Alberto Siena. GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off,

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

The HIPAA Privacy Rule And Its Impact On Agents And Employers National Association of Health Underwriters Capitol Conference March 23, 2003 Joseph T. Holahan,
HIPAA AWARENESS TRAINING
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Health Insurance Portability and Accountability Act.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
Implementing and Auditing Ethics Programs
© ESTRELLA, IST A quick ‘n easy intro to LKIF Core Rinke Hoekstra.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.
HIPAA PRIVACY AND SECURITY AWARENESS.
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
EMS Law Chapter 16. Copyright © 2007 Thomson Delmar Learning Objectives Identify the tools that a state health agency responsible for emergency medical.
2012 Audits of Covered Entity Compliance with HIPAA Privacy, Security and Breach Notification Rules Initial Analysis February 2013.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Eliza de Guzman HTM 520 Health Information Exchange.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Unit 9 Seminar Business Organizations. Things to do this unit: UNIT 9 – Read Chapter 13 and 14 – Respond to the Discussion Board – Attend the Weekly Seminar.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
 2001 John Mylopoulos STRAW’ Software Architectures as Social Structures John Mylopoulos University of Toronto First ICSE Workshop titled “From.
Basic Concepts and Definitions
HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.
Page 1 | Confidential and Proprietary Information Responding to Suspected Illegal Acts Robert Franchini New York, March 2013.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Human Subjects Update E. Wethington, Chair, UCHS.
The Law Offices of Sheila Deselich Cohen. Generally subject to the Employee Retirement Income Security Act of 1974 (“ERISA”). Two main types of plans:
WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
Legally Well: Avoiding Legal Issues with Your Wellness Plans Sarah E. Pawlicki, Esq., SPHR Eastman & Smith Ltd.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Health Insurance Portability and Accountability Act of 1996
Enforcement, Business Associates and Breach Notification. Oh my!
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Privacy Notice - Requirements
Introduction to GDPR 09/11/2018.
Disability Services Agencies Briefing On HIPAA
Drew Hunt Network Security Analyst Valley Medical Center
Detecting Conflicts of Interest
Strategies to Comply with the HPAA Privacy Rule Before the HIPAA Security and Enforcement Rules are Final Presented by: Steven S. Lazarus, PhD, FHIMSS.
Access Control What’s New?
Presentation transcript:

Alberto Siena

GORE focuses on stakeholders and their goals Effective in specifying requirements that satisfy some properties (e.g., cost/benefit trade-off, risk, security, …) and match stakeholders needs

New laws, increased pervasiveness of IS Laws are increasingly source of requirements However law prescriptions are NOT stakeholders goals Stakeholders want goals, whereas law prescriptions are imposed to stakeholders Law prescriptions can contraddict goals

The act adhering to, and demonstrating adherence to, a standard or regulation (wikipedia) Recovery-time Requirements-time Run-time Can be proved here Exists here Is conceived here (adhering to) (demonstrating adherence to) Compliance

Phase of the system (-to-be) Compliance characteristicsCompliance type Requirements- time Distribution of responsibilities, such that, if every actor fulfils its goals, then the compliance is ensured Intentional compliance Run-timeRun-time set of actions and processes that actually represent the legal condition for compliance Actual compliance Recovery-timeProved compliance or set of recovery actions that restore the run-time compliance after a violation has been detected Strong compliance

Framework for systematically go from law prescriptions to requirements. Nomos = A language + a method + a set of properties (e.g., intentional compliance) It allows to Reason about how requirements are generated (select among alternatives) Check properties of requirements models wrt. laws

Properties concern the interaction between goals and laws Needed: languages for modeling The models of G and L must be consistent with each other! Requirements (G): i*Laws (L): Nomos

Hohfelds taxonomy of legal concepts (1913) Milestone in juridical literature Rights are the core concepts Rights are entitlement (not) to perform certain actions or be in certain states, or entitlements that others (not) perform certain actions or be in certain states W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), 1913.

8 fundamental rights: Privilege, Claim, No-claim, Duty, Power, Liability, Immunity, Disability Opposites and correlatives

A legal text can be subdivided into smaller legal statements, called Normative Propositions (NP) Each NP carries the atomic piece of information about a single right NP =,,, A hard formalization is given by Sartor Maps rights to deontic operators

Health Insurance Portability and Accountability Act (HIPAA), art. § (a): A CE may not use or disclose PHI NP = (CE, Individual, claim, Dont disclose PHI)

HIPAA, art. § : (a) A CE may not use or disclose PHI, except as permitted or required by this subpart [...] (1) A covered entity is permitted to use or disclose PHI [...] (i) To the individual; […] (2) A CE is required to disclose PHI: (i) To an individual, when requested [...]; and (ii) When required by the Secretary.

To deal with: conditions, exceptions, etc., that exist in law texts Relative approach rather than absolute approach

Building block for aggregate (intentional) compliance Uses the realization relation between goal and NP Changes according to the nature of the right

Many compliance alternatives Many compliance preferences Many compliance degrees Many compliance alternatives Many compliance preferences Many compliance degrees

1. Bind domain stakeholders with subjects addressed by law 2. Identify legal alternatives 3. Select the normative proposition to realize 4. Identify potential realizations of normative propositions 5. Identify legal risks 6. Identify proof artifacts 7. Constrain delegation of goals to other actors

Traceability Documentability Legal risk identifiability Protected across organizational interactions (delegations)

W. N. Hohfeld. Fundamental Legal Conceptions as Applied in Judicial Reasoning. Yale Law Journal 23(1), Giovanni Sartor. Fundamental legal concepts: A formal and teleological characterisation. Articial Intelligence and Law, 14(1-2):101–142, April Alberto Siena, John Mylopoulos, Anna Perini, and Angelo Susi. The Nomos framework: Modelling requirements compliant with laws. Technical Report TR-0209-SMSP, FBK – Irst, SMSP.pdf, SMSP.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.