Requirements elicitation for secure and interoperable cross‐border health data exchange: the KONFIDO study

Abstract

In this study, the requirements elicitation approach employed in the context of the KONFIDO project is presented. KONFIDO introduces a technical paradigm for secure and interoperable cross-border health data exchange by leveraging novel approaches and cutting-edge technologies, such as homomorphic encryption and blockchains. Being a key part of the overall user requirements engineering methodology, requirements elicitation focused on producing high-level, end-user goals following a systematic procedure. First, the main business processes were identified based on the project's pilot scenarios. These business processes were the subject of a threat analysis, which identified the respective assets and a list of security risks/threats. Threats were further elaborated, considering the outcome of relevant projects and applicable best practices/standards. As a result, a set of user goals were identified and analysed in detail. Finally, a meta-analysis of the produced goals against the employed information sources was applied, highlighting the importance of standards as a guide for defining requirements, as well as the complexity concerning the interdependencies among the elaborated business processes, assets, threats, and user goals. As the deployment of the technical solution may be cloud-based, implications and challenges imposed by the adoption of cloud computing in this setting are also presented.