Liam Peyton

Business process management with the user requirements notation

A number of recent initiatives in both academia and industry have sought to achieve improvements in e-businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes. The User Requirements Notation (URN), recently standardized by ITU-T, has some unique features and capabilities beyond what is available in other notations that can help address alignment issues. In this paper, a URN-based framework and its supporting toolset are introduced which provide business process monitoring and performance management capabilities integrated across the BPM lifecycle. The framework extends the URN notation with Key Performance Indicators (KPIs) and other concepts to measure and align processes and goals. An example process for controlling access to a healthcare data warehouse is used to illustrate and evaluate the framework. Early results indicate the feasibility of the approach.

Towards a framework for tracking legal compliance in healthcare

Hospitals strive to improve the quality of the healthcare they provide. To achieve this, they require access to health data. These data are sensitive since they contain personal information. Governments have legislation to ensure that privacy is respected and hospitals must comply with it. Unfortunately, most of the procedures meant to control access to health information remain paper-based, making it difficult to trace. In this paper, we introduce a framework based on the User Requirements Notation that models the business processes of a hospital and links them with legislation such as the Ontario Personal Health Information Privacy Act (PHIPA). We analyze different types of links, their functionality, and usefulness in complying with privacy law. This framework will help health information custodians track compliance and indicate how their business processes can be improved.

Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology

In recent years, many governmental regulations have been introduced to protect the privacy of person-al information. As a result, organizations must take a systematic approach to ensure that their business processes comply with these regulations. In the past, we introduced a requirements framework that mapped regulations documents and goals to goal and scenario models of organizational processes. The intent was to help organizations document and manage the compliance of their processes in the face of evolutionary changes. In this paper, we extend our framework by incorporating regulation scenario models and by adding the notion of contribution link level to the compliance link types. These extensions result in a frame-work that is more aligned to the needs of an organization when it must evaluate and ensure the legal compliance of its organizational processes.

A systematic review of goal-oriented requirements management frameworks for business process compliance

Legal compliance has been an active topic in Software Engineering and Information Systems for many years. However, business analysts and others recently started exploiting Requirements Engineering techniques, and in particular goal-oriented approaches, to model and reason about legal documents in system design and business process management. Many contributions involve extracting legal requirements, providing law-compliant business processes, as well as managing and maintaining compliance. In this paper, we report on a systematic literature review focusing on goal-oriented legal compliance of business processes. 88 papers were selected out of nearly 800 unique papers extracted from five search engines, with manual additions from the Requirements Engineering Journal and four relevant conferences. We grouped these papers in eight categories based on a set of criteria and then highlight their main contributions. We found that the main areas for contributions have been in extracting legal requirements, modeling them with goal modeling languages, and integrating them with business processes. We identify gaps and opportunities for future work in areas related to prioritization to improve compliance, templates for generating law-compliant processes, general links between legal requirements, goal models, and business processes, and semi-automation of legal compliance and analysis.

A secure protocol for protecting the identity of providers when disclosing data for disease surveillance

Background Providers have been reluctant to disclose patient data for public-health purposes. Even if patient privacy is ensured, the desire to protect provider confidentiality has been an important driver of this reluctance. Methods Six requirements for a surveillance protocol were defined that satisfy the confidentiality needs of providers and ensure utility to public health. The authors developed a secure multi-party computation protocol using the Paillier cryptosystem to allow the disclosure of stratified case counts and denominators to meet these requirements. The authors evaluated the protocol in a simulated environment on its computation performance and ability to detect disease outbreak clusters. Results Theoretical and empirical assessments demonstrate that all requirements are met by the protocol. A system implementing the protocol scales linearly in terms of computation time as the number of providers is increased. The absolute time to perform the computations was 12.5 s for data from 3000 practices. This is acceptable performance, given that the reporting would normally be done at 24 h intervals. The accuracy of detection disease outbreak cluster was unchanged compared with a non-secure distributed surveillance protocol, with an F-score higher than 0.92 for outbreaks involving 500 or more cases. Conclusion The protocol and associated software provide a practical method for providers to disclose patient data for sentinel, syndromic or other indicator-based surveillance while protecting patient privacy and the identity of individual providers.

