Preserving Privacy in Healthcare Web Services Paradigm Through Hippocratic Databases

  • Rekha Bhatia
  • Manpreet Singh
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 308)


As is the case with every other area of digital life, privacy is a major concern in health care also, since online Web services in healthcare domain are increasingly becoming the need of society. The patients’ sensitive personal information (PI) in such an environment is more at the risk of inadvertent disclosure. Safeguarding this PI from malicious users is critical to such systems. The existing standards of privacy policy enforcement like platform for privacy preferences (P3P) given by World Wide Web consortium (W3C) and enterprises privacy authorization language (EPAL) of IBM are not sufficient to protect sensitive PI of users shared online through Web services where multiple such unknown heterogeneous services collaborate to carry out the intended task. The user no longer will be interested in those services in which their privacy is at stake. This trend is hampering the online transactions-based business of many large corporate giants. The need of the hour is to integrate privacy policies along with traditional access control policies in order to address the sensitive information disclosure issue. In this paper, we have suggested how Hippocratic Databases can be efficiently used for dealing with privacy disclosure in healthcare scenarios.


Privacy Access control Web services PI Hippocratic Databases 


  1. 1.
    Agrawal, R., Bird P., Grandison, T., Kiernan, J., Logan S., Rjaibi, W.: Extending relational database systems to automatically enforce privacy policies. In: Proceedings of the 21st International Conference on Data Engineering, ICDE ’05, pp. 1013–1022. Washington, DC, USA (2005)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: 28th International Conference on Very Large Databases, Hong Kong (2002)Google Scholar
  3. 3.
    Bayardo, R., Grandison, T., Johnson, C., Agrawal, R., Asonov, D., Kiernan, J.: Managing disclosure of private health data with Hippocratic databases. IBM Research White Paper (2005)Google Scholar
  4. 4.
    Rotenberg, M.: The Privacy Law Sourcebook 2000, United States Law, International Law, and Recent Developments. Electronic Privacy Information Center, Washington, DC (2000)Google Scholar
  5. 5.
    Rotenberg, M.: Fair information practices and the architecture of privacy. Stanford Technology Law Review (2001)Google Scholar
  6. 6.
    U.S. Department of Health, Education, and Welfare: Records, computers and the Rights of Citizen, Report of the Secretary’s Advisory Committee on Automated Personal Data Systems, xx–xxiii edn (1973)Google Scholar
  7. 7.
    Bhatia, R., Singh, M.: Trust based privacy preserving access control in web services paradigm. In: the Second IEEE International Conference on Advanced Computing, Networking and Security, ADCONS, pp. 243–246 (2013)Google Scholar
  8. 8.
    Nadas, A., Frisse, M.E., Sztipanovits, J.: Modeling privacy aware health information exchange systems. In: 1st International Workshop on Engineering EHR Solutions (IWEES), Amsterdam Privacy Conference (2012)Google Scholar
  9. 9.
    Barth, A., Mitchell, J., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: Computer Security Foundations Symposium, CSF ’07, 20th IEEE, pp. 279–294 (2007)Google Scholar
  10. 10.
    Datta, A., Franklin, J., Garg, D., Kaynar, D.: A logic of secure systems and its application to trusted computing. In: 30th IEEE Symposium on Security and Privacy, pp. 221–236 (2009)Google Scholar
  11. 11.
    Lam, P.E., Mitchell, J.C., Sundaram, S.: A formalization of HIPAA for a medical messaging system. In: Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business, Berlin, pp. 73–85. Springer, Heidelberg (2009)Google Scholar
  12. 12.
    Becker, M.Y., Fournet, C., Gordon, A.D.: SecPAL: design and semantics of a decentralized authorization language. J. Comput. Secur. 18(4), 619–665 (2010)CrossRefGoogle Scholar
  13. 13.
    Craven, R., Lobo, J., Lupu, E., Ma, J., Russo, A., Sloman, M., Bandara, A.: A Formal Framework for Policy Analysis, Imperial College London, Technical Report (2008)Google Scholar
  14. 14.
    Simko, G., Sztipanovits, J.: Active monitoring using real-time metric linear temporal logic specifications. In: HEALTHINF, pp. 370–373 (2012)Google Scholar
  15. 15.
    Li, M., Sun, X., Wang, H., Zhang, Y.: Optimal privacy-aware path in hippocratic databases. In: 14th International Conference on Database Systems for Advanced Applications Brisbane, pp. 441–455, Australia (2009)Google Scholar
  16. 16.
    Nilsson, N. J.: Problem Solving Methods in AI. Mc Graw-Hill, New York (1971)Google Scholar
  17. 17.
    Rich, E., Knight, K., Nair, S.B.: Artificial Intelligence. Mc Graw-Hill, New York (2009)Google Scholar
  18. 18.
    Saaty, T.L.: The Analytic Hierarchy Process. McGraw-Hill, New York (1980)MATHGoogle Scholar
  19. 19.
    Saaty, T.L.: Fundamentals of Decision Making and Priority Theory with the Analytic Hierarchy Process. RWS Publications, Pittsburg (2000)Google Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.Punjabi University Regional CentreMohaliIndia
  2. 2.Punjabi UniversityPatialaIndia

Personalised recommendations