The Community for Technology Leaders
2013 21st IEEE International Requirements Engineering Conference (RE) (2006)
Minneapolis/St. Paul, Minnesota, USA
Sept. 11, 2006 to Sept. 15, 2006
ISSN: 1090-705X
ISBN: 0-7695-2555-5
pp: 49-58
Annie I. Ant? , North Carolina State University
Matthew W. Vail , North Carolina State University
Travis D. Breaux , North Carolina State University
In the United States, federal and state regulations prescribe stakeholder rights and obligations that must be satisfied by the requirements for software systems. These regulations are typically wrought with ambiguities, making the process of deriving system requirements ad hoc and error prone. In highly regulated domains such as healthcare, there is a need for more comprehensive standards that can be used to assure that system requirements conform to regulations. To address this need, we expound upon a process called Semantic Parameterization previously used to derive rights and obligations from privacy goals. In this work, we apply the process to the Privacy Rule from the U.S. Health Insurance Portability and Accountability Act (HIPAA). We present our methodology for extracting and prioritizing rights and obligations from regulations and show how semantic models can be used to clarify ambiguities through focused elicitation and to balance rights with obligations. The results of our analysis can aid requirements engineers, standards organizations, compliance officers, and stakeholders in assuring systems conform to policy and satisfy requirements.
Annie I. Ant?, Matthew W. Vail, Travis D. Breaux, "Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations", 2013 21st IEEE International Requirements Engineering Conference (RE), vol. 00, no. , pp. 49-58, 2006, doi:10.1109/RE.2006.68
109 ms
(Ver 3.1 (10032016))