Upload
amber-grant
View
213
Download
0
Embed Size (px)
Citation preview
Towards a Framework for Tracking Legal
Compliance in Healthcare
Sepideh Ghanavati, Daniel Amyot, and Liam Peyton
CAiSE’07, Trondheim
Towards a Framework for Tracking Legal Compliance in Healthcare
Presentation Overview
• Problem– Complexity of documenting and managing compliance as legislation
or business processes change.• Target audience
– (Privacy) compliance managers, auditors, lawyers, business process modellers, requirements engineers…
• Contributions– Requirements-oriented framework to model legislative compliance for
business processes– A meta-model (based on URN) that provides a set of compliance
links– A systematic method for tracking and managing compliance as
legislation or business processes evolve– Enhancements to existing modelling and traceability tools to support
and validate these contributions– Healthcare case study involving an Ontario hospital and privacy law
Towards a Framework for Tracking Legal Compliance in Healthcare
Motivation
• Compliance with different regulations is of primary concern for any organization when defining its business processes.– $30B compliance business in 2007 [AMR Research, Feb’07]
• Many organizations, especially in healthcare, use a document-based method to track compliance.
• Document-based methods require much effort to document compliance and manage change, and yet they are usually incomplete.
• Model-based approaches have much potential for change management but are often separated from their source documents, which provide the final authority.
Towards a Framework for Tracking Legal Compliance in Healthcare
Three Wishes…
• A framework that can model organizational policies, procedures and legislative documents in the same notation
• Support for useful links:– within views of a model (goals and processes)– between two models (organization and legislation)– between models and legislation and other documents
• A way to manage the evolution of any part (legislation, business processes, etc.) in order to assess the global impact and ensure compliance in the new context
Towards a Framework for Tracking Legal Compliance in Healthcare
Related Work
• Not all wishes are granted in existing frameworks!
• Darimont et al. use KAOS to model regulations with goals– No real traceability between processes and legal model
• Rifaut et al. apply goal-based models for the compliance of financial systems to Basel II regulations– Does not really provide any kind of traceability
• He et al. use ReCAPS to ensure policy- and requirements-compliant systems. – Does not include business processes
• Breaux et al. use semantic parameterization to extract rights and obligations from the HIPAA privacy rules.– No links to organization policies and procedures
Towards a Framework for Tracking Legal Compliance in Healthcare
Compliance Management Framework
• Modelling with the User Requirements Notation (URN)• URN is being standardized by ITU-T (Z.150) and combines:
– Goal-oriented Requirement Language (GRL)• Subset of i* syntax + NFR Framework evaluations
– Use Case Map (UCM) scenarios• URN connects goals (why) and business processes (W4)
Towards a Framework for Tracking Legal Compliance in Healthcare
Compliance Management Framework
• Provides a set of links to connect the policy and procedure documents of an organization to legislation documents
• Other links/models provide little return on investment
GRL- Softgoals, Goals, Tasks and Actors
UCM- Business Processes
Law and Legislation Documents
Policies and Procedure Documents
GRL- Softgoals, Goals, Tasks and Actors
1- Traceability Link2- C
ompliance Link
3- Responsibility
Link
Legislation Model
Sou
rce
Link Source Link Source Link
Responsibility Link
Organization Model
Towards a Framework for Tracking Legal Compliance in Healthcare
Example of GRL Model for a Law
Legislation Document
- A hospital shall not use the personal information of an individual unless- a) it has the individual’s consent and -b) the information is necessary for a lawful purpose. …
Legislation Document
sou
rcesou
rce GRL Model
Prevent from Unauthorized
Use
Have Legal Purpose
Have Individual Consent
Hospital
Towards a Framework for Tracking Legal Compliance in Healthcare
Example of URN Model for an Organization
Prevent from Unauthorized
Use
Have Username
and PasswordHave Individual
Consent
Limit Use to Authorized
User
Hospital
resp
Softgoal
Goal
Task
Actor
Responsibility
Componentresp
Completeness issues and inconsistencies could be
detected during modelling…
Towards a Framework for Tracking Legal Compliance in Healthcare
URN Modelling with jUCMNavUCM View GRL View
Scenarios and Strategies
Properties
Towards a Framework for Tracking Legal Compliance in Healthcare
Traceability with Telelogic DOORS
Folder
Formal Module
Link Module
Project
Link Indicator
Object Heading
“Changed this session”change-bar, unsaved (red)
“Changed since baseline”change-bar, saved (yellow)
“No change since baseline”change-bar (green) Object Text
Suspect Link
Towards a Framework for Tracking Legal Compliance in Healthcare
Evaluation of Link Types
Links
Criteria
Traceability Link Compliance Link Responsibility Link
Granularity Softgoals, Goals, Tasks &
Actors Legislative Text
Responsibilities, Components (Actors), Maps (Operational
Processes)
Functionality Handle Traceability of
Non-Functional Requirements and Tasks
Handle Exceptions and Constraints
Handle Traceability of Business Processes
Quantity of Manual Links
Many Small Small
Precision Precise Very Precise Very Precise
Difficulty Moderate Difficult Moderate
Importance of Completeness
Very Important Not Important Very Important
Towards a Framework for Tracking Legal Compliance in Healthcare
Framework Metamodel
• Metamodel extended to define links between URN models and between each URN model and its source document in the requirements management system (e.g. DOORS)
• Helps identify which elements of the legislation model are connected to elements of the organization model.
