Compliance with privacy legislation is a primary concern for health care institutions that are building information systems support for their business processes. This paper describes a requirements management framework that enables health information custodians (HIC) to document and track compliance with privacy legislation. A metamodel is defined for our framework to define compliance tracking links between separate User Requirements Notation models of the HIC and privacy legislation. Using examples from a case study at a major teaching hospital, we show how this framework can be used to manage change and ensure compliance when privacy legislation is amended or the business processes evolved.

-- DanielAmyot - 01 May 2007


  • See also the corresponding thesis: VirLibGhanavatiMScThesis
  • Please feel free to discuss this article directly on this page. Constructive comments are welcomed! Please sign your TWiki name.

FormForVirtualLibrary edit

Title A Requirements Management Framework for Privacy Compliance
Authors S. Ghanavati, D. Amyot, L. Peyton
Type Conference
Conference/Journal Title 10th Workshop on Requirements Engineering (WER 2007)
Publisher York University Press
Month May
Year 2007
Pages 80-91
Keywords Business Process, Compliance, DOORS, Healthcare, Legislation, PHIPA, Privacy, URN,
Topic attachments
I Attachment Action Size Date Who Comment
WER07-final.pdfpdf WER07-final.pdf manage 411 K 22 Jun 2007 - 14:34 DanielAmyot WER'07 paper
Topic revision: r2 - 22 Jun 2007, DanielAmyot
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback