Skip to content

SQ1: Compliance Meta-Model Attributes

Supporting research question

What attributes must a compliance meta-model possess to accurately capture the intent of healthcare data privacy laws?

Problem Investigation

Healthcare clauses often combine deterministic constraints and context-dependent judgment. A useful meta-model must preserve legal intent, implementation feasibility, and audit traceability.

Treatment Design

Define required meta-model attributes and structural rules.

Candidate Attribute Set

  • Clause identifier and source reference.
  • Requirement intent statement.
  • Control type (deterministic or human-judgment required).
  • Evidence expectation.
  • Enforcement scope (pipeline stage, system boundary, data domain).
  • Risk level and impact.
  • Stakeholder approval requirement.

Treatment Validation

Validate the attribute set by mapping sample clauses and checking:

  • semantic fidelity to legal intent,
  • implementation clarity for engineering,
  • traceability quality for audits.

Iteration Checkpoints

  • Checkpoint 1: Initial attribute taxonomy.
  • Checkpoint 2: Pilot mapping with representative clauses.
  • Checkpoint 3: Stakeholder review and refinement.

Evaluation Boundary

The model can be validated on representative clause sets during thesis time, not on all possible healthcare regulation combinations.

Evidence Map

  • Clause mapping examples.
  • Attribute decision log.
  • Reviewer feedback notes.
  • Traceability matrix drafts.

Expected Contribution to Main Question

SQ1 defines what the IR must encode so downstream compiler mapping can remain faithful and auditable.