{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T04:35:06Z","timestamp":1771043706763,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2009,11,13]],"date-time":"2009-11-13T00:00:00Z","timestamp":1258070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Requirements Eng"],"published-print":{"date-parts":[[2010,3]]},"DOI":"10.1007\/s00766-009-0089-5","type":"journal-article","created":{"date-parts":[[2009,11,12]],"date-time":"2009-11-12T01:37:19Z","timestamp":1257989839000},"page":"119-137","source":"Crossref","is-referenced-by-count":55,"title":["Evaluating existing security and privacy requirements for legal compliance"],"prefix":"10.1007","volume":"15","author":[{"given":"Aaron K.","family":"Massey","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul N.","family":"Otto","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lauren J.","family":"Hayward","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Annie I.","family":"Ant\u00f3n","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2009,11,13]]},"reference":[{"issue":"1","key":"89_CR1","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1007\/s10916-006-7405-0","volume":"30","author":"YB Choi","year":"2006","unstructured":"Choi YB, Capitan KE, Krause JS, Streeper MM (2006) Challenges associated with privacy in health care industry: implementation of HIPAA and the security rules. J Med Syst 30(1):57\u201364","journal-title":"J Med Syst"},{"issue":"1","key":"89_CR2","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1056\/NEJMsa0802005","volume":"359","author":"CM DesRoches","year":"2008","unstructured":"DesRoches CM, Campbell EG, Rao SR, Donelan K, Ferris TG, Jha A, Kaushal R, Levy DE, Rosenbaum S, Shields AE, Blumenthal D (2008) Electronic health records in ambulatory care\u2014a national survey of physicians. N Engl J Med 359(1):50\u201360","journal-title":"N Engl J Med"},{"key":"89_CR3","unstructured":"Williams L, Shin Y (2006) WIP: exploring security and privacy concepts through the development and testing of the iTrust medical records system. Front Educ S1F30\u201331"},{"key":"89_CR4","doi-asserted-by":"crossref","unstructured":"Otto PN, Ant\u00f3n AI (2007) Addressing legal requirements in requirements engineering. In: Proceedings of the 15th IEEE international requirements engineering conference, pp 5\u201314","DOI":"10.1109\/RE.2007.65"},{"key":"89_CR5","unstructured":"Ant\u00f3n AI, Earp JB (2001) In: Ghosh AK (ed) Recent advances in E-commerce security and privacy. Kluwer, Dordrecht, pp 29\u201346"},{"issue":"1","key":"89_CR6","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TSE.2007.70746","volume":"34","author":"TD Breaux","year":"2008","unstructured":"Breaux TD, Ant\u00f3n AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5\u201320","journal-title":"IEEE Trans Softw Eng"},{"key":"89_CR7","doi-asserted-by":"crossref","unstructured":"Robinson W (2005) Implementing rule-based monitors within a framework for continuous requirements monitoring. In: Proceedings of the 38th Hawaii international conference on system sciences, pp 188\u2013197","DOI":"10.1109\/HICSS.2005.306"},{"key":"89_CR8","doi-asserted-by":"crossref","unstructured":"Otoya S, Cerpa N (1999) An experience: a small software company attempting to improve its process. In: Proceedings of the software technology and engineering practice, pp 153\u2013160","DOI":"10.1109\/STEP.1999.798788"},{"key":"89_CR9","volume-title":"The practical guide to HIPAA privacy and security compliance","author":"K Beaver","year":"2004","unstructured":"Beaver K, Herold R (2004) The practical guide to HIPAA privacy and security compliance. Auerbach, Philadelphia"},{"key":"89_CR10","unstructured":"Garner BA (ed) (2004) Black\u2019s law dictionary, 8th edn. Thompson