Skip to main content
SpringerLink
Log in

Automating Normative Control for Healthcare Research

  • Conference paper
  • First Online:
AI Approaches to the Complexity of Legal Systems XI-XII (AICOL 2020, AICOL 2018, XAILA 2020)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13048))

  • 789 Accesses

Abstract

There is an increasing need for norms to be embedded in technology as the widespread deployment of big data analysis applications increases. However, existing methodologies do not provide automated policy enforcement mechanisms especially for policies derived from legislation and contractual agreements. Consequently, data access is hindered and collaborations derailed due to fear data misuse and high non-compliance fees. This research aims to automate normative controls in healthcare, such as data sharing agreements, and ultimately, enforce these policies for compliant data usage and access which encourages collaboration and facilitates research outcomes while maintaining accountability. This paper outlines the PhD research questions, current approaches and preliminary results.

This work is part of the Enabling Personalized Interventions (EPI) project andis supported by NWO in the Commit2Data – Data2Person program under contract 628.011.028.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 2018 reform of eu data protection rules. https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-changes_en.pdf

  2. Anderson, A., et al.: Extensible access control markup language (XACML) version 1.0. OASIS (2003)

    Google Scholar 

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL). IBM Res. 30, 31 (2003)

    Google Scholar 

  4. Athan, T., Boley, H., Governatori, G., Palmirani, M., Paschke, A., Wyner, A.: Oasis legalruleml. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Law, pp. 3–12 (2013)

    Google Scholar 

  5. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. (TODS) 23(3), 231–285 (1998)

    Article  Google Scholar 

  6. van Binsbergen, L.T., Liu, L.C., van Doesburg, R., van Engers, T.: eFLINT: a domain-specific language for executable norm specifications. In: Proceedings of the 19th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences, pp. 124–136 (2020)

    Google Scholar 

  7. Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 187–198 (2014)

    Google Scholar 

  8. Damen, S., den Hartog, J., Zannone, N.: CollAC: collaborative access control. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 142–149. IEEE (2014)

    Google Scholar 

  9. De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Fodor, P., Montali, M., Calvanese, D., Roman, D. (eds.) RuleML+RR 2019. LNCS, vol. 11784, pp. 36–51. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31095-0_3

    Chapter  Google Scholar 

  10. Gates, C.: Access control requirements for web 2.0 security and privacy. IEEE Web 2, 12–15 (2007)

    Google Scholar 

  11. Griffo, C., Almeida, J.P.A., Guizzardi, G.: A pattern for the representation of legal relations in a legal core ontology. In: JURIX, pp. 191–194 (2016)

    Google Scholar 

  12. Hadziselimovic, E., Fatema, K., Pandit, H.J., Lewis, D.: Linked data contracts to support data protection and data ethics in the sharing of scientific data. In: SemSci@ ISWC, pp. 55–62 (2017)

    Google Scholar 

  13. Hoekstra, R., Breuker, J., Di Bello, M., Boer, A., et al.: The LKIF core ontology of basic legal concepts. LOAIT 321, 43–63 (2007)

    Google Scholar 

  14. Hu, H., Ahn, G.J., Zhao, Z., Yang, D.: Game theoretic analysis of multiparty access control in online social networks. In: Proceedings of the 19th ACM Symposium on Access Control Models and Technologies, pp. 93–102 (2014)

    Google Scholar 

  15. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., Voas, J.: Attribute-based access control. Computer 48(2), 85–88 (2015)

    Article  Google Scholar 

  16. Iannella, R., Villata, S.: ODRL information model 2.2. W3C Recommendation (2018)

    Google Scholar 

  17. Karafili, E., Lupu, E.C.: Enabling data sharing in contextual environments: policy representation and analysis. In: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies, pp. 231–238 (2017)

    Google Scholar 

  18. Leicht, J., Heisel, M.: A survey on privacy policy languages: expressiveness concerning data protection regulations. In: 2019 12th CMI Conference on Cybersecurity and Privacy (CMI), pp. 1–6. IEEE (2019)

    Google Scholar 

  19. Li, M.: DSAP: data sharing agreement privacy ontology. Ph.D. thesis (2018)

    Google Scholar 

  20. Mahmudlu, R., den Hartog, J., Zannone, N.: Data governance and transparency for collaborative systems. In: Ranise, S., Swarup, V. (eds.) DBSec 2016. LNCS, vol. 9766, pp. 199–216. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41483-6_15

    Chapter  Google Scholar 

  21. Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP-2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-28879-1_3

    Chapter  Google Scholar 

  22. Casassa Mont, M., Pearson, S., Creese, S., Goldsmith, M., Papanikolaou, N.: A Conceptual Model for Privacy Policies with Consent and Revocation Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity 2010. IAICT, vol. 352, pp. 258–270. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-20769-3_21

