• DocumentCode
    2619926
  • Title

    Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations

  • Author

    Breaux, Travis D. ; Vail, Matthew W. ; Antón, Annie I.

  • Author_Institution
    Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC
  • fYear
    2006
  • fDate
    11-15 Sept. 2006
  • Firstpage
    49
  • Lastpage
    58
  • Abstract
    In the United States, federal and state regulations prescribe stakeholder rights and obligations that must be satisfied by the requirements for software systems. These regulations are typically wrought with ambiguities, making the process of deriving system requirements ad hoc and error prone. In highly regulated domains such as healthcare, there is a need for more comprehensive standards that can be used to assure that system requirements conform to regulations. To address this need, we expound upon a process called semantic parameterization previously used to derive rights and obligations from privacy goals. In this work, we apply the process to the privacy rule from the U.S. Health Insurance Portability and Accountability Act (HIPAA). We present our methodology for extracting and prioritizing rights and obligations from regulations and show how semantic models can be used to clarify ambiguities through focused elicitation and to balance rights with obligations. The results of our analysis can aid requirements engineers, standards organizations, compliance officers, and stakeholders in assuring systems conform to policy and satisfy requirements
  • Keywords
    data privacy; legislation; medical information systems; semantic networks; software standards; systems analysis; privacy rule; regulatory compliance; requirements engineering; semantic models; semantic parameterization; software systems; Computer errors; Computer science; Design engineering; Information security; Information systems; Insurance; Medical services; Privacy; Software systems; Standards organizations;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Requirements Engineering, 14th IEEE International Conference
  • Conference_Location
    Minneapolis/St. Paul, MN
  • ISSN
    1090-705X
  • Print_ISBN
    978-0-7695-2555-6
  • Type

    conf

  • DOI
    10.1109/RE.2006.68
  • Filename
    1704048