| Cloud computing services such as infrastructure, platform, and software have become popular among different industries because of location independency, pay-per-use feature, scalability, and flexibility. As a result, cloud technology can be used to support cost-effective, scalable, and well-managed healthcare information systems. In cloud environment, multi-tenancy occurs when a single instance of a software, platform or infrastructure serves multiple tenants at the same time. Multi-tenancy makes the computing system more efficient and multi-tenant services can scale easily. However, multi-tenancy introduces privacy and security issues related to personal health information (PHI). In this thesis, we designed three ontological models: Role Based Access Control (RBAC) ontology, healthcare ontology and Health Cloud Role Based Access Control (HCRBAC) ontology and then applied Health Insurance Portability and Accountability Act (HIPAA) requirements on the models to generate HIPAA-compliant access control policies. We used Semantic Web Rule Language (SWRL) to represent access control policies as rules, and we verified the rules with an OWL-DL reasoner for checking ontological consistency and enforceability of SWRL rules. Additionally, we implemented HIPAA requirements through access control policies in a cloud-based simulated healthcare environment. More specifically, we implemented access control policy specification and enforcement for cloud based healthcare information systems using an open source cloud platform, OpenStack. The access control policies ensure HIPAA compliance in simulated multi-tenant Software as a Service (SaaS) environment. |
