In healthcare domain, there is a gap between healthcare systems and government regulations such as the Health Insurance Portability and Accountability Act (HIPAA). The violations of HIPAA not only may cause the disclosure of patients’ sensitive information, but also can bring about tremendous economic loss and reputation damage to healthcare providers. Taking effective measures to address this gap has become a critical requirement for all healthcare entities. However, the complexity of HIPAA regulations makes it difficult to achieve this requirement. In this paper, we propose a framework to bridge such a critical gap between healthcare systems and HIPAA regulations. Our framework supports compliance-oriented analysis to determine whether a healthcare system is complied with HIPAA regulations. We also describe our evaluation results to demonstrate the feasibility and effectiveness of our approach. Categories and Subject Descriptors K.4.1 [Computers and Society]: Public Policy Issu...