{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T14:55:12Z","timestamp":1781103312886,"version":"3.54.1"},"reference-count":39,"publisher":"IGI Global Scientific Publishing","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,4,1]]},"abstract":"<p>In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient\u2019s complete medical record and uniformly integrates this heterogeneous collection of medical data to deliver it to the healthcare professionals. As a result, healthcare providers are more willing to shift their electronic medical record (EMR) systems to clouds that can remove the geographical distance barriers among providers and patients. Since a shared electronic health record (EHR) essentially represents a virtualized aggregation of distributed clinical records from multiple healthcare providers, sharing of such integrated EHRs should comply with various authorization policies from these data providers. In previous work, the authors present and implement a secure medical data sharing system to support selective sharing of composite EHRs aggregated from various healthcare providers in cloud computing environments. In this paper, the authors point out that when EMR systems are migrated to clouds, it is also critical to ensure that EMR systems are compliant with government regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Also, the authors propose a HIPAA compliance management approach by leveraging logic-based techniques and apply it to the cloud-based EHRs sharing system. The authors also describe evaluation results to demonstrate the feasibility and effectiveness of the approach.<\/p>","DOI":"10.4018\/jcmam.2012040101","type":"journal-article","created":{"date-parts":[[2012,11,19]],"date-time":"2012-11-19T13:30:01Z","timestamp":1353331801000},"page":"1-22","source":"Crossref","is-referenced-by-count":5,"title":["Towards HIPAA-Compliant Healthcare Systems in Cloud Computing"],"prefix":"10.4018","volume":"3","author":[{"given":"Ruoyu","family":"Wu","sequence":"first","affiliation":[{"name":"Arizona State University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Gail-Joon","family":"Ahn","sequence":"additional","affiliation":[{"name":"Arizona State University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hongxin","family":"Hu","sequence":"additional","affiliation":[{"name":"Delaware State University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"jcmam.2012040101-0","doi-asserted-by":"crossref","unstructured":"Ahn, G. J., Hu, H., Lee, J., & Meng, Y. (2010). Representing and reasoning about web access control policies. In Proceedings of the IEEE 34th Annual Computer Software and Applications Conference (pp. 137-146).","DOI":"10.1109\/COMPSAC.2010.20"},{"key":"jcmam.2012040101-1","doi-asserted-by":"crossref","unstructured":"Barth, A., Datta, A., Mitchell, J. C., & Nissenbaum, H. (2006). Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 184-198).","DOI":"10.1109\/SP.2006.32"},{"key":"jcmam.2012040101-2","doi-asserted-by":"crossref","unstructured":"Barth, A., Mitchell, J., Datta, A., & Sundaram, S. (2007). Privacy and utility in business processes. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (pp. 279-294).","DOI":"10.1109\/CSF.2007.26"},{"key":"jcmam.2012040101-3","doi-asserted-by":"crossref","unstructured":"Basin, D., Klaedtke, F., & Muller, S. (2010). Monitoring security policies with metric first-order temporal logic. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (pp. 23-34).","DOI":"10.1145\/1809842.1809849"},{"key":"jcmam.2012040101-4","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70746"},{"key":"jcmam.2012040101-5","doi-asserted-by":"crossref","unstructured":"Breaux, T. D., Vail, M. W., & Anton, A. I. (2006). Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In Proceedings of the 14th IEEE International Conference on Requirements Engineering (pp. 49-58).","DOI":"10.1109\/RE.2006.68"},{"key":"jcmam.2012040101-6","doi-asserted-by":"publisher","DOI":"10.1056\/NEJMsa0802005"},{"key":"jcmam.2012040101-7","doi-asserted-by":"crossref","unstructured":"DeYoung, H., Garg, D., Kaynar, D., & Datta, A. (2010). Logical specification of the GLBA and HIPAA privacy laws (Tech. Rep. No. CMU-CyLab-10-007). Pittsburgh, PA: Carnegie Mellon University.","DOI":"10.21236\/ADA571991"},{"key":"jcmam.2012040101-8","doi-asserted-by":"crossref","unstructured":"Dinesh, N., Joshi, A., Lee, I., & Sokolsky, O. (2008). Reasoning about conditions and exceptions to laws in regulatory conformance checking. In Proceedings of the 9th International Conference on Deontic Logic in Computer Science (pp. 110-124).","DOI":"10.1007\/978-3-540-70525-3_10"},{"key":"jcmam.2012040101-9","doi-asserted-by":"publisher","DOI":"10.1145\/1118890.1118891"},{"key":"jcmam.2012040101-10","unstructured":"Feingold, J. (2011). Are more doctors adopting EHRs? Neusoft Blog. Retrieved January 5, 2011, from http:\/\/www.nuesoft.com\/blog\/are-more-doctors-adopting-ehrs\/"},{"key":"jcmam.2012040101-11","doi-asserted-by":"publisher","DOI":"10.1016\/j.artint.2010.04.011"},{"key":"jcmam.2012040101-12","unstructured":"Gelfond, M., & Lifschitz, V. (1988). The stable model semantics for logic programming. In Proceedings of the 5th International Conference on Logic Programming (pp. 1070-1080)."},{"key":"jcmam.2012040101-13","doi-asserted-by":"crossref","unstructured":"Giorgini, P., Massacci, F., Mylopoulos, J., & Zannone, N. (2005). Modeling security requirements through ownership, permission and delegation. In Proceedings of the 13th IEEE International Conference on Requirements Engineering (pp. 167-176).","DOI":"10.1109\/RE.2005.43"},{"key":"jcmam.2012040101-14","doi-asserted-by":"publisher","DOI":"10.1109\/4236.935177"},{"key":"jcmam.2012040101-15","doi-asserted-by":"crossref","unstructured":"Haley, C. B., Laney, R. C., Moffett, J. D., & Nuseibeh, B. (2004). The effect of trust assumptions on the elaboration of security requirements. In Proceedings of the 12th IEEE International Conference on Requirements Engineering (pp. 102-111).","DOI":"10.1109\/ICRE.2004.1335668"},{"key":"jcmam.2012040101-16","unstructured":"Haley, C. B., Moffett, J. D., Laney, R., & Nuseibeh, B. (2005). Arguing security: Validating security requirements using structured argumentation. In Proceedings of the 3rd Symposium on Requirements Engineering for Information Security, co-located with the 13th International Requirements Engineering Conference."},{"key":"jcmam.2012040101-17","doi-asserted-by":"crossref","unstructured":"Hilty, M., Basin, D., & Pretschner, A. (2005). On obligations. In Proceedings of the 10th European Symposium on Research in Computer Security (pp. 98-117).","DOI":"10.1007\/11555827_7"},{"key":"jcmam.2012040101-18","doi-asserted-by":"crossref","unstructured":"Jafari, M., Safavi-Naini, R., & Sheppard, N. P. (2011). A rights management approach to protection of privacy in a cloud of electronic health records. In Proceedings of the 11th Annual ACM Workshop on Digital Rights Management (pp. 23-30).","DOI":"10.1145\/2046631.2046637"},{"key":"jcmam.2012040101-19","doi-asserted-by":"crossref","unstructured":"Jin, J., Ahn, G. J., Hu, H., Covington, M. J., & Zhang, X. (2009). Patient-centric authorization framework for sharing electronic health records. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (pp. 125-134).","DOI":"10.1145\/1542207.1542228"},{"key":"jcmam.2012040101-20","doi-asserted-by":"crossref","unstructured":"Lam, P., Mitchell, J., & Sundaram, S. (2009). A formalization of HIPAA for a medical messaging system. In S. Fischer-H\u00fcbner, C. Lambrinoudakis, & G. Pernul (Eds.), Proceedings of the 8th International Conference on Trust, Privacy and Security in Digital Business (LNCS 5695, pp. 73-85).","DOI":"10.1007\/978-3-642-03748-1_8"},{"key":"jcmam.2012040101-21","doi-asserted-by":"crossref","unstructured":"Lam, P. E., Mitchell, J. C., Scedrov, A., Sundaram, S., & Wang, F. (2012). Declarative privacy policy: Finite models and attribute-based encryption. In Proceedings of the 2nd ACM SIGHIT Symposium on International Health Informatics (pp. 323-332).","DOI":"10.1145\/2110363.2110401"},{"key":"jcmam.2012040101-22","doi-asserted-by":"crossref","unstructured":"Lee, S. W., Gandhi, R., Muthurajan, D., Yavagal, D., & Ahn, G. J. (2006). Building problem domain ontology from security requirements in regulatory documents. In Proceedings of the International Workshop on Software Engineering for Secure Systems (pp. 43-50).","DOI":"10.1145\/1137627.1137635"},{"key":"jcmam.2012040101-23","doi-asserted-by":"publisher","DOI":"10.1145\/234173.234210"},{"key":"jcmam.2012040101-24","doi-asserted-by":"crossref","unstructured":"Li, M., Yu, S., Ren, K., & Lou, W. (2010). Securing personal health records in cloud computing: Patient-centric and fine-grained data access control in multi-owner settings. In Proceedings of the 6th International Conference on Security and Privacy in Communication Networks (pp. 89-106).","DOI":"10.1007\/978-3-642-16161-2_6"},{"key":"jcmam.2012040101-25","unstructured":"Lifschitz, V. (2008). What is answer set programming. In Proceedings of the AAAI Conference on Artificial Intelligence (pp. 1594-1597)."