Interoperable support for collaborative, mobile, and accessible health care

E-Health systems, through their use of Internet and wireless technologies, offer the possibility of near real-time data integration to support the delivery and management of health care. In practice, the wide range of choice in technologies, vendors, protocols, formats, and information representations can make even simple exchanges of information between systems problematic. Much of the focus on healthcare interoperability has been on resolving interoperability issues of system to system information exchanges. But issues around people to people interactions and people to system interactions are just as important to address from an interoperability point of view. In this paper, we identify interoperability deficiencies in collaborative care delivery and develop a methodology in two parts. In the first part, an ontology is developed to represent collaborative care delivery. In the second part, the ontology is used to design an architecture for interoperable clinical information system design. We then use a case study in palliative care to provide a proof of concept of the methodology. The case study provides an inventory of the interoperability requirements for palliative care and a perspective on the design and implementation of a people oriented clinical information system that supports collaborative health care delivery in palliative care.

Toward an Integrated User Requirements Notation Framework and Tool forBusiness Process Management

A number of recent initiatives in both academia and industry have sought to achieve improvements in e- businesses through the utilization of Business Process Management (BPM) methodologies and tools. However there are still some inadequacies that need to be addressed when it comes to achieving alignment between business goals and business processes. The User Requirements Notation (URN) has some unique features and capabilities beyond what is available in other notations that can help address alignment issues. In this paper, a URN-based framework and its supporting toolset are introduced which provide business process monitoring and performance management capabilities integrated across the BPM lifecycle. The framework extends the URN notation with Key Performance Indicators (KPI) and other concepts to measure, and align processes and goals. A healthcare case study is used to illustrate and evaluate the framework. Early results indicate the feasibility of the approach.

eHealth system interoperability

Healthcare systems around the world are in rapid transition, moving from traditional, paper-based practices to computerized processes and systems based approaches to service delivery. The term eHealth is widely used to refer to the use of information technology systems in health care. eHealth is trending upwards, in many different ways: (a) increased expectation for improved system outcomes, (b) increased funding, (c) recognition by patients, providers and funders that it offers solutions to healthcare problems. In 2009, the American (US) Recovery and Reinvestment Act set aside

Framework testing of web applications using TTCN-3

36.3 billions to help hospitals and physicians to computerize patient medical records by 2015. The European Union and Canada also have programs with similar incentives and goals. While organizations are busy deploying eHealth information systems to better manage the quality and the delivery of health care services, from scheduling, billing, and health care records to the control of life-critical devices and clinical decision support, they face challenges that have to do with the overall complexity of healthcare, access to skills, and lack of interoperability among healthcare information systems. It is not surprising that existing eHealth systems are built in “silos” (functional, organizational, technical) and lack the ability to interact effectively. Lack of interoperability poses a serious risk to be able to connect through the use of technology the “continuum of care”. Achieving eHealth interoperability is difficult because of the inherent information complexity of the health care domain. Challenges include technical issues as well as socio-political and legal problems. Enabling the electronic flow of digitized healthcare information has implications for both clinical and administrative processes as well as privacy and confidentiality. If these challenges can be overcome, the potential benefits to be gained from healthcare interoperability are enormous. It has been estimated that creating a national standardized system of health information exchange in the United States would yield a net benefit of over

Addressing Privacy in a Federated Identity Management Network for EHealth

75 Billion per year (Walker et al. 2005). That estimate does not take into account the benefits that could accrue from improved clinical care. But we need to remember that neither financial nor clinical benefits will materialize if we do not pay attention to other factors including the design of work processes and team communications (Pirnejad et al. 2008). The motivation for this special issue was to invite contributions that touch on the various facets of the healthcare interoperability problem: people, processes, and technology. This special issue is intended for researchers and practitioners in the domain of health care information systems, including academics in health information science, computer science, software engineering, management and technology policy, as well as the rapidly growing group of IT workers and managers in the health care industry. The papers in this issue promote eHealth system interoperability as an important current frontier in information system research and practice and discuss a range of open challenges, potential solutions and experiences with current http://www.som.buffalo.edu/isinterface/ISFrontiers/