Compliance with privacy legislation is a primary concern for health care institutions that are building information systems support for their business processes. This paper describes a requirements management framework that enables health information custodians (HIC) to document and track compliance with privacy legislation. A metamodel is defined for our framework to define compliance tracking links between separate User Requirements Notation models of the HIC and privacy legislation. Using examples from a case study at a major teaching hospital, we show how this framework can be used to manage change and ensure compliance when privacy legislation is amended or the business processes evolved.
Keywords: requirements management
@inproceedings{wer200707,
author = {Ghanavati, S. and Amyot, D. and Peyton, L.},
title = {A Requirements Management Framework for Privacy Compliance},
booktitle = {Anais do Workshop em Engenharia de Requisitos - Proceedings of the 10th Workshop on Requirements Engineering (WER2007)},
year = {2007},
issn = {2675-0066},
isbn = {978-1-55014-483-3},
doi = {}
}