},{"key":"jcmam.2012040101-26","doi-asserted-by":"publisher","DOI":"10.1145\/1131313.1131316"},{"key":"jcmam.2012040101-27","doi-asserted-by":"crossref","unstructured":"Lin, L., Nuseibeh, B., Ince, D., Jackson, M., & Moffett, J. (2003). Introducing abuse frames for analysing security requirements. In Proceedings of the 11th IEEE International Conference on Requirements Engineering (pp. 371-372).","DOI":"10.1109\/ICRE.2003.1232791"},{"key":"jcmam.2012040101-28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-60085-2_17"},{"key":"jcmam.2012040101-29","doi-asserted-by":"crossref","unstructured":"Maxwell, J. C., & Anton, A. I. (2010). The production rule framework: Developing a canonical set of software requirements for compliance with law. In Proceedings of the 1st ACM International Health Informatics Symposium (pp. 629-636).","DOI":"10.1145\/1882992.1883092"},{"key":"jcmam.2012040101-30","doi-asserted-by":"crossref","unstructured":"May, M. J., Gunter, C. A., & Lee, I. (2006). Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In Proceedings of the 19th IEEE Computer Security Foundations Workshop.","DOI":"10.1109\/CSFW.2006.24"},{"issue":"6","key":"jcmam.2012040101-31","first-page":"1","article-title":"The NIST definition of cloud computing (Draft).","volume":"145","author":"P.Mell","year":"2011","journal-title":"NIST Special Publication"},{"key":"jcmam.2012040101-32","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.126"},{"key":"jcmam.2012040101-33","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.186"},{"key":"jcmam.2012040101-34","doi-asserted-by":"crossref","unstructured":"Van Lamsweerde, A. (2004). Elaborating security requirements by construction of intentional anti-models. In Proceedings of the 26th International Conference on Software Engineering (pp. 148-157).","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"jcmam.2012040101-35","unstructured":"Wu, R. (2012). Secure sharing of electronic medical records in cloud computing (Unpublished master\u2019s thesis). Arizona State University, Tempe, AZ."},{"key":"jcmam.2012040101-36","doi-asserted-by":"crossref","unstructured":"Wu, R., Ahn, G. J., Hu, H., & Singhal, M. (2010). Information flow control in cloud computing. In Proceedings of the 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (pp. 1-7).","DOI":"10.4108\/icst.trustcol.2010.1"},{"key":"jcmam.2012040101-37","doi-asserted-by":"crossref","unstructured":"Xu, D., Goel, V., & Nygard, K. (2006). An aspect-oriented approach to security requirements analysis. In Proceedings of the IEEE 30th Annual Computer Software and Applications Conference (pp. 79-82).","DOI":"10.1109\/COMPSAC.2006.109"},{"key":"jcmam.2012040101-38","doi-asserted-by":"crossref","unstructured":"Zhang, R., & Liu, L. (2010). Security models and requirements for healthcare application clouds. In Proceedings of the IEEE 3rd International Conference on Cloud Computing (pp. 268-275).","DOI":"10.1109\/CLOUD.2010.62"}],"container-title":["International Journal of Computational Models and Algorithms in Medicine"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=72873","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,1]],"date-time":"2022-06-01T10:48:24Z","timestamp":1654080504000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jcmam.2012040101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2012,4,1]]},"references-count":39,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,4]]}},"URL":"https:\/\/doi.org\/10.4018\/jcmam.2012040101","relation":{},"ISSN":["1947-3133","1947-3141"],"issn-type":[{"value":"1947-3133","type":"print"},{"value":"1947-3141","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4,1]]}}}