A Requirements Management Framework for Privacy Compliance
نویسندگان
چکیده
Compliance with privacy legislation is a primary concern for health care institutions that are building information systems support for their business processes. This paper describes a requirements management framework that enables health information custodians (HIC) to document and track compliance with privacy legislation. A metamodel is defined for our framework to define compliance tracking links between separate User Requirements Notation models of the HIC and privacy legislation. Using examples from a case study at a major teaching hospital, we show how this framework can be used to manage change and ensure compliance when privacy legislation is amended or the business processes evolved.
منابع مشابه
Information Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملMapping 'Security Safeguard' Requirements in a data privacy legislation to an international privacy framework: A compliance methodology
It is commonplace for organisations to collect personal information to be processed and stored on their systems. Until recently, there was no comprehensive legislation that addressed the ‘processing’ of personal information by organisations in South Africa. The Protection of Personal Information Bill (“POPI”) was signed into law in November 2013 and is expected to come into effect, later this y...
متن کاملOntological Semantics for Data Privacy Compliance: The NEURONA Project
This paper describes the analysis of the requirements and the knowledge acquisition process for the development of a legal ontology for the representation of data protection knowledge in the framework of the NEURONA project. This modular ontology is used in the NEURONA application to reason about the correctness of the measures of protection applied to these data files by an organization. In th...
متن کاملUsing a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation
Extending Requirements Engineering modelling and formal analysis methodologies to cope with Security Requirements has been a major effort in the past decade. Yet, only few works describe complex case studies that show the ability of the informal and formal approaches to cope with the level complexity required by compliance with ISO-17799 security management requirements. In this paper we presen...
متن کامل