West"},{"key":"89_CR11","doi-asserted-by":"crossref","unstructured":"Breaux TD, Ant\u00f3n AI, Karat C-M, Karat J (2006) Enforceability vs. accountability in electronic policies. In: Proceedings of the seventh IEEE international workshop on policies for distributed systems and networks, pp 227\u2013230","DOI":"10.1109\/POLICY.2006.18"},{"key":"89_CR12","doi-asserted-by":"crossref","unstructured":"Breaux TD, Vail MW, Ant\u00f3n AI (2006) Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: RE\u201906: Proceedings of the 14th IEEE international requirements engineering conference, pp 49\u201358","DOI":"10.1109\/RE.2006.68"},{"key":"89_CR13","doi-asserted-by":"crossref","unstructured":"Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings of the 2006 IEEE symposium on security and privacy, pp 184\u2013198","DOI":"10.1109\/SP.2006.32"},{"key":"89_CR14","doi-asserted-by":"crossref","unstructured":"May MJ, Gunter CA, Lee I (2006) Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: 19th IEEE computer security foundations workshop (CSFW\u201906), pp 85\u201397","DOI":"10.1109\/CSFW.2006.24"},{"issue":"5","key":"89_CR15","doi-asserted-by":"crossref","first-page":"445","DOI":"10.1016\/j.csi.2005.01.003","volume":"27","author":"F Massacci","year":"2005","unstructured":"Massacci F, Prest M, Zannone N (2005) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comput Stand Interfaces 27(5):445\u2013455","journal-title":"Comput Stand Interfaces"},{"issue":"1","key":"89_CR16","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/PL00010356","volume":"6","author":"AI Ant\u00f3n","year":"2001","unstructured":"Ant\u00f3n AI, Carter R, Dagnino A, Dempster J, Siege D (2001) Deriving goals from a use-case based requirements specification. Requirements Eng 6(1):63\u201373","journal-title":"Requirements Eng"},{"key":"89_CR17","doi-asserted-by":"crossref","unstructured":"Glinz M (2000) Problems and deficiencies of uml as a requirements specification language. In: Tenth international workshop on software specification and design, pp 11\u201322","DOI":"10.1109\/IWSSD.2000.891122"},{"issue":"3","key":"89_CR18","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1016\/j.infsof.2006.12.003","volume":"50","author":"TA Alspaugh","year":"2008","unstructured":"Alspaugh TA, Ant\u00f3n AI (2008) Scenario support for effective requirements. Inf Softw Technol 50(3):198\u2013220","journal-title":"Inf Softw Technol"},{"key":"89_CR19","doi-asserted-by":"crossref","unstructured":"Ben Achour C, Rolland C, Maiden NAM, Souveyet C (1999) Guiding use case authoring: results of an empirical study. In: Proceedings of the IEEE international symposium on requirements engineering, pp 36\u201343","DOI":"10.1109\/ISRE.1999.777983"},{"key":"89_CR20","doi-asserted-by":"crossref","unstructured":"Berenbach BA (2004) Comparison of uml and text based requirements engineering. In: OOPSLA \u201904: companion to the 19th annual ACM SIGPLAN conference on object-oriented programming systems, languages, and applications, ACM, pp 247\u2013252","DOI":"10.1145\/1028664.1028766"},{"issue":"4","key":"89_CR21","doi-asserted-by":"crossref","first-page":"419","DOI":"10.1023\/A:1008605412971","volume":"5","author":"NAM Maiden","year":"1998","unstructured":"Maiden NAM (1998) CREWS-SAVRE: scenarios for acquiring and validating requirements. Autom Softw Eng 5(4):419\u2013446","journal-title":"Autom Softw Eng"},{"key":"89_CR22","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1109\/52.268952","volume":"11","author":"C Potts","year":"1994","unstructured":"Potts C, Takahashi K, Ant\u00f3n A (1994) Inquiry-based requirements analysis. IEEE Softw 11:21\u201332","journal-title":"IEEE Softw"},{"key":"89_CR23","doi-asserted-by":"crossref","unstructured":"Sutcliffe A (2003) Scenario-based requirements