Evaluating existing security and privacy requirements for legal compliance.
Saved in:
| Title: | Evaluating existing security and privacy requirements for legal compliance. |
|---|---|
| Authors: | Massey, Aaron K.1 akmassey@ncsu.edu, Otto, Paul N.1,2 paul.otto@law.duke.edu, Hayward, Lauren J.1 ljhaywar@ncsu.edu, Antón, Annie I.1 aianton@ncsu.edu |
| Source: | Requirements Engineering. Mar2010, Vol. 15 Issue 1, p119-137. 19p. 4 Diagrams, 6 Charts. |
| Subjects: | Computer security laws, Computer engineers, Medical records, Right of privacy, Electronic records |
| Abstract: | Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying legally compliant requirements is challenging because legal texts are complex and ambiguous by nature. In this paper, we discuss our evaluation of the requirements for iTrust, an open-source Electronic Health Records system, for compliance with legal requirements governing security and privacy in the healthcare domain. We begin with an overview of the method we developed, using existing requirements engineering techniques, and then summarize our experiences in applying our method to the iTrust system. We illustrate some of the challenges that practitioners face when specifying requirements for a system that must comply with law and close with a discussion of needed future research focusing on security and privacy requirements. [ABSTRACT FROM AUTHOR] |
| Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 48147954 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Evaluating existing security and privacy requirements for legal compliance. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Massey%2C+Aaron+K%2E%22">Massey, Aaron K.</searchLink><relatesTo>1</relatesTo><i> akmassey@ncsu.edu</i><br /><searchLink fieldCode="AR" term="%22Otto%2C+Paul+N%2E%22">Otto, Paul N.</searchLink><relatesTo>1,2</relatesTo><i> paul.otto@law.duke.edu</i><br /><searchLink fieldCode="AR" term="%22Hayward%2C+Lauren+J%2E%22">Hayward, Lauren J.</searchLink><relatesTo>1</relatesTo><i> ljhaywar@ncsu.edu</i><br /><searchLink fieldCode="AR" term="%22Antón%2C+Annie+I%2E%22">Antón, Annie I.</searchLink><relatesTo>1</relatesTo><i> aianton@ncsu.edu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Requirements+Engineering%22">Requirements Engineering</searchLink>. Mar2010, Vol. 15 Issue 1, p119-137. 19p. 4 Diagrams, 6 Charts. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Computer+security+laws%22">Computer security laws</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+engineers%22">Computer engineers</searchLink><br /><searchLink fieldCode="DE" term="%22Medical+records%22">Medical records</searchLink><br /><searchLink fieldCode="DE" term="%22Right+of+privacy%22">Right of privacy</searchLink><br /><searchLink fieldCode="DE" term="%22Electronic+records%22">Electronic records</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Governments enact laws and regulations to safeguard the security and privacy of their citizens. In response, requirements engineers must specify compliant system requirements to satisfy applicable legal security and privacy obligations. Specifying legally compliant requirements is challenging because legal texts are complex and ambiguous by nature. In this paper, we discuss our evaluation of the requirements for iTrust, an open-source Electronic Health Records system, for compliance with legal requirements governing security and privacy in the healthcare domain. We begin with an overview of the method we developed, using existing requirements engineering techniques, and then summarize our experiences in applying our method to the iTrust system. We illustrate some of the challenges that practitioners face when specifying requirements for a system that must comply with law and close with a discussion of needed future research focusing on security and privacy requirements. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Requirements Engineering is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=48147954 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s00766-009-0089-5 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 19 StartPage: 119 Subjects: – SubjectFull: Computer security laws Type: general – SubjectFull: Computer engineers Type: general – SubjectFull: Medical records Type: general – SubjectFull: Right of privacy Type: general – SubjectFull: Electronic records Type: general Titles: – TitleFull: Evaluating existing security and privacy requirements for legal compliance. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Massey, Aaron K. – PersonEntity: Name: NameFull: Otto, Paul N. – PersonEntity: Name: NameFull: Hayward, Lauren J. – PersonEntity: Name: NameFull: Antón, Annie I. IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 03 Text: Mar2010 Type: published Y: 2010 Identifiers: – Type: issn-print Value: 09473602 Numbering: – Type: volume Value: 15 – Type: issue Value: 1 Titles: – TitleFull: Requirements Engineering Type: main |
| ResultId | 1 |