Lead Institution: Vanderbilt University
Project Leader: Mark Frisse
Focus of the research/Market need for this project
Policies are often subject to multiple interpretations. These intermediate templates help ensure that interpretations mapped into formal systems are consistent with policy intent and context. As HIE expands nationwide, policies from different institutions often conflict with one another. Sometimes internal policies are incomplete or contradictory. Policies at the “last mile” have great impact on HIE and on enforcement cost.
Key Conclusions/Significant Findings/Milestones reached/Deliverables
During our research into template representations and the formalization paradigm, we realized that multiple interpretations and the ambiguity of policies are inherent and necessary part of the legal privacy frameworks. As the policy writers cannot foresee all future applications of the privacy framework, the framework has to be kept open for refinement and adaption for new contexts. Such adaption is the application of privacy policies designed for human workflows (such as use of PHI by provider) for data flows in information systems (HIE systems). The policy formalization process has to support such adaptation for new contexts and instead of eradicating multiple interpretations of the same policies their creation need to be supported. While this enables easier adaption of policies for a system, it still has be ensured that the policy interpretations are consistent throughout a system. These consistent interpretations must be engineered together with the system.
Materials Available for Other Investigators/interested parties
- The publication “A model-integrated authoring environment for privacy policies.” describing the framework of policy templates is available online.
Market entry strategies
PolicyForge.org is an open collaboration website that is similar to the established open source community sites such as SourceForge or GitHUB, but it is specifically tailored for policy formalization. We designed the policy formalization tool suite available on the PolicyForge.org website to enable large scale use of policy formalization. The policy formalization tool suite together with the collaboration tools provided by the platform enables the creation, curation and harmonization of policy template languages on a large scale.
PolicyForge: A Collaborative Environment for Formalizing Privacy Policies in Health Care
Andras Nadas, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, and Ann J. Olsen
Software Engineering in Health Care (SEHC), 5th International Workshop, May 2013
A Model-Integrated Authoring Environment for Privacy Policies
Andras Nadas, Tihamer Levendovszky, Ethan K. Jackson, Istvan Madari, and Janos Sztipanovits
Science of Computer Programming, January 2013
Modeling Privacy Aware Health Information Exchange Systems
Andras Nadas, Mark E. Frisse, and Janos Sztipanovits
The 1st International Workshop on Engineering EHR Solutions (WEES) at Amsterdam Privacy Conference 2012, Amsterdam, the Netherlands; October 2012