Experiences in the logical specification of the HIPAA and GLBA privacy laws

Despite the wide array of frameworks proposed for the formal specification and analysis of privacy laws, there has been comparatively little work on expressing large fragments of actual privacy laws in these frameworks. We attempt to bridge this gap by giving complete logical formalizations of the transmission-related portions of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). To this end, we develop the PrivacyLFP logic, whose features include support for disclosure purposes, real-time constructs, and self-reference via fixed points. To illustrate these features and demonstrate PrivacyLFP's utility, we present formalizations of a collection of clauses from these laws. Due to their size, our full formalizations of HIPAA and GLBA appear in a companion technical report. We discuss ambiguities in the laws that our formalizations revealed and sketch preliminary ideas for computer-assisted enforcement of such privacy policies.

[1]  Insup Lee,et al.  Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking , 2008, DEON.

[2]  Lynn A. Karoly,et al.  Health Insurance Portability and Accountability Act of 1996 (HIPAA) Administrative Simplification , 2010, Practice Management Consultant.

[3]  Annie I. Antón,et al.  Analyzing Regulatory Rules for Privacy and Security Requirements , 2008, IEEE Transactions on Software Engineering.

[4]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[5]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[6]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[7]  U. S. Code,et al.  Gramm-Leach-Bliley Act , 1999 .

[8]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[9]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[10]  Insup Lee,et al.  Privacy APIs: access control techniques to analyze and verify legal privacy policies , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[11]  Felix Klaedtke,et al.  Monitoring security policies with metric first-order temporal logic , 2010, SACMAT '10.

[12]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[13]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[14]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[15]  Deepak Garg,et al.  Logical Specification of the GLBA and HIPAA Privacy Laws (CMU-CyLab-10-007) , 2010 .

[16]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Colin Stirling,et al.  Local Model Checking for Infinite State Spaces , 1992, Theor. Comput. Sci..

[18]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[19]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[20]  Birgit Pfitzmann,et al.  A Toolkit for Managing Enterprise Privacy Policies , 2003, ESORICS.

[21]  John C. Mitchell,et al.  A Formalization of HIPAA for a Medical Messaging System , 2009, TrustBus.

[22]  Colin Stirling,et al.  Modal mu-calculi , 2007, Handbook of Modal Logic.

[23]  Lars-Åke Fredlund,et al.  A verification tool for ERLANG , 2003, International Journal on Software Tools for Technology Transfer.