Requirements elicitation for secure and interoperable cross-border health data exchange: the KONFIDO study

【Author】 Natsiavas, Pantelis; Kakalou, Christine; Votis, Konstantinos; Tzovaras, Dimitrios; Maglaveras, Nicos; Koutkias, Vassilis

【Source】IET SOFTWARE

【影响因子】1.150

【Abstract】In this study, the requirements elicitation approach employed in the context of the KONFIDO project is presented. KONFIDO introduces a technical paradigm for secure and interoperable cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption and blockchains. Being a key part of the overall user requirements engineering methodology, requirements elicitation focused on producing high-level, end-user goals following a systematic procedure. First, the main business processes were identified based on the project's pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering the outcome of relevant projects and applicable best practices/standards. As a result, a set of user goals were identified and analysed in detail. Finally, a meta-analysis of the produced goals against the employed information sources was applied, highlighting the importance of standards as a guide for defining requirements, as well as the complexity concerning the interdependencies among the elaborated business processes, assets, threats, and user goals. As the deployment of the technical solution may be cloud-based, implications and challenges imposed by the adoption of cloud computing in this setting are also presented.

【Keywords】medical information systems; systems analysis; formal specification; open systems; security of data; cloud computing; cryptography; secure cross-border health data exchange; interoperable cross-border health data exchange; KONFIDO study; requirements elicitation approach; KONFIDO project; authors; requirement elicitation; end-user goals; main business processes; security risks; threats; defining requirements; elaborated business processes

【发表时间】2019 JUN

【收录时间】2022-01-02

【文献类型】

【主题类别】

--