164.510(b)(3) [Positive Norm] inrole(q, patient)  inrole(p1, hcp)  t  phi  !available-sane- authorize(q)  uses-professional-judgment(p1)  !send(p1, p2, t)

13 Overview Previous Work SPIN Results Conclusions Results Formalization Results DISCLOSE

14 Overview Previous Work SPIN Results Conclusions Formalization Results Results Your protected health information won't be transmitted to a third party who is not covered by HIPAA privacy rule ( HIPAA  Desired Property) returns FALSE Desired Property inrole(p1, hcp)  inrole(q, patient)  t  phi  send(p1, p2, t)  incontext(p2, covered-entity) HIPAA Norms § 164.506(c)(1)[Positive Norm] inrole(p1, hcp)  inrole(p2, hcp)  t  phi  send(p1, p2, t)  disclosure-for-TPO(p1, t)

15 Overview Previous Work SPIN Results Conclusions Formalization Results Results § 164.506(c)(2) [Positive Norm] inrole(p1, hcp)  inrole(p2, hcp)  t  phi  send(p1, p2, t)  disclosure- for-T(p2, t) § 164.506(c)(3) [Positive Norm] inrole(p1, hcp)  (inrole(p2, hcp)  incontext(p2, covered-entity))  t  phi  send(p1, p2, t)  disclosure-for-P(p2, t) § 164.506(c)(4) [Positive Norm] inrole(p1, hcp)  inrole(p2, hcp)  inrole(q, patient)  t  phi  has- relationship(q, p2)  send(p1, p2, t)  disclosure-for-TPO(p2, t) § 164.506(c)(5)[Positive Norm] inrole(p1, hcp)  inrole(p2, hcp)  t  phi  send(p1, p2, t)  incontext(p1, covered-entity)  incontext(p2, covered-entity)  disclosure-for-O(p2, t)

16 Overview Previous Work SPIN Results Conclusions Formalization Results Results Covered entityNon-covered entity

17 Overview Previous Work SPIN Results Conclusions Formalization Results Results A doctor may not disclose a patient’s record for TPO after the patient has denied consent (HIPAA -> Desired Property) returns FALSE Desired Property inrole(q, patient)  inrole(p1, hcp)  t  phi  send(p1, p2, t)  (!send(q, p1, deny-consent) S send (q, p1, consent)) HIPAA Norms §164.506(a)(1) [Positive Norm] inrole(q, patient)  inrole(p1, hcp)  t  phi  ( send(p1, q, consent- request)  ! send(p1, q, consent-request) )  send(p1, p2, t) §164.506(a)(2) [Negative Norm] inrole(q, patient)  inrole(p1, hcp)  t  authorization-requiring-phi  ! send(q,p1, authorization)  !send(p1,p2,t)

18 Overview Previous Work SPIN Results Conclusions Formalization Results Results REQ DENY TPO

19 Overview Previous Work SPIN Results Conclusions HIPAA Specific: The HIPAA privacy rule is generally comprehensive and well- specified. However, the prose law does contain many ambiguous clauses. And, in at least 3 ways, HIPAA fails to require expected protections of health information. Procedural: SPIN, despite some troublesome flaws (lack of past operators, memory constraints), was a good choice for this analysis. The methods of “Privacy & Contextual Integrity” are useful for consistently parsing prose law into LTL formulae. 3 is not a crowd

Download ppt "Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.

Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.

An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐

SPIN Verification System The Model Checker SPIN By Gerard J. Holzmann Comp 587 – 12/2/09 Eduardo Borjas – Omer Azmon ☐ ☐
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.

Similar presentations

Ads by Google