Extracting rights and obligations from regulations: toward a tool-supported process
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Requirements model generation to support requirements elicitation: the Secure Tropos experience
Automated Software Engineering
Semantic parameterization: A process for modeling domain descriptions
ACM Transactions on Software Engineering and Methodology (TOSEM)
Automating the Generation of Semantic Annotation Tools Using a Clustering Technique
NLDB '08 Proceedings of the 13th international conference on Natural Language and Information Systems: Applications of Natural Language to Information Systems
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Supporting the Elicitation of Requirements Compliant with Regulations
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking
DEON '08 Proceedings of the 9th international conference on Deontic Logic in Computer Science
Automating the Extraction of Rights and Obligations for Regulatory Compliance
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
Checking Traces for Regulatory Conformance
Runtime Verification
Logic-Based Regulatory Conformance Checking
Innovations for Requirement Analysis. From Stakeholders' Needs to Formal Designs
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
A Requirements-based Comparison of Privacy Taxonomies
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Complying with Law for RE in the Automotive Domain
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Why Eliciting and Managing Legal Requirements Is Hard
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Comparative Analysis between Document-based and Model-based Compliance Management Approaches
RELAW '08 Proceedings of the 2008 Requirements Engineering and Law
Identifying vulnerabilities and critical requirements using criminal court proceedings
Proceedings of the 2009 ACM symposium on Applied Computing
Designing Law-Compliant Software Requirements
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Towards a framework for tracking legal compliance in healthcare
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
Prioritizing Legal Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Modeling, Analyzing and Weaving Legal Interpretations in Goal-Oriented Requirements Engineering
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
A Meta-Model for Modelling Law-Compliant Requirements
RELAW '09 Proceedings of the 2009 Second International Workshop on Requirements Engineering and Law
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
Managing multi-jurisdictional requirements in the cloud: towards a computational legal landscape
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
UCONLEGAL: a usage control model for HIPAA
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Towards HIPAA-compliant healthcare systems
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Impediments to requirements-compliance
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Regulatory requirements traceability and analysis using semi-formal specifications
REFSQ'13 Proceedings of the 19th international conference on Requirements Engineering: Foundation for Software Quality
Law and adaptivity in requirements engineering
Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems
Business process regulatory compliance management solution frameworks: a comparative evaluation
APCCM '12 Proceedings of the Eighth Asia-Pacific Conference on Conceptual Modelling - Volume 130
Hi-index | 0.00 |
In the United States, federal and state regulations prescribe stakeholder rights and obligations that must be satisfied by the requirements for software systems. These regulations are typically wrought with ambiguities, making the process of deriving system requirements ad hoc and error prone. In highly regulated domains such as healthcare, there is a need for more comprehensive standards that can be used to assure that system requirements conform to regulations. To address this need, we expound upon a process called Semantic Parameterization previously used to derive rights and obligations from privacy goals. In this work, we apply the process to the Privacy Rule from the U.S. Health Insurance Portability and Accountability Act (HIPAA). We present our methodology for extracting and prioritizing rights and obligations from regulations and show how semantic models can be used to clarify ambiguities through focused elicitation and to balance rights with obligations. The results of our analysis can aid requirements engineers, standards organizations, compliance officers, and stakeholders in assuring systems conform to policy and satisfy requirements.