Towards a Framework for Tracking Legal Compliance in Healthcare

Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.

[1]  Annie I. Antón,et al.  Analyzing Website privacy requirements using a privacy goal taxonomy , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[2]  António Rito Silva,et al.  Using roles and business objects to model and understand business processes , 2005, SAC '05.

[3]  Daniel Amyot,et al.  Towards Integrated Tool Support for the User Requirements Notation , 2006, SAM.

[4]  Annie I. Antón,et al.  Ensuring compliance between policies, requirements and software design: a case study , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[5]  Eric S. K. Yu,et al.  Towards modelling and reasoning support for early-phase requirements engineering , 1997, Proceedings of ISRE '97: 3rd IEEE International Symposium on Requirements Engineering.

[6]  Daniel Amyot,et al.  Integrating an Eclipse-Based Scenario Modeling Environment with a Requirements Management System , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[7]  Annie I. Antón,et al.  Towards Regulatory Compliance: Extracting Rights and Obligations to Align Requirements with Regulations , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[8]  Daniel Amyot,et al.  Formalizing Patterns with the User Requirements Notation , 2007 .

[9]  Daniel Amyot,et al.  Introduction to the User Requirements Notation: learning by example , 2003, Comput. Networks.

[10]  Toufik Taibi Design Pattern Formalization Techniques , 2007 .

[11]  Pascal Staccini,et al.  Modelling health care processes for eliciting user requirements: a way to link a quality paradigm and clinical information system design , 2001, Int. J. Medical Informatics.

[12]  Christophe Feltus,et al.  Improving Operational Risk Management Systems by Formalizing the Basel II Regulation with Goal Models and the ISO/IEC 15504 Approach , 2006, ReMo2V.

[13]  Robert Darimont,et al.  Goal-oriented Analysis of Regulations , 2006, ReMo2V.

[14]  Reinhard Gotzhein,et al.  System Analysis and Modeling: Language Profiles, 5th International Workshop, SAM 2006, Kaiserslautern, Germany, May 31 - June 2, 2006, Revised Selected Papers , 2006, SAM.

[15]  Daniel Amyot,et al.  Business Process Modeling with URN , 2005, Int. J. E Bus. Res..

[16]  Luiz Marcio Cysneiros,et al.  Reusable Knowledge for Achieving Privacy: A Canadian Health Information Technologies Perspective , 2005, WER.