Abstract
Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.
Chapter PDF
Similar content being viewed by others
Keywords
References
Government of Ontario: Personal health information protection act (2004), (Accessed March 2007) http://www.e-laws.gov.on.ca/DBLaws/Statutes/English/04p03_e.htm
ITU-T: User Requirements Notation (URN) – language requirements and framework. ITU-T Recommendation Z.150. Geneva (February 2003)
Weiss, M., Amyot, D.: Business process modeling with URN. International Journal of E-Business Research 1(3), 63–90 (2005)
Telelogic, A.B.: Doors (Accessed March 2007), http://www.telelogic.com/products/doors/doors/
Roy, J.F., Kealey, J., Amyot, D.: Towards integrated tool support for the User Requirements Notation. In: Gotzhein, R., Reed, R. (eds.) SAM 2006. LNCS, vol. 4320, pp. 198–215. Springer, Heidelberg (2006)
Government of Canada: Health information custodians in the province of Ontario exemption order (Accessed March 2007), http://canadagazette.gc.ca/partII/2005/20051214/html/sor399-e.html
European Union: Directive on privacy and electronic communication (2002) (Accessed March 2007), http://eur-lex.europa.eu/LexUriServ/site/en/oj/2002/l_201/l_20120020731 en00370047.pdf
US Dept. of Health and Human Services: Medical privacy - national standards to protect the privacy of personal health information (Accessed March 2007), http://www.hhs.gov/ocr/hipaa/
Amyot, D.: Introduction to the User Requirements Notation: learning by example. Computer Networks 42(3), 285–301 (2003)
Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Formalizing Functional Requirements in Software Engineering. Kluwer Academic, Dordrecht, USA (2000)
Yu, E.: Towards modelling and reasoning support for early-phase requirements engineering. In: RE’97. Proc. 3rd IEEE Int. Symp. on Requirements Engineering, pp. 226–235. IEEE Computer Society Press, Los Alamitos (1997)
Caetano, A., Silva, A.R., Tribolet, J.: Using roles and business objects to model and understand business processes. In: SAC 2005. LNCS, pp. 1308–1313. ACM Press, New York, USA (2005)
Staccini, P., Joubert, M., Quaranta, J.F., Fieschi, D., Fieschi, M.: Modelling healthcare processes for eliciting user requirements: a way to link a quality paradigm and clinical information system design. International Journal of Medical Informatics 64(2-3), 129–142 (2001)
Kealey, J., Kim, Y., Amyot, D., Mussbacher, G.: Integrating an Eclipse-based scenario modeling environment with a requirements management system. In: CCECE06: IEEE Canadian Conf. on Electrical and Computer Engineering, Ottawa, Canada, pp. 2432–2435. IEEE Computer Society Press, Los Alamitos (2006)
Darimont, R., Lemoine, M.: Goal-oriented analysis of regulations. In: REMO2V06: Int. Workshop on Regulations Modelling and their Verification & Validation, Luxemburg (June 2006)
He, Q., Otto, P., Antón, A.I., Jones, L.: Ensuring compliance between policies, requirements and software design: A case study. In: WIA 2006. Fourth IEEE Int. Workshop on Information Assurance, pp. 79–92. IEEE Computer Society Press, Washington, USA (2006)
Rifaut, A., Feltus, C.: Improving operational risk management systems by formalizing the Basel II regulation with goal models and the ISO/IEC 15504 approach. In: REMO2V06: Int. Workshop on Regulations Modelling and their Verification & Validation, Luxemburg (2006)
Fairfield, D.: The Ottawa Hospital data warehouse - governance and operation procedures - phase 1 research. Technical report, The Ottawa Hospital (2004)
Breaux, T.D., Vail, M.W., Antón, A.I.: Towards regulatory compliance: Extracting rights and obligations to align requirements with regulations. In: RE’06: Proc. 14th Int. Conf. on Requirements Engineering, pp. 46–55. IEEE Computer Society Press, Washington, USA (2006)
Amyot, D., Mussbacher, G., Weiss, M.: Formalizing patterns with the User Requirements Notation. In: Taibi, T. (ed.) Design Pattern Formalization Techniques, Idea Group Publishing, Hershey, USA (2007)
Webster, I., Ivanova, V., Cysneiros, L.M.: Reusable knowledge for achieving privacy: A canadian health information technologies perspective. In: WER’05: Workshop em Engenharia de Requisitos, pp. 112–122 (2005)
Antón, A.I., Earp, J.B., Reese, A.: Analyzing website privacy requirements using a privacy goal taxonomy. In: RE’02: Proc. 10th Int. Conf. on Requirements Engineering, pp. 23–31. IEEE Computer Society Press, Washington, USA (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Ghanavati, S., Amyot, D., Peyton, L. (2007). Towards a Framework for Tracking Legal Compliance in Healthcare. In: Krogstie, J., Opdahl, A., Sindre, G. (eds) Advanced Information Systems Engineering. CAiSE 2007. Lecture Notes in Computer Science, vol 4495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72988-4_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-72988-4_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72987-7
Online ISBN: 978-3-540-72988-4
eBook Packages: Computer ScienceComputer Science (R0)