Abstract
Transparency, a principle advocated by the General Data Protection Regulation, is usually defined in terms of properties such as availability, auditability and accountability and for this reason it is not straightforwardly measurable. In requirement engineering, measuring a quality is usually implemented by defining a set of metrics for its composing properties, but conventional approaches offer little help to achieve this task for transparency. We therefore review requirements for availability, auditability and accountability and, with the help of a meta-model used to describe non-functional properties, we discuss and advance a set of metrics for them. What emerges from this study is a better justified and comprehensive tool which we apply to measure the level of transparency in medical data-sharing systems.
D. Spagnuelo—Supported by FNR/AFR project 7842804 TYPAMED.
Notes
- 1.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). See in particular Article 5.1(a).
- 2.
Ibid., Art. 9.
- 3.
Definition extracted from the Merriam-Webster Dictionary.
- 4.
Reachability was originally presented as availability in [19]. Here it has been renamed to avoid confusion with the transparency sub-property availability.
- 5.
The interpretation adopted here also seems to be the one followed by ISO/TS 18308:2004. See in particular Sect. 5.4.6 [9].
- 6.
Definition extracted from the Merriam-Webster Dictionary.
- 7.
Regulation (EU) 679/2016, Article 99.2.
References
Alhadad, N., Serrano-Alvarado, P., Busnel, Y., Lamarre, P.: Trust evaluation of a system for an activity. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2013. LNCS, vol. 8058, pp. 24–36. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40343-9_3
Baudry, B., Nebut, C., Le Traon, Y.: Model-driven engineering for requirements analysis. In: Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference, pp. 459–466. IEEE (2007)
Beizer, B.: Black-box Testing: Techniques for Functional Testing of Software and Systems. Wiley, Hoboken (1995)
Cruzes, D.S., Jaatun, M.G.: Cloud provider transparency: a view from cloud customers. In: 5th International Conference on Cloud Computing and Services Science, pp. 30–39 (2015)
Denger, C., Berry, D.M., Kamsties, E.: Higher quality requirements specifications through natural language patterns. In: Proceedings of the IEEE International Conference on Software: Science, Technology and Engineering, pp. 80–90. IEEE (2003)
Fernández-Gago, C., Nuñez, D.: Metrics for accountability in the cloud. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 129–153. Springer, Cham (2015). doi:10.1007/978-3-319-17199-9_6
Flores, A.E., Vergara, V.M.: Functionalities of open electronic health records system: a follow-up study. In: 6th International Conference on Biomedical Engineering and Informatics, pp. 602–607. IEEE (2013)
Hildebrandt, M.: Defining profiling: a new type of knowledge? In: Hildebrandt, M., Gutwirth, S. (eds.) Profiling the European Citizen, pp. 17–45. Springer, Dordrecht (2008). doi:10.1007/978-1-4020-6914-7_2
International Organization for Standardization: ISO/TS 18308: 2004 Health informatics - Requirements for an electronic health record architecture (2004)
King, J.T., Smith, B., Williams, L.: Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pp. 305–314. ACM (2012)
Marshall, G.: RFC 3881 - Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications. Request for comments, Internet Engineering Task Force (IETF) (2004)
Meis, R., Heisel, M.: Computer-aided identification and validation of intervenability requirements. Information 8(1), 30 (2017)
Mohammadi, N.G., Heisel, M.: A framework for systematic analysis and modeling of trustworthiness requirements using i* and BPMN. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds.) TrustBus 2016. LNCS, vol. 9830, pp. 3–18. Springer, Cham (2016). doi:10.1007/978-3-319-44341-6_1
Myers, G.J., Sandler, C., Badgett, T.: The Art of Software Testing. Wiley, Hoboken (2011)
Pavlidis, M., Mouratidis, H., Kalloniatis, C., Islam, S., Gritzalis, S.: Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2013. LNCS, vol. 8058, pp. 185–198. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40343-9_16
Schwab, K., Marcus, A., Oyola, J.O., Hoffman, W., Luzi, M.: Personal data: the emergence of a new asset class (2011). https://www.weforum.org/reports/personal-data-emergence-new-asset-class. Accessed Apr 2017
Schwartz, P.M.: Property, privacy, and personal data. Harvard Law Review 117(7), 2056–2128 (2004)
Smith, B.: Systematizing security test case planning using functional requirements phrases. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 1136–1137. ACM (2011)
Spagnuelo, D., Bartolini, C., Lenzini, G.: Metrics for transparency. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2016. LNCS, vol. 9963, pp. 3–18. Springer, Cham (2016). doi:10.1007/978-3-319-47072-6_1
Spagnuelo, D., Lenzini, G.: Transparent medical data systems. J. Med. Syst. 41(1), 8 (2016)
Steinberg, D., Budinsky, F., Paternostro, M., Merks, E.: EMF: Eclipse, 2nd edn. Addison-Wesley, Boston (2009)
Tong, Y., Sun, J., Chow, S.S., Li, P.: Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2), 419–429 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Spagnuelo, D., Bartolini, C., Lenzini, G. (2017). Modelling Metrics for Transparency in Medical Systems. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-64483-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64482-0
Online ISBN: 978-3-319-64483-7
eBook Packages: Computer ScienceComputer Science (R0)