A model-integrated authoring environment for privacy policies

Privacy policies are rules designed to ensure that individuals’ health data are properly protected. Health Information Systems (HIS) are legally required to adhere to these policies. Since privacy policies are imposed on complex software systems, it is extremely hard to reason about their conformance and consistency. In order to address this problem, we have created a model-driven authoring environment to formally specify privacy policies originally defined in legal terms. In our observation, appropriate formalization of our policy language enabled formal analysis of its policies; these features were key to a successful model-driven engineering process. In this paper we present our modeling language and show its semantic anchoring to analyzable logic programs. We report on several projects where our approach is being applied and validated.