engineering. In: Proceedings of the 11th IEEE international requirements engineering conference, pp 320\u2013329","DOI":"10.1109\/ICRE.2003.1232776"},{"issue":"14","key":"89_CR24","doi-asserted-by":"crossref","first-page":"967","DOI":"10.1016\/S0950-5849(03)00095-8","volume":"45","author":"AI Ant\u00f3n","year":"2003","unstructured":"Ant\u00f3n AI, Earp JB, Carter RA (2003) Precluding incongruous behavior by aligning software requirements with security and privacy policies. Inf Softw Technol 45(14):967\u2013977","journal-title":"Inf Softw Technol"},{"key":"89_CR25","unstructured":"Breaux TD (2009) Legal requirements acquisition for the specification of legally compliant information systems. PhD thesis, North Carolina State University"},{"key":"89_CR26","doi-asserted-by":"crossref","unstructured":"Breaux TD, Ant\u00f3n AI (2005) Mining rule semantics to understand legislative compliance. In: WPES \u201905: proceedings of the 2005 ACM workshop on privacy in the electronic society, pp 51\u201354","DOI":"10.1145\/1102199.1102210"},{"key":"89_CR27","unstructured":"Williams L, Xie T, Meneely A, Hayward L (2008a) iTrust medical care requirements specification. http:\/\/agile.csc.ncsu.edu\/iTrust\/wiki\/doku.php?id=requirements"},{"key":"89_CR28","unstructured":"Williams L, Xie T, Meneely A, Hayward L, Massey A (2008b) iTrust medical care requirements specification. http:\/\/agile.csc.ncsu.edu\/iTrust\/wiki\/doku.php?id=lauren791e"},{"key":"89_CR29","unstructured":"Allenby K, Kelly T (2001) Deriving safety requirements using scenarios. In: Proceedings of the fifth IEEE international symposium on requirements engineering, pp 228\u2013235"},{"key":"89_CR30","doi-asserted-by":"crossref","unstructured":"Ant\u00f3n AI (1996) Goal-based requirements analysis. In: Proceedings of the second international conference on requirements engineering, pp 136\u2013144, 15\u201318","DOI":"10.1109\/ICRE.1996.491438"},{"key":"89_CR31","doi-asserted-by":"crossref","unstructured":"Ant\u00f3n AI, Potts C (1998) The use of goals to surface requirements for evolving systems. In: Proceedings of the 1998 international conference on software engineering, pp 157\u2013166, 19\u201325","DOI":"10.1109\/ICSE.1998.671112"},{"key":"89_CR32","unstructured":"van Lamsweerde A. (2001) Goal-oriented requirements engineering: a guided tour. In: Proceedings of the fifth IEEE international symposium on requirements engineering, pp 249\u2013262"},{"key":"89_CR33","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1109\/52.663783","volume":"15","author":"K Weidenhaupt","year":"1998","unstructured":"Weidenhaupt K, Pohl K, Jarke M, Haumer P (1998) Scenarios in system development: current practice. IEEE Softw 15:34\u201345","journal-title":"IEEE Softw"},{"key":"89_CR34","doi-asserted-by":"crossref","unstructured":"Whittle J, Schumann J (2000) Generating Statechart designs from scenarios. In: Proceedings of the 2000 international conference on software engineering, pp 314\u2013323","DOI":"10.1145\/337180.337217"}],"container-title":["Requirements Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-009-0089-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00766-009-0089-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00766-009-0089-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T01:59:27Z","timestamp":1559095167000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00766-009-0089-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,11,13]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2010,3]]}},"alternative-id":["89"],"URL":"https:\/\/doi.org\/10.1007\/s00766-009-0089-5","relation":{},"ISSN":["0947-3602","1432-010X"],"issn-type":[{"value":"0947-3602","type":"print"},{"value":"1432-010X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,11,13]]}}}