Provable Enforcement of HIPAA-Compliant Release of Medical Records Using the History Aware Programming Language

Dependence on reliable information systems to safeguard personally identifiable information implies a need for privacy policies which guide the release and management of such information, whose mismanaged disclosure can be damaging to both the subject and the organization that releases it. Enforcing such policies requires attention to detail and care, and thus any aid that a compiler can render may be of value. We present a demonstration of compiler enforcement of privacy policy by implementation of the History Aware Programming Language (HAPL) framework. This framework allows expression of arbitrary HAPL code for actors in an actor system to be used to back a web application. This code is then checked for compliance with privacy policies described in assume-guarantee form before being assembled into a functioning application. The framework is demonstrated by implementing five use cases based on scenarios described in the Health Insurance Portability and Accountability Act (HIPAA), and the performance of the framework is tested.