@inproceedings{BA05c,
 author = {Travis D. Breaux and Annie I. Anton},
 affiliation = {North Carolina State University},
 title = {Mining Rule Semantics to Understand Legislative Compliance},
 booktitle = {WPES'05: Proceedings of the 2005 ACM Workshop on Privacy in Electronic Society},
 year = {2005},
 pages = {51--54},
 month = {November},
 publisher = {ACM Press},
 location = {Alexandria, VA, USA},
 address = {New York, NY, USA},
 abstract = {Privacy legislation in the United States is distributed throughout separate documents that empower different federal authorities to regulate industry. Federal authorities in turn develop corresponding regulations intended to ensure that organizations satisfy legislative objectives. Organizations in regulated industries (e.g. healthcare and financial institutions) face significant challenges when developing policies and systems that are properly aligned with relevant privacy regulations. We analyze privacy regulations derived from the Health Insurance Portability and Accountability Act (HIPAA) that affect information sharing practices and consumer privacy in healthcare systems. Our analysis shows specific natural language semantics that formally characterize rights, obligations, and the meaningful relationships between them required to build value into systems. Furthermore, we evaluate semantics for rules and constraints necessary to develop machine-enforceable policies that bridge between laws, policies, practices, and system requirements. We believe the results of our analysis will benefit legislators, regulators and policy and system developers by focusing their attention on natural language policy semantics that are implementable in software systems.},
 keywords = {policy, regulations, legislation, healthcare, semantic models},
}