The role of data use agreements in specifying legally compliant software requirements

2011 4th International Workshop on Requirements Engineering and Law, RELAW 2011, Proceedings - Held in Conjunction with the 19th International Requirements Engineering Conference

Volumn , Issue , 2011, Pages 1-4

  Young Schmidt, Jessica ^a   Antón, Annie I ^a   Williams, Laurie ^a   Otto, Paul N ^a  

^a North Carolina State University   (United States)

Author keywords

commitments; contractual compliance requirements; data use agreements; HIPAA; legal compliance; privileges; requirements; rights

Indexed keywords

COMMITMENTS; CONTRACTUAL COMPLIANCE REQUIREMENTS; DATA USE AGREEMENTS; HIPAA; LEGAL COMPLIANCE; PRIVILEGES; REQUIREMENTS; RIGHTS;

DATA PRIVACY; ENGINEERING; ENGINEERS; HEALTH CARE; HEALTH INSURANCE; REQUIREMENTS ENGINEERING;

LAWS AND LEGISLATION;

EID: 80855140395     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/RELAW.2011.6050266     Document Type: Conference Paper

References (18)

1. AcademyHealth, "Model Data Use Agreement,"http://www. hsrmethods.org/PrivacyInResearch/Privacy%20Tools/Gui dance%20on%20HIPAA%20Data%20Use%20Agreements/Model%20Data%20Use%20Agreement. aspx, accessed April 15, 2011.
2. A.I. Antón, Q. He, D.L. Baumer, "Inside JetBlue's Privacy Policy Violations," IEEE Security & Privacy, 2(6), pp. 12-18, Nov./Dec. 2004.
3. B. Berenbach, Ren-Yi Lo, B. Sherman, "Contract-based Requirements Engineering," Proceedings of the 3rd International Workshop on Requirements Engineering and Law, pp. 27-33, 2010.
4. T.D. Breaux, "Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems," Ph.D. Thesis, North Carolina State University, April 2009.
5. T.D. Breaux, A.I. Antón, "Analyzing Regulatory Rules for Privacy and Security Requirements," IEEE Transactions on Software Engineering, 34(1), pp. 5-20, Jan./Feb. 2008.
6. B.G. Glaser, Theoretical Sensitivity, Sociology Press, 1978.
7. B.G. Glaser, A.L. Strauss, The Discovery of Grounded Theory, Chicago: Aldine Transaction, 1967.
8. M. Hofmann, "Federal Trade Commission Enforcement of Privacy,"in C. Wolf, Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age, New York, NY: Practising Law Institute, 2006.
9. A.K. Massey, P.N. Otto, A.I. Antón, "Prioritizing Legal Requirements," Proceedings of the 2nd International Workshop on Requirements Engineering and Law, pp.27-32, 2009.
10. A.K. Massey, P.N. Otto, L.J. Hayward, A.I. Antón, "Evaluating Existing Security and Privacy Requirements for Legal Compliance, "Requirements Engineering Journal, 15(1), pp. 119-37, 2010.
11. J.C. Maxwell, A.I. Antón, "Checking Existing Requirements for Compliance with Law Using a Production Rule Model," Proceedings of the 2nd International Workshop on Requirements Engineering and Law, pp. 1-6, 2009.
12. J.C. Maxwell, A.I. Antón, "Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts," Proceedings of the 17th IEEE Intetnational Requirements Engineering Conference, pp. 101-10, 2009.
13. National Institutes of Health, "How Can Covered Entities Use and Disclose Protected Health Information for Research and Comply with the Privacy Rule?," http://privacyruleandresearch.nih.gov/pr-08.asp, accessed May 7, 2011.
14. North Carolina Center for Health Statistics, "North Carolina Division of Public Health Data Use Agreement Limited Data Set,"http://www. schs.state.nc.us/hipaa/policies/Forms/DPH-Privacy-Data- Use-AgreementTemplate. doc, accessed April 15, 2011.
15. P.N. Otto, A.I. Antón, "Addressing Legal Requirements in Requirements Engineering," Proceedings of the 15th IEEE International Requirements Engineering Conference, pp. 5-14, 2007.
16. University of Cincinnati, "HIPAA Privacy Data Use Agreement,"http://researchcompliance.uc.edu/hipaa/DataUseAgreement.pdf, accessed April 15, 2011.
17. J.D. Young, "Commitment Analysis to Operationalize Software Requirements from Privacy Notices," Requirements Engineering Journal, 16(1), pp. 33-46, March 2011.
18. J.D. Young, A.I. Antón, "A Method for Identifying Software Requirements Based on Policy Commitments," Proceedings of the 18th IEEE International Requirements Engineering Conference, pp. 47-56, 2010.