Lead Institution: Vanderbilt University

Project Leader: Mark Frisse

Research Progress

  • Abstract
    The Privacy Policy Library contains federal, state, and institutional policies (statutes, rules/regulations, policies) represented in prose and expressed in our policy authoring environment. It also includes copies of related health information privacy policy studies, including multi-state analyses, and links to a variety of privacy policy resources. This library serves as the basis for policy modeling and authoring and can support future policy development and modeling efforts.

  • Focus of the research/Market need for this project
    We hypothesized that the creation of policies from a suite of published policies expressed in both prose and formal logic would support adoption of consistent and enforceable policies among institutions. This library can be a resource for policy authoring, for policy improvement, and for policy harmonization.

  • Project Aims/Goals
    Develop a policy library composed of federal, state, and institutional policies represented in prose and expressed in our policy authoring environment as the basis for policy modeling and authoring that can support other efforts as well as this research.

  • Key Conclusions/Significant Findings/Milestones reached/Deliverables
    Institutions (e.g., academic medical centers, hospitals, health systems, clinically integrated networks, accountable care organizations) develop policies for use and disclosure of personal health information based on review and assessment of, and experience with enforcement of, applicable federal laws, state laws, licensing requirements, and accreditation requirements. Other factors, such as the institution’s sense of the risk of variable interpretation of requirements, the institution’s overall risk adverseness, and the institution’s experience with various forms of health information exchange, may also influence its policies. If institutional policies serve as the front line gatekeepers for information exchange, greater policy consistency across institutions should facilitate appropriate exchange. State-wide, broad-based, multi-stakeholder (regulators, providers, vendors, patients, etc.) consensus on specific rules of the road required by current statutes and rules, expressed in the form of logical models, is expected to facilitate development of mutually consistent and enforceable institutional policies.


  • Materials Available for Other Investigators/interested parties
    Policy Library materials are available through They are currently provided in the following PolicyForge projects: Federal Policies, Library – State Laws, and Library – Institutional Policies. Within each project, Policy Library materials are located in two areas. Policy Text entries provide statutory and regulatory language. Some of the Policy Text entries are also annotated with ontology elements. Policy Resources provide links to policies, policy analyses, and implementation resources.

    Once users register for, they may access these “public” projects to view the library material. They may also create their own projects. In order to copy and paste library material from a public project into a new project, it’s currently necessary to request to join the public project through the project’s home page.

  • Market entry strategies is an open collaboration website that is similar to the established open source community sites such as SourceForge or GitHUB, but it is specifically tailored for policy formalization. We use the website to provide access to the Privacy Policy Library. For more information see the Market Entry Strategy for the Policy Authoring Environment.

PolicyForge: A Collaborative Environment for Formalizing Privacy Policies in Health Care
Andras Nadas, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, and Ann J. Olsen
Software Engineering in Health Care (SEHC), 5th International Workshop, May 2013