HIPAA-Compliant Privacy Policy Language for e-Health Applications

Many e-health applications collect patient's health data and track how they are used by patients to enable and validate their effectiveness. Although e-health applications allow people to access healthcare services in easy and convenient way at the reduced cost, the lack of reliable and effective methods of privacy protection makes people hesitate to use e-health applications, and in turn, it becomes the biggest obstacle to the growth of e-Health applications. To overcome the drawback, in this paper, we first address the lack of consideration of health-related data on existing privacy policy languages and propose the HIPAA profile for existing languages, which contains the Health data schema and extensions to HIPAA-friendly policy languages. By using the HIPAA profile, e-health providers are able to specify HIPAA-compliant privacy policies and patients can express their privacy preferences on not only general usage and user data but also health-related data in detail. For better understanding, we present example policies for e-health applications and patients using the proposed profile.