• Helps determine which links need to be created manually and which ones can be inferred automatically.
Towards a Framework for Tracking Legal Compliance in Healthcare
Framework Metamodel (DOORS View)Organization Metamodel
Law Metamodel
Organization Model
IntentionalElement
IntentionalElementRef
GRLdiagram
Responsibility
Actor
ActorRef RespRef
Component
ComponentRef
UCMmap
Stub
ref
refines
resp
ref ref ref
boundToboundTo
refinesrefines
resp
resp
1..* 1..*
0..* 0..*
0..*0..*
0..* 0..*
Association
0..*
0..*
0..*
0..*
0..*
0..*
refines
refines
0..*
0..*
PoliciyProcedureDocument1..*
sou
rce
0..1
0..10..*0..*
Legislation Model
IntentionalElement
IntentionalElementRef
GRLdiagram
Actor
ActorRef
ref ref
boundTo
refines
1..*
0..*
0..*
Association
refines
refines
0..*
0..*
Clause Definition
LawDocument
1..*
0..*
1..* 1..*
source
0..*
source0..*
0..1
traces
complies resp
Link legendManual-jUCMNavManual-DOORSAutomated-jUCMNavManual andautomated-DOORS
Towards a Framework for Tracking Legal Compliance in Healthcare
Auto-Completion Mechanism
• Responsibility and compliance links (via DXL scripts), e.g.:
Organization-Actor Legislation-Actor Legislation-Definitiontraces sources
complies
automated
Organization-Intentional Element
Legislation-Intentional Element
Legislation-Clausetraces sources
complies
automated
Towards a Framework for Tracking Legal Compliance in Healthcare
Healthcare Case Study
• Policies and procedures for accessing a healthcare data warehouse in a major teaching hospital in Ontario, Canada– Focus on researchers as main information users
• Compliance to privacy legislation
• PHIPA: Personal Health Information Privacy Act (Ontario)– Aims to protect privacy and confidentiality of personal health
information while facilitating the healthcare provision.– Set of rules for the collection, use and disclosure of
personal health information.– 75 sections, amended five times since 2004.
Towards a Framework for Tracking Legal Compliance in Healthcare
Case Study – PHIPA Compliance at Ontario Hospital
GRL Model of PHIPA
Satisfy PrivacyRegulations
ProtectConfidentiality
Prevent Unautho-rized Disclosure
Ask for ComplianceAgreement
Check Research
Plan
Check Adequate
Safeguards
Check Ethical Issues
HIC
And
And
Ask for REB
Approval
REB Committee
Limit Disclosureof Data
Satisfy PrivacyRegulations
Satisfy PrivacyRegulations
ProtectConfidentiality
ProtectConfidentiality
Prevent Unautho-rized Disclosure
Prevent Unautho-rized Disclosure
Ask for ComplianceAgreement
Ask for ComplianceAgreement
Check Research
Plan
Check Research
Plan
Check Adequate
Safeguards
Check Adequate
Safeguards
Check Ethical Issues
Check Ethical Issues
HIC
And
And
Ask for REB
Approval
Ask for REB
Approval
REB Committee
Limit Disclosureof Data
Limit Disclosureof Data
GRL Model of Hospital
Protect Privacy andConfidentiality of
Hospital Data
Protect Privacy andConfidentiality of
Hospital Data
PreventUnauthorized Use
and Disclosure
PreventUnauthorized Use
and Disclosure
EnsureAccountabilityof Data User
EnsureAccountabilityof Data User
Check Ethical Issues
Check Ethical Issues
Get to An Agreement
with Data User
Get to An Agreement
with Data User
Check Request
Form
Check Request
Form
Check with Privacy and Confidentiality
Legislations
Check with Privacy and Confidentiality
Legislations
Check Users
Safeguards
Check Users
Safeguards
DW Administrator
REB
Privacy Officer
Hospital Document HIC Policy Document
- All requests for data from data warehouse will be evaluated based on technical feasibility, data availability, resource availability and REB approval for research.
