Daniel Amyot

A Globally Optimal k-Anonymity Method for the De-Identification of Health Data

BACKGROUND Explicit patient consent requirements in privacy laws can have a negative impact on health research, leading to selection bias and reduced recruitment. Often legislative requirements to obtain consent are waived if the information collected or disclosed is de-identified. OBJECTIVE The authors developed and empirically evaluated a new globally optimal de-identification algorithm that satisfies the k-anonymity criterion and that is suitable for health datasets. DESIGN Authors compared OLA (Optimal Lattice Anonymization) empirically to three existing k-anonymity algorithms, Datafly, Samarati, and Incognito, on six public, hospital, and registry datasets for different values of k and suppression limits. Measurement Three information loss metrics were used for the comparison: precision, discernability metric, and non-uniform entropy. Each algorithms performance speed was also evaluated. RESULTS The Datafly and Samarati algorithms had higher information loss than OLA and Incognito; OLA was consistently faster than Incognito in finding the globally optimal de-identification solution. CONCLUSIONS For the de-identification of health datasets, OLA is an improvement on existing k-anonymity algorithms in terms of information loss and performance.

Introduction to the user requirements notation: learning by example

Recognizing the need for a notation that would be used in the very first and often informal stages of the development cycle, the International Telecommunication Union (ITU-T) initiated a question on a User Requirements Notation (URN), which will be standardized as the Z.150 series of Recommendations. URN supports the development, description, and analysis of requirements for telecommunications systems and services, as well as for other types of complex reactive, distributed, and dynamic systems. Through a wireless telephony example, this paper gives an overview of the core elements and typical usage of the two complementary notations comprised in URN. The Goal-oriented Requirement Language (GRL) is used to describe business goals, non-functional requirements, alternatives, and rationales, whereas Use Case Map (UCM) enables the description of functional requirements as causal scenarios. This paper also briefly explores methodology elements and the complementarity between URN and the existing ITU-T languages.

Business process management with the user requirements notation

A number of recent initiatives in both academia and industry have sought to achieve improvements in e-businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes. The User Requirements Notation (URN), recently standardized by ITU-T, has some unique features and capabilities beyond what is available in other notations that can help address alignment issues. In this paper, a URN-based framework and its supporting toolset are introduced which provide business process monitoring and performance management capabilities integrated across the BPM lifecycle. The framework extends the URN notation with Key Performance Indicators (KPIs) and other concepts to measure and align processes and goals. An example process for controlling access to a healthcare data warehouse is used to illustrate and evaluate the framework. Early results indicate the feasibility of the approach.

Towards a framework for tracking legal compliance in healthcare

Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.

Strategic business modeling: representation and reasoning

Business intelligence (BI) offers tremendous potential for business organizations to gain insights into their day-to-day operations, as well as longer term opportunities and threats. However, most of today’s BI tools are based on models that are too much data-oriented from the point of view of business decision makers. We propose an enterprise modeling approach to bridge the business-level understanding of the enterprise with its representations in databases and data warehouses. The business intelligence model (BIM) offers concepts familiar to business decision making—such as goals, strategies, processes, situations, influences, and indicators. Unlike many enterprise models which are meant to be used to derive, manage, or align with IT system implementations, BIM aims to help business users organize and make sense of the vast amounts of data about the enterprise and its external environment. In this paper, we present core BIM concepts, focusing especially on reasoning about situations, influences, and indicators. Such reasoning supports strategic analysis of business objectives in light of current enterprise data, allowing analysts to explore scenarios and find alternative strategies. We describe how goal reasoning techniques from conceptual modeling and requirements engineering have been applied to BIM. Techniques are also provided to support reasoning with indicators linked to business metrics, including cases where specifications of indicators are incomplete. Evaluation of the proposed modeling and reasoning framework includes an on-going prototype implementation, as well as case studies.

Recovering behavioral design models from execution traces

Recovering behavioral design models from execution traces is not an easy task due to the sheer size of typical traces. In this paper, we describe a novel technique for achieving this. Our approach is based on filtering traces by distinguishing the utility components from the ones that implement high-level concepts. In the paper, we first define the concept of utilities; then we present an algorithm based on fan-in analysis that can be used for the detection of utilities. To represent the high-level behavioral models, we explore the use case map (UCM) notation, which is a language used to describe and understand emergent behavior of complex and dynamic systems. Finally, we test the validity of our approach on an object-oriented system called TConfig.

Analysing the cognitive effectiveness of the BPMN 2.0 visual notation

BPMN 2.0 is an OMG standard and one of the leading process modelling notations. Although the current language specification recognises the importance of defining a visual notation carefully, it does so by relying on common sense, intuition and emulation of common practices, rather than by adopting a rigorous scientific approach. This results in a number of suboptimal language design decisions that may impede effective model-mediated communication between stakeholders. We demonstrate and illustrate this by looking at BPMN 2.0 through the lens of the Physics of Notations, a collection of evidence-based principles that together form a theory of notation design. This work can be considered a first step towards making BPMN 2.0s visual notation more cognitively effective.

Business Process Modeling with URN

This article demonstrates how the User Requirements Notation (URN) can be used to model business processes. URN combines goals and scenarios in order to help capture and reason about user requirements prior to detailed design. In terms of application areas, this emerging standard targets reactive systems in general, with a particular focus on telecommunications systems and services. This article argues that the URN also can be applied to business process modeling. To this end, it illustrates the notation, its use, and its benefits with a supply chain management case study. It then briefly compares this approach to related modeling approaches; namely, use case-driven design, service-oriented architecture analysis, and conceptual value modeling. The authors hope that a URN-based approach will provide usable and useful tools to assist researchers and practitioners with the modeling, analysis, integration, and evolution of existing and emerging business processes.

Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

In recent years, many governmental regulations have been introduced to protect the privacy of person-al information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal and scenario models of organizational processes. The intent was to help organizations document and manage the compliance of their processes in the face of evolutionary changes. In this paper, we extend our framework by incorporating regulation scenario models and by adding the notion of contribution link level to the compliance link types. These extensions result in a frame-work that is more aligned to the needs of an organization when it must evaluate and ensure the legal compliance of its organizational processes.

An evaluation of scenario notations and construction approaches for telecommunication systems development

The elicitation, modeling and analysis of requirements have consistently been one of the main challenges during the development of complex systems. Telecommunication systems belong to this category of systems due to the worldwide distribution and the heterogeneity of todays telecommunication networks. Scenarios and use cases have become popular for capturing and analyzing requirements. However, little research has been done that compares different approaches and assesses their suitability for the telecommunications domain. This paper defines evaluation criteria and then reviews fifteen scenario notations. In addition, twenty-six approaches for the construction of design models from scenarios are briefly compared.