Aligning Requirements with HIPAA in the iTrust System

Aaron K. Massey, Paul N. Otto, Annie I. Antón
2008 2008 16th IEEE International Requirements Engineering Conference  
We describe a case study in which we evaluated an open-source Electronic Health Record (EHR) system's requirements for compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA). Our findings suggest that legal compliance must be requirements-driven, while establishing due diligence under the law must be test-driven.
doi:10.1109/re.2008.53 dblp:conf/re/MasseyOA08 fatcat:36s6ntztgbdsterl35g5q4cyda