-Policy 2…
PHIPA Document
PHIPA Document-HIC: Person or organization who has custody of PHI.- A HIC may disclose PHI to a researcher if he/she,
(a) submits:(i) an application,(ii) a research plan, (iii) a copy of REB approval
(b) enters into the agreement…
sour
ce
sour
ce
sour
ce
resp
resp
traces
complies
UCM Model of Hospital
X
X
X
X V
[GiveUp]
Reject
requestForPHI
Accept getToAnAgreement
reviewRequest
getRejectionamendDocuments
[NewRequest]
Researcher Hospitalresp
resp
Discrepencies could be detected during modelling…
Towards a Framework for Tracking Legal Compliance in Healthcare
Evolution of (Privacy) Legislation
• Different scenarios by which legislation documents can be amended:
– Addition of a New Clause• The clause refers to an existing actor, softgoal, goal or
task• It introduces a new actor, softgoal, goal or task
– Modify a Clause with Links
– Delete a Clause with Links
– Modify a Clause without Links
Towards a Framework for Tracking Legal Compliance in Healthcare
Example:Amendment to PHIPA
(addition of a new clause)
PHIPA Document-HIC: Person or organization who has custody
of PHI.
-A research plan must be in writing and set out, a) the affiliation of each person involved in the
researchb) the nature and objectives of the research
c) Information as to how and when the PHI will be disposed of or returned to the HIC.
d) A description of the reasonably foreseeableharms and benefits that may arise from
the use of the PHI
Add a New Clause
source
PHIPA Model
Add a New Task
in1 getTheForm filloutTheForm
submitREBDocuments
submitApplicationreceiveDocuments out
Researcher Hospital
respresp
Impact on GRL
Impact on UCM
Impact on GRL
Set Rules for Disclosure
Set Rules for Disclosure
Satisfy Privacy Regulation
Satisfy Privacy Regulation
Prevent Unauthorized Disclosure
Prevent Unauthorized Disclosure
Ask for Compliance Agreement
Ask for Compliance Agreement
Ask for REB
Approval
Ask for REB
Approval
Ask for Research
Plan
Ask for Research
Plan
Check Nature and Objective
Check Nature and Objective
Check Affilliation of
People Involved
Check Affilliation of
People Involved
Protect Confidentiality
Protect Confidentiality
And
And
HIC
Protect Privacy andConfidentiality of
Hospital Data
Protect Privacy andConfidentiality of
Hospital Data
Check Ethical Issues
Check Ethical Issues
Reach An Agreement with Data
User
Reach An Agreement with Data
User
Review User’s Technical
Competency
Review User’s Technical
Competency
DW Administrator
REB
Privacy Officer
Check Requested Data Type
Check Requested Data Type
Hospital Model
Audit Safeguards
Audit Safeguards
Check Research
Plan
Check Research
Plan
Check Users
Safeguards
Check Users
Safeguards
complies
Check Disposal Method
Check Disposal Method
Prevent Unauthorized Use
and Disclosure
Prevent Unauthorized Use
and Disclosure
Ensure Securityof Data
Ensure Securityof Data
Ensure Accountabilityof Data User
Ensure Accountabilityof Data User
Towards a Framework for Tracking Legal Compliance in Healthcare
Managing Evolving Business Processes or Policies
• A policy or business process can evolve in 3 ways:
– Modification of an existing process or policy• The existing process or policy has links to its GRL model
and to the legislation GRL model• The existing process or policy does not have links to its
GRL model or legislation GRL model
– Addition of a new process or policy element
– Removal of a process or policy elements
Towards a Framework for Tracking Legal Compliance in Healthcare
Example – Hospital Business Process Changed
(modification of a UCM responsibility)
Towards a Framework for Tracking Legal Compliance in Healthcare
Preliminary Analysis of the Framework• Compliance Management Framework requires less effort for
documenting compliance and managing evolution.
– More than compensates for modelling effort required
• Also provides best coverage and overall comprehensibility.
Document-based
Model-basedFull Compliance
Framework
No Model and No Link
Models but No Link
Models, Documents and Links
Modeling Zero High High
Documenting Compliance
Highest High Low
Managing Evolution
Highest High Low
Modeling Complete Almost Complete Complete
Documenting Compliance
Almost Zero Incomplete Complete
Managing Evolution
Almost Zero Low Almost Complete
Low High High
Effort
Coverage
Comprehensibility
Definition
Towards a Framework for Tracking Legal Compliance in Healthcare
Conclusions
• Tool-supported, URN-oriented framework to help document and maintain compliance between business processes and laws– New inter-model and inter-document links– Less effort and better coverage than other approaches when
responding to change
• Some evaluation and validation done via a healthcare case study, with promising results so far
• S. Ghanavati’s thesis contains more examples and analysis results
Towards a Framework for Tracking Legal Compliance in Healthcare
Issues and Future Work
• Incomplete and expensive guidelines for creating URN models – Need to model more situations– Need to reduce the effort to model
• Explore existing goal mining/extraction techniques– Involve lawyers (legislation model) validation and rules
• Limited case study (1 process, 1 law)– Need more laws, business processes, and domains
• Can a legislation GRL model be reused across organizations?• What if we have conflicting legal requirements?
– Usability study and scalability evaluation– More quantitative measure of effort to model and exploit the links
• Just how much do automated links help?• Ontology-based automatic linking?
• Need more independent assessment to avoid bias