Formalization of Health Information Portability and Accountability Act (HIPAA) - PowerPoint PPT Presentation

About This Presentation
Title:

Formalization of Health Information Portability and Accountability Act (HIPAA)

Description:

Dina Thomas. Overview. Previous. Work. SPIN. Results. Conclusions. Project ... A friend cannot find out what medicine you're taking without your knowledge ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 20
Provided by: Schm150
Learn more at: https://web.stanford.edu
Category:

less

Transcript and Presenter's Notes

Title: Formalization of Health Information Portability and Accountability Act (HIPAA)


1
Formalization of Health Information Portability
and Accountability Act (HIPAA)
Simon Berring, Navya Rehani, Dina Thomas
2
Project Overview
Overview
  • HIPAA Overview
  • Previous Work
  • Verification Tool - SPIN
  • Formalization Results
  • Conclusions
  • Further Work

3
What is HIPAA?
Overview
  • Timeline
  • - 1996 main act is passed
  • - 2000 HHS releases privacy rule
  • - 2003 In response to criticism, HHS
    releases updated privacy rule
  • Goals
  • - Prevent malicious parties from obtaining
    protected health information (phi)
  • - Allow flows of information necessary for
    health care
  • - Allows patients reasonable discretion

4
Privacy and Contextual Integrity
Previous Work
  • Barth, Datta, Mitchell and Nissenbaum
  • Uses typed, first order, linear temporal logic.
  • With types ? Agent Message Property
    Context
  • With grammar
  • With invariants
  • With norms (e.g.)
  • inrole(p1, covered-entity) ? inrole(p2,
    individual) ? (q p2) ? (t ? phi)

5
Privacy APIs
Previous Work
  • Gunter, et al
  • Defined a formalism for legal privacy rules
    auditable privacy systems
  • Created a language (HRU) that preserved the
    subtleties of law and was accessible to
    non-experts
  • Investigated several properties, found one
    unexpected ambiguity about patient consent
  • Converted HRU to Promela and used SPIN
    verification

6
Verification Tool
  • SPIN Simple Promela Interpreter
  • Software verifier for parallel, distributed
    systems
  • LTL model checker

SPIN
7
Promela
  • Promela Protocol/Process Meta Language
  • Communication via message channels
    (synchronous/asynchronous)
  • Non deterministic scheduling of processes
  • Model consists of
  • Type declarations
  • Channel declarations
  • Variable declarations
  • Process declarations
  • init process

SPIN
From Theo R. Ruys SPIN BeginnersTutorial, 2002
8
Promela
/defines / mtype
one mtype pharmafrnd,frndpharma /gl
obal variables / chan qN 2 of
byte bool pharma_frnd0 /
processes / proctype pharmacist
(chan friendin,friendout) byte
mesg end do friendin?one(mesg)
-gt printf("pharmacist gets mesg frm friend
\n") friendout!one(mesg)
-gt printf("pharmacist sends mesg to friend
\n") break od
SPIN
From Theo R. Ruys SPIN BeginnersTutorial, 2002
9
Promela
proctype friend (chan pharmain,pharmaout)
byte mesg end do pharmain?one(mesg) -gt
pharma_frnd1 printf("friends gets mesg frm
pharmacist \n") pharmaout!one(mesg)
-gt printf("friend sends mesg to pharmacist
\n") break od /init
process/ init atomic run
friend(qpharmafrnd,qfrndpharma) run
pharmacist(qfrndpharma,qpharmafrnd) LTL
property ltgt pharma_frnd / does the
pharmacist send a message to the friend /
SPIN
From Theo R. Ruys SPIN BeginnersTutorial, 2002
10
Formalization Results
  • Properties checked
  • A friend cannot find out what medicine you're
    taking without your knowledge
  • Your protected health information won't be
    transmitted to a third party who is not covered
    by HIPAA privacy rule
  • A doctor may not disclose a patients record for
    TPO after the patient has denied consent.
  • Approach Check validity of
  • ( HIPAA ? Desired Property)

