@techreport{BA06,
 author = {Travis D. Breaux and Annie I. Anton},
 affiliation = {North Carolina State University},
 title = {Acquiring Software Compliance Artifacts from Policies and Regulations},
 year = {2006},
 month = {September},
 institution = {Department of Computer Science, North Carolina State University},
 number = {TR-2006-27},
 address = {Raleigh, NC, USA},
 abstract = {Policies and government regulations impose restrictions on information practices in healthcare and finance. These restrictions govern the use and disclosure of information that spans organizations and their business practices. To comply with policies and the law, organizations must demonstrate that they have verifiable procedures in-place to implement these restrictions. To this end, we present techniques that software engineers can use to systematically acquire software artifacts from natural language policies and regulations based on our in-depth analysis of the U.S. Health Insurance Portability and Accountability Act  (HIPAA). The techniques apply semantic primitives to regulatory statements to express class structures using the Z notation. From these structures, software engineers distinguish between necessary and discretionary software requirements and acquire the following software artifacts: specifications for transactions including interfaces between software and business processes; data schemas and data maintenance requirements; and event-based test cases for ensuring that systems comply with policies and regulations.},
 }