Automatic verification of health regulatory compliance in cloud computing

Abstract

This paper aims to develop an approach that enables cloud computing clients to verify health regulatory compliance claimed by cloud computing providers. In this approach, clients of cloud computing could check automatically how the cloud provider meets the regulatory compliance such as HIPAA legislation for their health records. Although cloud providers often furnish their services with third party certifications on meeting regulatory compliances, the client does not have any means to verify how regulatory compliances are actually achieved in a wide variety of cloud service scenarios in relation to their electronic protected health information (e-PHI). Our approach is based on three processes: (i) Mechanisms to represent health regulations in machine processable form; (ii) Collection of service specific compliance related real-time data from cloud servers; and (iii) Automatic reasoning about the compliances between the machine processable regulations and the collected data from servers.