The British Nationality Act as a logic program
Communications of the ACM
A Prolog model of the income tax act of Canada
ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
Esplex: A rule and conceptual model for representing statutes
ICAIL '87 Proceedings of the 1st international conference on Artificial intelligence and law
Indian central civil service pension rules: a case study in logic programming applied to regulations
ICAIL '91 Proceedings of the 3rd international conference on Artificial intelligence and law
The art of Prolog (2nd ed.): advanced programming techniques
The art of Prolog (2nd ed.): advanced programming techniques
Representing and Using Nonfunctional Requirements: A Process-Oriented Approach
IEEE Transactions on Software Engineering - Special issue on knowledge representation and reasoning in software development
Software Engineering (7th Edition)
Software Engineering (7th Edition)
Software Security: Building Security In
Software Security: Building Security In
Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information
IEEE Security and Privacy
Analyzing Regulatory Rules for Privacy and Security Requirements
IEEE Transactions on Software Engineering
A Formalization of HIPAA for a Medical Messaging System
TrustBus '09 Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business
Developing Production Rule Models to Aid in Acquiring Requirements from Legal Texts
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology
RE '09 Proceedings of the 2009 17th IEEE International Requirements Engineering Conference, RE
Legal requirements acquisition for the specification of legally compliant information systems
Legal requirements acquisition for the specification of legally compliant information systems
Evaluating existing security and privacy requirements for legal compliance
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Towards a framework for tracking legal compliance in healthcare
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Checking Existing Requirements for Compliance with Law Using a Production Rule Model
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Prioritizing Legal Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A Meta-Model for Modelling Law-Compliant Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A Method for Identifying Software Requirements Based on Policy Commitments
RE '10 Proceedings of the 2010 18th IEEE International Requirements Engineering Conference
Commitment analysis to operationalize software requirements from privacy policies
Requirements Engineering - Special Issue on Digital privacy: theory, policies and technologies
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Hi-index | 0.01 |
The cost of noncompliance, as well as lost reputation and brand damage resulting from noncompliance, makes legal compliance critical in software systems. In this paper, we present a production rule framework that software engineers can to specify compliance requirements for software. A component of our framework is the production rule modeling methodology, which we have introduced in previous work [12, 14]. We apply the framework to check iTrust, an open source electronic medical records system, for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. We model the Security Rule using production rules and employ the model to analyze the iTrust requirements for legal compliance. Using the framework, we were able to identify 13 functional and 5 non-functional requirements that were previously overlooked using an agile driven software engineering approach. These new requirements are critical for compliance with the Security Rule.