Results
11
Formalization Results
  • A friend cannot find out what medicine you're
    taking without your knowledge.
  • ( HIPAA ? Desired Property) returns
    FALSE
  • Desired Property
  • inrole(p1, pharmacist) ? inrole (q, patient) ?
    inrole (p2, friendq)
  • t ? prescription ? send(p1, p2, t) ? (! send(q,
    p1, deny-identification)
  • S send(q, p1, identify-friend))
  • HIPAA Norms
  • 164.510(b)(1)
  • Positive Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    inrole(p2, familyfriendq) ? send(p1, p2, t)

Results
12
Formalization Results
  • Positive Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    send(p1, p2, t) ?
  • (!send(q, p1, deny-identification) S send(q,
    p1, identify-friend))
  • 164.510(b)(2)
  • Negative Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    available-sane- agrees(q) ? send(q, p1,
    object-disclosuret) ? ?!send(p1, p2, t)
  • 164.510(b)(3)
  • Positive Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    !available-sane- authorize(q) ?
    uses-professional-judgment(p1) ? !send(p1, p2, t)

Results
13
Formalization Results
Results
DISCLOSE
14
Formalization Results
  • Your protected health information won't be
    transmitted to a third party who is not covered
    by HIPAA privacy rule
  • ( HIPAA ? Desired Property) returns
    FALSE
  • Desired Property
  • inrole(p1, hcp) ? inrole(q, patient) ? t?phi ?
    send(p1, p2, t) ? incontext(p2, covered-entity)
  • HIPAA Norms
  • 164.506(c)(1)Positive Norm
  • inrole(p1, hcp) ? inrole(p2, hcp) ? t?phi ?
    send(p1, p2, t) ? disclosure-for-TPO(p1, t)

Results
15
Formalization Results
  • 164.506(c)(2) Positive Norm
  • inrole(p1, hcp) ? inrole(p2, hcp) ? t?phi ?
    send(p1, p2, t) ? disclosure-for-T(p2, t)
  • 164.506(c)(3) Positive Norm
  • inrole(p1, hcp) ? (inrole(p2, hcp) ?
    incontext(p2, covered-entity)) ? t?phi ? send(p1,
    p2, t) ? disclosure-for-P(p2, t)
  • 164.506(c)(4) Positive Norm
  • inrole(p1, hcp) ? inrole(p2, hcp) ? inrole(q,
    patient) ? t?phi ? has-relationship(q, p2) ?
    send(p1, p2, t) ? disclosure-for-TPO(p2, t)
  • 164.506(c)(5) Positive Norm
  • inrole(p1, hcp) ? inrole(p2, hcp) ? t?phi ?
    send(p1, p2, t) ? incontext(p1, covered-entity) ?
    incontext(p2, covered-entity) ?
    disclosure-for-O(p2, t)

Results
16
Formalization Results
Covered entity
Non-covered entity
Results
17
Formalization Results
  • A doctor may not disclose a patients record for
    TPO after the patient has denied consent
  • (HIPAA -gt Desired Property) returns FALSE
  • Desired Property
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    send(p1, p2, t) ? (!send(q, p1, deny-consent) S
    send (q, p1, consent))
  • HIPAA Norms
  • 164.506(a)(1) Positive Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?phi ?
    (lt-gtsend(p1, q, consent-request) ? ! lt-gtsend(p1,
    q, consent-request) ) ? send(p1, p2, t)
  • 164.506(a)(2) Negative Norm
  • inrole(q, patient) ? inrole(p1, hcp) ? t?
    authorization-requiring-phi ? !lt-gt send(q,p1,
    authorization) ? !send(p1,p2,t)

Results
18
Formalization Results
Results
REQ
DENY
TPO
19
Conclusions
  • HIPAA Specific
  • The HIPAA privacy rule is generally comprehensive
    and well-specified.
  • However, the prose law does contain many
    ambiguous clauses.
  • And, in at least 3 ways, HIPAA fails to require
    expected protections of health information.
  • Procedural
  • SPIN, despite some troublesome flaws (lack of
    past operators, memory constraints), was a good
    choice for this analysis.
  • The methods of Privacy Contextual Integrity
    are useful for consistently parsing prose law
    into LTL formulae.
  • 3 is not a crowd ?

Conclusions
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Formalization of Health Information Portability and Accountability Act (HIPAA)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!