The production rule framework: Developing a canonical set of software requirements for compliance with law

IHI'10 - Proceedings of the 1st ACM International Health Informatics Symposium

Volumn , Issue , 2010, Pages 629-636

  Maxwell, Jeremy C ^a,b   Antón, Annie I ^a  

^a NORTH CAROLINA STATE UNIVERSITY   (United States)

^b Allscripts Healthcare Solutions   (United States)

Author keywords

healthcare it; legal compliance; production rule modeling; requirements engineering; security; software engineering

Indexed keywords

ELECTRONIC MEDICAL RECORD; HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACTS; HEALTHCARE IT; LEGAL COMPLIANCE; NON-FUNCTIONAL REQUIREMENTS; OPEN SOURCES; PRODUCTION RULE MODELING; PRODUCTION RULES; SECURITY; SECURITY RULES; SOFTWARE ENGINEERS; SOFTWARE REQUIREMENTS; SOFTWARE SYSTEMS;

ENGINEERING; HEALTH; HEALTH CARE; HEALTH INSURANCE; INFORMATION SCIENCE; MEDICAL COMPUTING; REQUIREMENTS ENGINEERING; SOFTWARE ENGINEERING;

OPEN SYSTEMS;

EID: 78650944341     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1882992.1883092     Document Type: Conference Paper

References (30)

1. T.J.M. Bench-Capon, G.O. Robinson, T.W. Routen, M.J. Sergot, "Logic Programming for Large Scale Applications in Law: A Formalisation of Supplementary Benefit Legislation", Proc. of the 1st ACM Intl. Conf. on Artificial Intelligence and Law, Boston, 1987, pp. 190-198.
2. C. Biagioli, P. Mariani, D. Tiscornia, "Esplex: A Rule and Conceptual Model for Representing Statutes", Proc. of the 1st ACM Intl. Conf. on Artificial Intelligence and Law, Boston, 1987, pp. 240-251.
3. T.D. Breaux, "Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems", Ph.D. Dissertation, North Carolina State University, 2009.
4. T.D. Breaux, A.I. Antón, "Analyzing Regulatory Rules for Privacy and Security Requirements", IEEE Trans. on Software Engineering, 34(1), Jan.-Feb. 2008, pp. 5-20.
5. S. Ghanavati, D. Amyot, L. Peyton, "Towards a Framework for Tracking Legal Compliance in Healthcare", Proc. of the 19th Intl. Conf. on Advanced Information Systems Engineering, Trondheim, Norway, 2007, pp. 218-232.
6. S. Ghanavati, D. Amyot, L. Peyton, "Compliance Analysis Based on a Goal-Oriented Requirement Language Evaluation Methodology", Proc. of the 17th IEEE Intl. Conf. on Requirements Engineering, Atlanta, 2009, pp. 133-142.
7. W.N. Hohfeld, "Some Fundamental Legal Conceptions as Applied in Judicial Reasoning", The Yale Law Journal, 23(1), Nov. 1913, pp. 16-59.
8. B. Krebs, "ChoicePoint Breach, Exposed 13,750 Consumer Records", The Washington Post, Oct. 19, 2009, 〈http://voices. washingtonpost.com/securityfix/2009/10/choicepoint-breach-exposed-137. html〉.
9. P.E. Lam, J.C. Mitchell, S. Sundaram, "A Formalization of HIPAA for a Medical Messaging System", Proc. of the 6th International Conference on Trust, Privacy & Security in Digital Business, Linz, 2009.
10. A.K. Massey, P.N. Otto, A.I. Antón, "Prioritizing Legal Requirements", Proc. of the 2nd Intl. IEEE Workshop on Requirements Engineering and the Law, Atlanta, 2009.
11. A.K. Massey, P.N. Otto, L.J. Hayward, and A.I. Antón, "Evaluating Existing Security and Privacy Requirements for Legal Compliance", Requirements Engineering Journal, 15(1), Mar. 2010, pp. 119-137.
12. J.C. Maxwell, A.I. Antón, "Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts", Proc. of the 17th Intl. IEEE Requirements Engineering Conf., Atlanta, 2009, pp. 101-110.
13. J.C. Maxwell, A.I. Antón, "Validating Existing Requirements for Compliance with Law Using a Production Rule Model", Proc. of the 2nd Intl. IEEE Workshop on Requirements Engineering and the Law, Atlanta, 2009, pp. 1-6.
14. J.C. Maxwell, A.I. Antón, "A Refined Production Rule Model for Aiding in Regulatory Compliance", (in submission) IEEE Trans. on Software Engineering, 2010. North Carolina State University Technical Report, TR-2010-3, 2010.
15. M.J. May, C.A. Gunter, I. Lee, "Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies", 19th IEEE Computer Security Foundations Workshop, pp. 85-97, 2006.
16. G. McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
17. J. Mylopoulos, L. Chung, B. Nixon, "Representing and Using Nonfunctional Requirements: A Process-Oriented Approach", IEEE Trans. on Software Engineering, 18(6), Jun. 1992, pp. 483-497.
18. P.N. Otto, A.I. Antón, D.L. Baumer, "The Choicepoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information", IEEE Security and Privacy, 5(5), Sep.-Oct. 2007, pp. 15-23.
19. N.P. Padhy, Artificial Intelligence and Intelligent Systems, Oxford University Press, 2005.
20. M.J. Sergot, A.S. Kamble, K.K. Bajaj, "Indian Central Civil Service Pension Rules: A Case Study in Logic Programming Applied to Regulations", Proc. of the 3rd ACM Intl. Conf. on Artificial Intelligence and Law, Oxford, 1991, pp. 118-127.
21. M.J. Sergot, F. Sadri, A. Kowalski, F. Kriwaczek, P. Hammond, H.T. Cory, "The British Nationality Act as a Logic Program", Comm. of the ACM, 29(5), May 1986, pp. 370-386.
22. D.M. Sherman, "A Prolog Model of the Income Tax Act of Canada", Proc. of the 1st ACM Intl. Conf. on Artificial Intelligence and Law, Boston, 1987, pp. 127-136.
23. A. Siena, A. Perini, A. Susi, J. J. Mylopoulos, "A Meta-Model for Modelling Law-Compliant Requirements", Proc. of the 2nd Intl. Workshop on Requirements and Law, Atlanta, 2009.
24. G. Sindre, A.L. Opdahl, "Eliciting security requirements by misuse cases",, Proc. of the 37th Intl. Conf. on Technology of Object-Oriented Languages and Systems, 2000, pp. 120-131.
25. I. Sommerville, Software Engineering, Pearson Education, 2004, 7th ed.
26. L. Sterling, and E. Shapiro, The Art of Prolog: Advanced Programming Techniques, MIT Press, 1994, 2nd ed.
27. A.D. Toro, B.B. Jimenez, A.R. Cortes, M.T. Bonilla, "A Requirements Elicitation Approach Based in Templates and Patterns", Proc. of the 2nd Latin America Workshop on Requirements Engineering, Buenos Aires, 1999.
28. R.K. Yin, Case Study Research: Design and Methods, in Applied Social Research Methods Series, Vol. 5, 2003, 3rd ed.
29. J.D. Young, "Commitment Analysis to Operationalize Software Requirements from Privacy Notices," (in press) Requirements Engineering Journal, 2010.
30. J.D. Young and Annie I. Antón, "A Method for Identifying Software Requirements Based on Policy Commitments," (in press) 18th International IEEE Requirements Engineering Conference, 2010.