Title :
Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations
Author :
Breaux, Travis D. ; Vail, Matthew W. ; Antón, Annie I.
Author_Institution :
Dept. of Comput. Sci., North Carolina State Univ., Raleigh, NC
Abstract :
In the United States, federal and state regulations prescribe stakeholder rights and obligations that must be satisfied by the requirements for software systems. These regulations are typically wrought with ambiguities, making the process of deriving system requirements ad hoc and error prone. In highly regulated domains such as healthcare, there is a need for more comprehensive standards that can be used to assure that system requirements conform to regulations. To address this need, we expound upon a process called semantic parameterization previously used to derive rights and obligations from privacy goals. In this work, we apply the process to the privacy rule from the U.S. Health Insurance Portability and Accountability Act (HIPAA). We present our methodology for extracting and prioritizing rights and obligations from regulations and show how semantic models can be used to clarify ambiguities through focused elicitation and to balance rights with obligations. The results of our analysis can aid requirements engineers, standards organizations, compliance officers, and stakeholders in assuring systems conform to policy and satisfy requirements
Keywords :
data privacy; legislation; medical information systems; semantic networks; software standards; systems analysis; privacy rule; regulatory compliance; requirements engineering; semantic models; semantic parameterization; software systems; Computer errors; Computer science; Design engineering; Information security; Information systems; Insurance; Medical services; Privacy; Software systems; Standards organizations;
Conference_Titel :
Requirements Engineering, 14th IEEE International Conference
Conference_Location :
Minneapolis/St. Paul, MN
Print_ISBN :
978-0-7695-2555-6
