Goal-Mining to Examine Health Care Privacy Policies

Privacy has recently become a prominent issue in the context of electronic electronic commerce Web sites. Increasingly, privacy policies posted on such Web sites are receiving considerable attention from the government and consumers. We have used goal-mining, the extraction of pre-requirements goals from post-requirements text artifacts, as a technique for analyzing privacy policies. The identified goals are useful for analyzing implicit internal conflicts within privacy policies and conflicts with the corresponding web sites and their manner of operation. These goals can be used to reconstruct the implicit requirements met by the privacy policies. We present the results of our analysis of 23 Internet privacy policies for companies in three health care industries: pharmaceutical, health insurance and online drugstores.

[1]  A. Antón,et al.  Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems , 2000 .

[2]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[3]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[4]  Colin Potts,et al.  ScenIC: a strategy for inquiry-driven requirements determination , 1999, Proceedings IEEE International Symposium on Requirements Engineering (Cat. No.PR00188).

[5]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[6]  Alice M. Obenchain-Leeson,et al.  Volume 6 , 1998 .

[7]  Fay Cobb Payton,et al.  Dirty laundry: privacy issues for IT professionals , 2000 .

[8]  William N. Robinson,et al.  Electronic brokering for assisted contracting of software applets , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[9]  Kurt Darr,et al.  Ethics in health services management. , 1993, Health services management.

[10]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.

[11]  Benno Geißelmann,et al.  Program Design by Informal English Descriptions , 2001 .

[12]  Paola Benassi,et al.  TRUSTe: an online privacy seal program , 1999, CACM.

[13]  B. Blanchard,et al.  Life-cycle cost and economic analysis , 1991 .

[14]  Ana I. Anton,et al.  Goal identification and refinement in the specification of software-based information systems , 1997 .

[15]  Colette Rolland,et al.  Guiding Goal Modeling Using Scenarios , 1998, IEEE Trans. Software Eng..

[16]  Annie I. Antón,et al.  The use of goals to surface requirements for evolving systems , 1998, Proceedings of the 20th International Conference on Software Engineering.

[17]  Aldo Dagnino,et al.  Deriving Goals from a Use-Case Based Requirements Specification , 2001, Requirements Engineering.

[18]  Grady Booch,et al.  Object-Oriented Design with Applications , 1990 .

[19]  Annie I. Antón,et al.  Goal Decomposition and Scenario Analysis in Business Process Reengineering , 1994, CAiSE.