Abstract
There is an increasing need for norms to be embedded in technology as the widespread deployment of big data analysis applications increases. However, existing methodologies do not provide automated policy enforcement mechanisms especially for policies derived from legislation and contractual agreements. Consequently, data access is hindered and collaborations derailed due to fear data misuse and high non-compliance fees. This research aims to automate normative controls in healthcare, such as data sharing agreements, and ultimately, enforce these policies for compliant data usage and access which encourages collaboration and facilitates research outcomes while maintaining accountability. This paper outlines the PhD research questions, current approaches and preliminary results.
This work is part of the Enabling Personalized Interventions (EPI) project andis supported by NWO in the Commit2Data – Data2Person program under contract 628.011.028.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
2018 reform of eu data protection rules. https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-changes_en.pdf
Anderson, A., et al.: Extensible access control markup language (XACML) version 1.0. OASIS (2003)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL). IBM Res. 30, 31 (2003)
Athan, T., Boley, H., Governatori, G., Palmirani, M., Paschke, A., Wyner, A.: Oasis legalruleml. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Law, pp. 3–12 (2013)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. (TODS) 23(3), 231–285 (1998)
van Binsbergen, L.T., Liu, L.C., van Doesburg, R., van Engers, T.: eFLINT: a domain-specific language for executable norm specifications. In: Proceedings of the 19th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, pp. 124–136 (2020)
Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 187–198 (2014)
Damen, S., den Hartog, J., Zannone, N.: CollAC: collaborative access control. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 142–149. IEEE (2014)
De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3
Gates, C.: Access control requirements for web 2.0 security and privacy. IEEE Web 2, 12–15 (2007)
Griffo, C., Almeida, J.P.A., Guizzardi, G.: A pattern for the representation of legal relations in a legal core ontology. In: JURIX, pp. 191–194 (2016)
Hadziselimovic, E., Fatema, K., Pandit, H.J., Lewis, D.: Linked data contracts to support data protection and data ethics in the sharing of scientific data. In: SemSci@ ISWC, pp. 55–62 (2017)
Hoekstra, R., Breuker, J., Di Bello, M., Boer, A., et al.: The LKIF core ontology of basic legal concepts. LOAIT 321, 43–63 (2007)
Hu, H., Ahn, G.J., Zhao, Z., Yang, D.: Game theoretic analysis of multiparty access control in online social networks. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 93–102 (2014)
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Iannella, R., Villata, S.: ODRL information model 2.2. W3C Recommendation (2018)
Karafili, E., Lupu, E.C.: Enabling data sharing in contextual environments: policy representation and analysis. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 231–238 (2017)
Leicht, J., Heisel, M.: A survey on privacy policy languages: expressiveness concerning data protection regulations. In: 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), pp. 1–6. IEEE (2019)
Li, M.: DSAP: data sharing agreement privacy ontology. Ph.D. thesis (2018)
Mahmudlu, R., den Hartog, J., Zannone, N.: Data governance and transparency for collaborative systems. In: Ranise, S., Swarup, V. (eds.) DBSec 2016. LNCS, vol. 9766, pp. 199–216. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41483-6_15
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP-2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-28879-1_3
Casassa Mont, M., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IAICT, vol. 352, pp. 258–270. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-20769-3_21
Fornara, N., Colombetti, M.: Operational semantics of an extension of ODRL able to express obligations. In: Belardinelli, F., Argente, E. (eds.) EUMAS/AT -2017. LNCS (LNAI), vol. 10767, pp. 172–186. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01713-2_13
Osborn, S.: Mandatory access control and role-based access control revisited. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 31–40 (1997)
Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Pronto: privacy ontology for legal compliance. In: Proceedings of the European Conference on e-Government, ECEG 2018, pp. 142–151 (2018)
Pellegrini, T., et al.: A genealogy and classification of rights expression languages - preliminary results. Jusletter IT, pp. 1–8 (2018)
Pellegrini, T., et al.: A genealogy and classification of rights expression languages-preliminary results. In: Data Protection/LegalTech-Proceedings of the 21st International Legal Informatics Symposium IRIS, pp. 243–250 (2018)
Rodríguez-Doncel, V., Delgado, J., Llorente, S., Rodríguez, E., Boch, L.: Overview of the mpeg-21 media contract ontology. Semant. Web 7(3), 311–332 (2016)
Rodriguez-Doncel, V., Villata, S., Gómez-Pérez, A.: A dataset of rdf licenses. In: JURIX. pp. 187–188 (2014)
Rostad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 175–186. IEEE (2006)
Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: Proceedings of the Third ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Shakeri, S., et al.: Modeling and matching digital data marketplace policies. In: Proceedings of the IEEE 15th International Conference on eScience, eScience 2019, pp. 570–577 (2019)
Squicciarini, A.C., Shehab, M., Wede, J.: Privacy policies for shared content in social network sites. VLDB J. 19(6), 777–796 (2010)
Wilkinson, M.D., et al.: The fair guiding principles for scientific data management and stewardship. Sci. Data 3(1), 1–9 (2016)
Xiao, Q., Tan, K.L.: Peer-aware collaborative access control in social networks. In: 8th International Conference on Collaborative Computing: Networking, Applications and Work sharing (CollaborateCom), pp. 30–39. IEEE (2012)
van Zanten, S.E.V., et al.: Development of the siope dipg network, registry and imaging repository: a collaborative effort to optimize research into a rare and lethal disease. J. Neuro-Oncol. 132(2), 255–266 (2017)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. (TISSEC) 8(4), 351–387 (2005)
Acknowledgment
This dissertation project is supervised by Prof. Tom van Engers, Dr. L. Thomas van Binsbegen and Dr. Dannis van Vuurden. This research is part of the EPI project and is supported by NWO in the Commit2Data – Data2Person program under contract 628.011.028.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Kebede, M.G. (2021). Automating Normative Control for Healthcare Research. In: Rodríguez-Doncel, V., Palmirani, M., Araszkiewicz, M., Casanovas, P., Pagallo, U., Sartor, G. (eds) AI Approaches to the Complexity of Legal Systems XI-XII. AICOL AICOL XAILA 2020 2018 2020. Lecture Notes in Computer Science(), vol 13048. Springer, Cham. https://doi.org/10.1007/978-3-030-89811-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-89811-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89810-6
Online ISBN: 978-3-030-89811-3
eBook Packages: Computer ScienceComputer Science (R0)