![Sample our Health and Social Care journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5938/TOC-Subject-Sample-2021-Health-Social-Care.jpg"})
Abstract
Developing legally compliant systems is a challenging software engineering problem, especially in systems that are governed by law, such as healthcare information systems. This challenge comes from the ambiguities and domain-specific definitions that are found in governmental rules. Therefore, there is a significant business need to automatically analyze privacy texts, extract rules and subsequently enforce them throughout the supply chain. The existing works that analyze health regulations use the U.S. Health Insurance Portability and Accountability Act as a case study. In this article, we applied the Breaux and Antón approach to the text of the Saudi Arabian healthcare privacy regulations; in Saudi Arabia, privacy is among the top dilemmas for public and private healthcare practitioners. As a result, we extracted and analyzed 2 rights, 4 obligations, 22 constraints, and 6 rules. Our analysis can assist requirements engineers, standards organizations, compliance officers and stakeholders by ensuring that their systems conform to Saudi policy. In addition, this article discusses the threats to the study validity and suggests open problems for future research.
Acknowledgements
The authors thank Dr. Samuel A. Ajila for providing his expert review of the study results.
Declaration of interest
The authors report no conflicts of interest. The authors alone are responsible for the content and writing of this article.
Notes
1iTrust is an open source electronic health records system; it is available at http://sourceforge.net/projects/itrust/.
3In semi-decidable systems, there is no effective procedure that, given sentences A and B, always correctly decides whether A logically implies B (Citation24).