{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T16:00:28Z","timestamp":1770739228093,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642037474","type":"print"},{"value":"9783642037481","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-03748-1_8","type":"book-chapter","created":{"date-parts":[[2009,8,22]],"date-time":"2009-08-22T05:10:34Z","timestamp":1250917834000},"page":"73-85","source":"Crossref","is-referenced-by-count":35,"title":["A Formalization of HIPAA for a Medical Messaging System"],"prefix":"10.1007","author":[{"given":"Peifung E.","family":"Lam","sequence":"first","affiliation":[]},{"given":"John C.","family":"Mitchell","sequence":"additional","affiliation":[]},{"given":"Sharada","family":"Sundaram","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8_CR1","doi-asserted-by":"publisher","first-page":"629","DOI":"10.1145\/775152.775241","volume-title":"Proceedings of the Twelfth International Conference on World Wide Web","author":"R. Agrawal","year":"2003","unstructured":"Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based preference language for P3P. In: Proceedings of the Twelfth International Conference on World Wide Web, pp. 629\u2013639. ACM Press, New York (2003)"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Ant\u00f3n, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: Requirements Engineering 2002, pp. 23\u201331 (2002)","DOI":"10.1109\/ICRE.2002.1048502"},{"issue":"1","key":"8_CR3","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/MSP.2007.7","volume":"5","author":"A.I. Anton","year":"2007","unstructured":"Anton, A.I., Eart, J.B., Vail, M.W., Jain, N., Gheen, C.M., Frink, J.M.: Hipaa\u2019s effect on web site privacy policies. IEEE Security and Privacy\u00a05(1), 45\u201352 (2007)","journal-title":"IEEE Security and Privacy"},{"issue":"6","key":"8_CR4","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1109\/MSP.2004.103","volume":"2","author":"A.I. Ant\u00f3n","year":"2004","unstructured":"Ant\u00f3n, A.I., He, Q., Baumer, D.L.: Inside JetBlue\u2019s privacy policy violations. IEEE Security and Privacy\u00a02(6), 12\u201318 (2004)","journal-title":"IEEE Security and Privacy"},{"key":"8_CR5","first-page":"184","volume-title":"IEEE Symposium on Security and Privacy","author":"A. Barth","year":"2006","unstructured":"Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy, pp. 184\u2013198. IEEE Computer Society, Los Alamitos (2006)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Barth, A., Mitchell, J., Datta, A., Sundaram, S.: Privacy and utility in business processes. Computer Security Foundations Symposium, IEEE, 279\u2013294 (2007)","DOI":"10.1109\/CSF.2007.26"},{"key":"8_CR7","first-page":"58","volume-title":"Workshop on Issues in the Theory of Security","author":"A. Barth","year":"2005","unstructured":"Barth, A., Mitchell, J.C.: Enterprise privacy promises and enforcement. In: Workshop on Issues in the Theory of Security, pp. 58\u201366. ACM Press, New York (2005)"},{"key":"8_CR8","unstructured":"Bell, D.E., La Padula, L.J.: Secure computer systems: Mathematical foundations. Technical Report 2547, MITRE Corporation (1973)"},{"issue":"4","key":"8_CR9","first-page":"687","volume":"3","author":"M.A. Borrelli","year":"1990","unstructured":"Borrelli, M.A.: Prolog and the law: using expert systems to perform legal analysis in the United Kingdom. Softw. Law J.\u00a03(4), 687\u2013715 (1990)","journal-title":"Softw. Law J."},{"key":"8_CR10","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/948109.948123","volume-title":"Proceedings of the 10th ACM Conference on Computer and Communication Security","author":"J. Crampton","year":"2003","unstructured":"Crampton, J.: On permissions, inheritance and role hierarchies. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 85\u201392. ACM Press, New York (2003)"},{"key":"8_CR11","unstructured":"Cranor, L.F., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification (2002), http:\/\/www.w3.org\/TR\/P3P\/"},{"key":"8_CR12","first-page":"173","volume-title":"IFIP International Federation for Information Processing","author":"N. Cuppens-Boulahia","year":"2008","unstructured":"Cuppens-Boulahia, N., Cuppens, F., Haidar, D.A., Debar, H.: Negotiation of prohibition: An approach based on policy rewriting. In: IFIP International Federation for Information Processing, vol.\u00a0278, pp. 173\u2013187. Springer, Boston (2008)"},{"issue":"8510","key":"8_CR13","first-page":"65","volume":"382","author":"C. Evans-Pughe","year":"2007","unstructured":"Evans-Pughe, C.: The logic of privacy. The Economist\u00a0382(8510), 65\u201366 (2007)","journal-title":"The Economist"},{"issue":"2","key":"8_CR14","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1145\/383891.383894","volume":"26","author":"S. Jajodia","year":"2001","unstructured":"Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst.\u00a026(2), 214\u2013260 (2001)","journal-title":"ACM Trans. Database Syst."},{"key":"8_CR15","unstructured":"Masys, D.: Electronic medical records and secure patient portals as an application domain for team research in ubiquitous secure technologies (2005), http:\/\/dbmi.mc.vanderbilt.edu\/trust\/TRUST_for_patient_portals.pdf"},{"key":"8_CR16","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1109\/CSFW.2006.24","volume-title":"IEEE Workshop on Computer Security Foundations","author":"M.J. May","year":"2006","unstructured":"May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: IEEE Workshop on Computer Security Foundations, pp. 85\u201397. IEEE Computer Society Press, Los Alamitos (2006)"},{"issue":"2","key":"8_CR17","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1016\/j.annepidem.2004.12.001","volume":"15","author":"R.B. Ness","year":"2005","unstructured":"Ness, R.B.: A year is a terrible thing to waste: early experience with HIPAA. Annals of Epidemiology\u00a015(2), 85\u201386 (2005)","journal-title":"Annals of Epidemiology"},{"key":"8_CR18","volume-title":"Logic, Programming and Prolog","author":"U. Nilsson","year":"1995","unstructured":"Nilsson, U., Maluszynski, J.: Logic, Programming and Prolog, 2nd edn. Wiley, Chichester (1995)","edition":"2"},{"issue":"1","key":"8_CR19","first-page":"119","volume":"79","author":"H. Nissenbaum","year":"2004","unstructured":"Nissenbaum, H.: Privacy as contextual integrity. Washington Law Review\u00a079(1), 119\u2013158 (2004)","journal-title":"Washington Law Review"},{"key":"8_CR20","unstructured":"OASIS. eXtensible Access Control Markup Language (XACML) 2.0, http:\/\/docs.oasis-open.org\/xacml\/2.0\/access_control-xacml-2.0-core-spec-os.pdf"},{"issue":"2","key":"8_CR21","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer\u00a029(2), 38\u201347 (1996)","journal-title":"IEEE Computer"},{"key":"8_CR22","unstructured":"Schunter, M., Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language, EPAL 1.1 (2003), http:\/\/www.zurich.ibm.com\/security\/enterprise-privacy\/epal\/Specification\/"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Sherman, D.M.: A prolog model of the income tax act of Canada. In: ICAIL 1987: Proceedings of the 1st international conference on Artificial intelligence and law, pp. 127\u2013136 (1987)","DOI":"10.1145\/41735.41750"},{"key":"8_CR24","unstructured":"Stanford Privacy Group. HIPAA Compliance Checker, http:\/\/crypto.stanford.edu\/privacy\/HIPAA"},{"key":"8_CR25","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1145\/1029179.1029190","volume-title":"WPES 2004: Proceedings of the 2004 ACM workshop on Privacy in the electronic society","author":"W.H. Stufflebeam","year":"2004","unstructured":"Stufflebeam, W.H., Ant\u00f3n, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: WPES 2004: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 35\u201335. ACM, New York (2004)"},{"key":"8_CR26","unstructured":"U.S. Department of Health and Human Services. Understanding HIPAA privacy, http:\/\/www.hhs.gov\/ocr\/privacy\/hipaa\/understanding\/index.html"},{"key":"8_CR27","unstructured":"U.S. Department of Health and Human Services. HIPAA administrative simplification (2006), http:\/\/www.hhs.gov\/ocr\/privacy\/hipaa\/administrative\/privacyrule\/adminsimpregtext.pdf"},{"key":"8_CR28","unstructured":"Vanderbilt Medical Center. MyHealthAtVanderbilt, https:\/\/www.myhealthatvanderbilt.com\/"}],"container-title":["Lecture Notes in Computer Science","Trust, Privacy and Security in Digital Business"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-03748-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,11]],"date-time":"2025-02-11T20:33:55Z","timestamp":1739306035000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-03748-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642037474","9783642037481"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-03748-1_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}