Team for Research in
Ubiquitous Secure Technology

Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws
Anupam Datta

Citation
Anupam Datta. "Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws". Talk or presentation, 11, November, 2010.

Abstract
Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via _xed points. To illustrate these features and demonstrate PrivacyLFP’s utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.

Electronic downloads

Citation formats  
  • HTML
    Anupam Datta. <a
    href="http://www.truststc.org/pubs/772.html"
    ><i>Experiences in the Logical Specification of the
    HIPAA and GLBA Privacy Laws</i></a>, Talk or
    presentation,  11, November, 2010.
  • Plain text
    Anupam Datta. "Experiences in the Logical Specification
    of the HIPAA and GLBA Privacy Laws". Talk or
    presentation,  11, November, 2010.
  • BibTeX
    @presentation{Datta10_ExperiencesInLogicalSpecificationOfHIPAAGLBAPrivacyLaws,
        author = {Anupam Datta},
        title = {Experiences in the Logical Specification of the
                  HIPAA and GLBA Privacy Laws},
        day = {11},
        month = {November},
        year = {2010},
        abstract = {Despite the wide array of frameworks proposed for
                  the formal specification and analysis of privacy
                  laws, there has been comparatively little work on
                  expressing large fragments of actual privacy laws
                  in these frameworks. We attempt to bridge this gap
                  by giving complete logical formalizations of the
                  transmission-related portions of the Health
                  Insurance Portability and Accountability Act
                  (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To
                  this end, we develop the PrivacyLFP logic, whose
                  features include support for disclosure purposes,
                  real-time constructs, and self-reference via _xed
                  points. To illustrate these features and
                  demonstrate PrivacyLFP’s utility, we present
                  formalizations of a collection of clauses from
                  these laws. Due to their size, our full
                  formalizations of HIPAA and GLBA appear in a
                  companion technical report. We discuss ambiguities
                  in the laws that our formalizations revealed and
                  sketch preliminary ideas for computer-assisted
                  enforcement of such privacy policies.},
        URL = {http://www.truststc.org/pubs/772.html}
    }
    

Posted by Larry Rohrbough on 7 Dec 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.