Towards Norm Classification: An Initial Analysis of HIPAA Breaches

Vedarsh Shah; Zedong Peng; Ganesh Malla; Nan Niu

doi:10.1109/REW53955.2021.00074

Towards Norm Classification: An Initial Analysis of HIPAA Breaches

Vedarsh Shah
, Zedong Peng
, Ganesh Malla
, Nan Niu

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Regulatory policies, like the US Health Insurance Portability and Accountability Act (HIPAA), impose the social norms mediated by software-intensive systems. Breaches, modeled as norm violations, can help elicit security and privacy requirements to prevent future system failures. This paper reports our initial analysis of 38 HIPAA breaches with the objective of classifying them into the different norm types: commitments, authorizations, or prohibitions. The results show only limited distinguishing power of textual features, and reveal the fundamental interchangeability of commitments and prohibitions.

Original language	English
Title of host publication	Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021
Editors	Tao Yue, Mehdi Mirakhorli
Publisher	IEEE Computer Society
Pages	415-420
Number of pages	6
ISBN (Electronic)	9781665418980
DOIs	https://doi.org/10.1109/REW53955.2021.00074
State	Published - Sep 2021
Event	29th IEEE International Requirements Engineering Conference Workshops, REW 2021 - Virtual, Notre Dame, United States Duration: Sep 20 2021 → Sep 24 2021

Publication series

Name	Proceedings of the IEEE International Conference on Requirements Engineering
Volume	2021-September
ISSN (Print)	1090-705X
ISSN (Electronic)	2332-6441

Conference

Conference	29th IEEE International Requirements Engineering Conference Workshops, REW 2021
Country/Territory	United States
City	Virtual, Notre Dame
Period	09/20/21 → 09/24/21

Keywords

security and privacy breaches
social norms

Access to Document

10.1109/REW53955.2021.00074

Cite this

Shah, V., Peng, Z., Malla, G., & Niu, N. (2021). Towards Norm Classification: An Initial Analysis of HIPAA Breaches. In T. Yue, & M. Mirakhorli (Eds.), Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021 (pp. 415-420). (Proceedings of the IEEE International Conference on Requirements Engineering; Vol. 2021-September). IEEE Computer Society. https://doi.org/10.1109/REW53955.2021.00074

Shah, Vedarsh ; Peng, Zedong ; Malla, Ganesh et al. / Towards Norm Classification : An Initial Analysis of HIPAA Breaches. Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. editor / Tao Yue ; Mehdi Mirakhorli. IEEE Computer Society, 2021. pp. 415-420 (Proceedings of the IEEE International Conference on Requirements Engineering).

@inproceedings{daa8d0f1fa0148819244219673238daf,

title = "Towards Norm Classification: An Initial Analysis of HIPAA Breaches",

abstract = "Regulatory policies, like the US Health Insurance Portability and Accountability Act (HIPAA), impose the social norms mediated by software-intensive systems. Breaches, modeled as norm violations, can help elicit security and privacy requirements to prevent future system failures. This paper reports our initial analysis of 38 HIPAA breaches with the objective of classifying them into the different norm types: commitments, authorizations, or prohibitions. The results show only limited distinguishing power of textual features, and reveal the fundamental interchangeability of commitments and prohibitions.",

keywords = "security and privacy breaches, social norms",

author = "Vedarsh Shah and Zedong Peng and Ganesh Malla and Nan Niu",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 29th IEEE International Requirements Engineering Conference Workshops, REW 2021 ; Conference date: 20-09-2021 Through 24-09-2021",

year = "2021",

month = sep,

doi = "10.1109/REW53955.2021.00074",

language = "English",

series = "Proceedings of the IEEE International Conference on Requirements Engineering",

publisher = "IEEE Computer Society",

pages = "415--420",

editor = "Tao Yue and Mehdi Mirakhorli",

booktitle = "Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021",

}

Shah, V, Peng, Z, Malla, G & Niu, N 2021, Towards Norm Classification: An Initial Analysis of HIPAA Breaches. in T Yue & M Mirakhorli (eds), Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. Proceedings of the IEEE International Conference on Requirements Engineering, vol. 2021-September, IEEE Computer Society, pp. 415-420, 29th IEEE International Requirements Engineering Conference Workshops, REW 2021, Virtual, Notre Dame, United States, 09/20/21. https://doi.org/10.1109/REW53955.2021.00074

Towards Norm Classification: An Initial Analysis of HIPAA Breaches. / Shah, Vedarsh; Peng, Zedong; Malla, Ganesh et al.
Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. ed. / Tao Yue; Mehdi Mirakhorli. IEEE Computer Society, 2021. p. 415-420 (Proceedings of the IEEE International Conference on Requirements Engineering; Vol. 2021-September).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Towards Norm Classification

T2 - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021

AU - Shah, Vedarsh

AU - Peng, Zedong

AU - Malla, Ganesh

AU - Niu, Nan

PY - 2021/9

Y1 - 2021/9

N2 - Regulatory policies, like the US Health Insurance Portability and Accountability Act (HIPAA), impose the social norms mediated by software-intensive systems. Breaches, modeled as norm violations, can help elicit security and privacy requirements to prevent future system failures. This paper reports our initial analysis of 38 HIPAA breaches with the objective of classifying them into the different norm types: commitments, authorizations, or prohibitions. The results show only limited distinguishing power of textual features, and reveal the fundamental interchangeability of commitments and prohibitions.

AB - Regulatory policies, like the US Health Insurance Portability and Accountability Act (HIPAA), impose the social norms mediated by software-intensive systems. Breaches, modeled as norm violations, can help elicit security and privacy requirements to prevent future system failures. This paper reports our initial analysis of 38 HIPAA breaches with the objective of classifying them into the different norm types: commitments, authorizations, or prohibitions. The results show only limited distinguishing power of textual features, and reveal the fundamental interchangeability of commitments and prohibitions.

KW - security and privacy breaches

KW - social norms

UR - https://www.scopus.com/pages/publications/85118461174

U2 - 10.1109/REW53955.2021.00074

DO - 10.1109/REW53955.2021.00074

M3 - Conference contribution

AN - SCOPUS:85118461174

T3 - Proceedings of the IEEE International Conference on Requirements Engineering

SP - 415

EP - 420

BT - Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021

A2 - Yue, Tao

A2 - Mirakhorli, Mehdi

PB - IEEE Computer Society

Y2 - 20 September 2021 through 24 September 2021

ER -

Shah V, Peng Z, Malla G, Niu N. Towards Norm Classification: An Initial Analysis of HIPAA Breaches. In Yue T, Mirakhorli M, editors, Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. IEEE Computer Society. 2021. p. 415-420. (Proceedings of the IEEE International Conference on Requirements Engineering). doi: 10.1109/REW53955.2021.00074

Towards Norm Classification: An Initial Analysis of HIPAA Breaches

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this