    Chapter  Google Scholar 

  23. Fornara, N., Colombetti, M.: Operational semantics of an extension of ODRL able to express obligations. In: Belardinelli, F., Argente, E. (eds.) EUMAS/AT -2017. LNCS (LNAI), vol. 10767, pp. 172–186. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01713-2_13

    Chapter  Google Scholar 

  24. Osborn, S.: Mandatory access control and role-based access control revisited. In: Proceedings of the Second ACM Workshop on Role-Based Access Control, pp. 31–40 (1997)

    Google Scholar 

  25. Palmirani, M., Martoni, M., Rossi, A., Bartolini, C., Robaldo, L.: Pronto: privacy ontology for legal compliance. In: Proceedings of the European Conference on e-Government, ECEG 2018, pp. 142–151 (2018)

    Google Scholar 

  26. Pellegrini, T., et al.: A genealogy and classification of rights expression languages - preliminary results. Jusletter IT, pp. 1–8 (2018)

    Google Scholar 

  27. Pellegrini, T., et al.: A genealogy and classification of rights expression languages-preliminary results. In: Data Protection/LegalTech-Proceedings of the 21st International Legal Informatics Symposium IRIS, pp. 243–250 (2018)

    Google Scholar 

  28. Rodríguez-Doncel, V., Delgado, J., Llorente, S., Rodríguez, E., Boch, L.: Overview of the mpeg-21 media contract ontology. Semant. Web 7(3), 311–332 (2016)

    Article  Google Scholar 

  29. Rodriguez-Doncel, V., Villata, S., Gómez-Pérez, A.: A dataset of rdf licenses. In: JURIX. pp. 187–188 (2014)

    Google Scholar 

  30. Rostad, L., Edsberg, O.: A study of access control requirements for healthcare systems based on audit trails from access logs. In: 2006 22nd Annual Computer Security Applications Conference (ACSAC 2006), pp. 175–186. IEEE (2006)

    Google Scholar 

  31. Sandhu, R., Munawer, Q.: How to do discretionary access control using roles. In: Proceedings of the Third ACM Workshop on Role-Based Access Control, pp. 47–54 (1998)

    Google Scholar 

  32. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  33. Shakeri, S., et al.: Modeling and matching digital data marketplace policies. In: Proceedings of the IEEE 15th International Conference on eScience, eScience 2019, pp. 570–577 (2019)

    Google Scholar 

  34. Squicciarini, A.C., Shehab, M., Wede, J.: Privacy policies for shared content in social network sites. VLDB J. 19(6), 777–796 (2010)

    Article  Google Scholar 

  35. Wilkinson, M.D., et al.: The fair guiding principles for scientific data management and stewardship. Sci. Data 3(1), 1–9 (2016)

    Article  Google Scholar 

  36. Xiao, Q., Tan, K.L.: Peer-aware collaborative access control in social networks. In: 8th International Conference on Collaborative Computing: Networking, Applications and Work sharing (CollaborateCom), pp. 30–39. IEEE (2012)

    Google Scholar 

  37. van Zanten, S.E.V., et al.: Development of the siope dipg network, registry and imaging repository: a collaborative effort to optimize research into a rare and lethal disease. J. Neuro-Oncol. 132(2), 255–266 (2017)

    Article  Google Scholar 

  38. Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal model and policy specification of usage control. ACM Trans. Inf. Syst. Secur. (TISSEC) 8(4), 351–387 (2005)

    Article  Google Scholar 

Download references

Acknowledgment

This dissertation project is supervised by Prof. Tom van Engers, Dr. L. Thomas van Binsbegen and Dr. Dannis van Vuurden. This research is part of the EPI project and is supported by NWO in the Commit2Data – Data2Person program under contract 628.011.028.

Author information

Authors and Affiliations

  1. University of Amsterdam, Science Park 904, Amsterdam, The Netherlands

    Milen G. Kebede

Authors
  1. Milen G. Kebede
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Milen G. Kebede .

Editor information

Editors and Affiliations

  1. Technical University of Madrid, Madrid, Spain

    Víctor Rodríguez-Doncel

  2. University of Bologna, Bologna, Italy

    Monica Palmirani

  3. Jagiellonian University, Krakow, Poland

    Michał Araszkiewicz

  4. La Trobe University, Melbourne, VIC, Australia

    Pompeu Casanovas

  5. University of Turin, Turin, Italy

    Ugo Pagallo

  6. University of Bologna, Bologna, Italy

    Giovanni Sartor

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kebede, M.G. (2021). Automating Normative Control for Healthcare Research. In: Rodríguez-Doncel, V., Palmirani, M., Araszkiewicz, M., Casanovas, P., Pagallo, U., Sartor, G. (eds) AI Approaches to the Complexity of Legal Systems XI-XII. AICOL AICOL XAILA 2020 2018 2020. Lecture Notes in Computer Science(), vol 13048. Springer, Cham. https://doi.org/10.1007/978-3-030-89811-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-89811-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-89810-6

  • Online ISBN: 978-3-030-89811-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation