Skip to main content
SpringerLink
Log in

Modelling Metrics for Transparency in Medical Systems

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10442))

Included in the following conference series:

Abstract

Transparency, a principle advocated by the General Data Protection Regulation, is usually defined in terms of properties such as availability, auditability and accountability and for this reason it is not straightforwardly measurable. In requirement engineering, measuring a quality is usually implemented by defining a set of metrics for its composing properties, but conventional approaches offer little help to achieve this task for transparency. We therefore review requirements for availability, auditability and accountability and, with the help of a meta-model used to describe non-functional properties, we discuss and advance a set of metrics for them. What emerges from this study is a better justified and comprehensive tool which we apply to measure the level of transparency in medical data-sharing systems.

D. Spagnuelo—Supported by FNR/AFR project 7842804 TYPAMED.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). See in particular Article 5.1(a).

  2. 2.

    Ibid., Art. 9.

  3. 3.

    Definition extracted from the Merriam-Webster Dictionary.

  4. 4.

    Reachability was originally presented as availability in [19]. Here it has been renamed to avoid confusion with the transparency sub-property availability.

  5. 5.

    The interpretation adopted here also seems to be the one followed by ISO/TS 18308:2004. See in particular Sect. 5.4.6 [9].

  6. 6.

    Definition extracted from the Merriam-Webster Dictionary.

  7. 7.

    Regulation (EU) 679/2016, Article 99.2.

References

  1. Alhadad, N., Serrano-Alvarado, P., Busnel, Y., Lamarre, P.: Trust evaluation of a system for an activity. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2013. LNCS, vol. 8058, pp. 24–36. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40343-9_3

    Chapter  Google Scholar 

  2. Baudry, B., Nebut, C., Le Traon, Y.: Model-driven engineering for requirements analysis. In: Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference, pp. 459–466. IEEE (2007)

    Google Scholar 

  3. Beizer, B.: Black-box Testing: Techniques for Functional Testing of Software and Systems. Wiley, Hoboken (1995)

    Google Scholar 

  4. Cruzes, D.S., Jaatun, M.G.: Cloud provider transparency: a view from cloud customers. In: 5th International Conference on Cloud Computing and Services Science, pp. 30–39 (2015)

    Google Scholar 

  5. Denger, C., Berry, D.M., Kamsties, E.: Higher quality requirements specifications through natural language patterns. In: Proceedings of the IEEE International Conference on Software: Science, Technology and Engineering, pp. 80–90. IEEE (2003)

    Google Scholar 

  6. Fernández-Gago, C., Nuñez, D.: Metrics for accountability in the cloud. In: Felici, M., Fernández-Gago, C. (eds.) A4Cloud 2014. LNCS, vol. 8937, pp. 129–153. Springer, Cham (2015). doi:10.1007/978-3-319-17199-9_6

    Google Scholar 

  7. Flores, A.E., Vergara, V.M.: Functionalities of open electronic health records system: a follow-up study. In: 6th International Conference on Biomedical Engineering and Informatics, pp. 602–607. IEEE (2013)

    Google Scholar 

  8. Hildebrandt, M.: Defining profiling: a new type of knowledge? In: Hildebrandt, M., Gutwirth, S. (eds.) Profiling the European Citizen, pp. 17–45. Springer, Dordrecht (2008). doi:10.1007/978-1-4020-6914-7_2

    Chapter  Google Scholar 

  9. International Organization for Standardization: ISO/TS 18308: 2004 Health informatics - Requirements for an electronic health record architecture (2004)

    Google Scholar 

  10. King, J.T., Smith, B., Williams, L.: Modifying without a trace: general audit guidelines are inadequate for open-source electronic health record audit mechanisms. In: Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium, pp. 305–314. ACM (2012)

    Google Scholar 

  11. Marshall, G.: RFC 3881 - Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications. Request for comments, Internet Engineering Task Force (IETF) (2004)

    Google Scholar 

  12. Meis, R., Heisel, M.: Computer-aided identification and validation of intervenability requirements. Information 8(1), 30 (2017)

    Article  Google Scholar 

  13. Mohammadi, N.G., Heisel, M.: A framework for systematic analysis and modeling of trustworthiness requirements using i* and BPMN. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds.) TrustBus 2016. LNCS, vol. 9830, pp. 3–18. Springer, Cham (2016). doi:10.1007/978-3-319-44341-6_1

    Chapter  Google Scholar 

  14. Myers, G.J., Sandler, C., Badgett, T.: The Art of Software Testing. Wiley, Hoboken (2011)

    Google Scholar 

  15. Pavlidis, M., Mouratidis, H., Kalloniatis, C., Islam, S., Gritzalis, S.: Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2013. LNCS, vol. 8058, pp. 185–198. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40343-9_16

    Chapter  Google Scholar 

  16. Schwab, K., Marcus, A., Oyola, J.O., Hoffman, W., Luzi, M.: Personal data: the emergence of a new asset class (2011). https://www.weforum.org/reports/personal-data-emergence-new-asset-class. Accessed Apr 2017

  17. Schwartz, P.M.: Property, privacy, and personal data. Harvard Law Review 117(7), 2056–2128 (2004)

    Article  Google Scholar 

  18. Smith, B.: Systematizing security test case planning using functional requirements phrases. In: Proceedings of the 33rd International Conference on Software Engineering, pp. 1136–1137. ACM (2011)

    Google Scholar 

  19. Spagnuelo, D., Bartolini, C., Lenzini, G.: Metrics for transparency. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2016. LNCS, vol. 9963, pp. 3–18. Springer, Cham (2016). doi:10.1007/978-3-319-47072-6_1

    Chapter  Google Scholar 

  20. Spagnuelo, D., Lenzini, G.: Transparent medical data systems. J. Med. Syst. 41(1), 8 (2016)

    Article  Google Scholar 

  21. Steinberg, D., Budinsky, F., Paternostro, M., Merks, E.: EMF: Eclipse, 2nd edn. Addison-Wesley, Boston (2009)

    Google Scholar 

  22. Tong, Y., Sun, J., Chow, S.S., Li, P.: Cloud-assisted mobile-access of health data with privacy and auditability. IEEE J. Biomed. Health Inform. 18(2), 419–429 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Centre for Security Reliability and Trust (SnT), University of Luxembourg, Luxembourg, Luxembourg

    Dayana Spagnuelo, Cesare Bartolini & Gabriele Lenzini

Authors
  1. Dayana Spagnuelo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cesare Bartolini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gabriele Lenzini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dayana Spagnuelo .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Spagnuelo, D., Bartolini, C., Lenzini, G. (2017). Modelling Metrics for Transparency in Medical Systems. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64483-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation