Modelling Metrics for Transparency in Medical Systems

Transparency, a principle advocated by the General Data Protection Regulation, is usually defined in terms of properties such as availability, auditability and accountability and for this reason it is not straightforwardly measurable. In requirement engineering, measuring a quality is usually implemented by defining a set of metrics for its composing properties, but conventional approaches offer little help to achieve this task for transparency. We therefore review requirements for availability, auditability and accountability and, with the help of a meta-model used to describe non-functional properties, we discuss and advance a set of metrics for them. What emerges from this study is a better justified and comprehensive tool which we apply to measure the level of transparency in medical data-sharing systems.

[1]  Boris Beizer,et al.  Black Box Testing: Techniques for Functional Testing of Software and Systems , 1996, IEEE Software.

[2]  Maritta Heisel,et al.  A Framework for Systematic Analysis and Modeling of Trustworthiness Requirements Using i* and BPMN , 2016, TrustBus.

[3]  Glen Marshall Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications , 2004, RFC.

[4]  Gabriele Lenzini,et al.  Transparent Medical Data Systems , 2016, Journal of Medical Systems.

[5]  Alejandro Enrique Flores,et al.  Functionalities of open electronic health records system: A follow-up study , 2013, 2013 6th International Conference on Biomedical Engineering and Informatics.

[6]  Paul M. Schwartz,et al.  Property, Privacy, and Personal Data , 2004 .

[7]  Mireille Hildebrandt,et al.  Defining Profiling: A New Type of Knowledge? , 2008, Profiling the European Citizen.

[8]  Ben Smith Systematizing security test case planning using functional requirements phrases , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[9]  Clémentine Nebut,et al.  Model-Driven Engineering for Requirements Analysis , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[10]  M. Carmen Fernández Gago,et al.  Metrics for Accountability in the Cloud , 2014, A4Cloud.

[11]  Martin Gilje Jaatun,et al.  Cloud Provider Transparency - A View from Cloud Customers , 2015, CLOSER.

[12]  Haralambos Mouratidis,et al.  Trustworthy Selection of Cloud Providers Based on Security and Privacy Requirements: Justifying Trust Assumptions , 2013, TrustBus.

[13]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[14]  Pan Li,et al.  Cloud-Assisted Mobile-Access of Health Data With Privacy and Auditability , 2014, IEEE Journal of Biomedical and Health Informatics.

[15]  Erik Kamsties,et al.  Higher quality requirements specifications through natural language patterns , 2003, Proceedings 2003 Symposium on Security and Privacy.

[16]  Laurie A. Williams,et al.  Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms , 2012, IHI '12.

[17]  Maritta Heisel,et al.  Computer-Aided Identification and Validation of Intervenability Requirements , 2017, Inf..

[18]  Philippe Lamarre,et al.  Trust Evaluation of a System for an Activity , 2013, TrustBus.

[19]  Gabriele Lenzini,et al.  Metrics for Transparency , 2016, DPM/QASA@ESORICS.