A test vehicle for compliance with resilience requirements in index-based e-health systems

Increasingly, national and international governments have a strong mandate to develop national e-health systems to enable delivery of much-needed healthcare services. Research is, therefore, needed into appropriate security and reliance structures for the development of health information systems which must be compliant with governmental and alike obligations. The protection of e-health information security is critical to the successful implementation of any e-health initiative. To address this, this paper proposes a security architecture for index-based e-health environments, according to the broad outline of Australia’s National E-health Strategy and National E-health Transition Authority (NEHTA)’s Connectivity Architecture. This proposal, however, could be equally applied to any distributed, index-based health information system involving referencing to disparate health information systems. The practicality of the proposed security architecture is supported through an experimental demonstration. This successful prototype completion demonstrates the comprehensibility of the proposed architecture, and the clarity and feasibility of system specifications, in enabling ready development of such a system. This test vehicle has also indicated a number of parameters that need to be considered in any national indexed-based e-health system design with reasonable levels of system security. This paper has identified the need for evaluation of the levels of education, training, and expertise required to create such a system.

Personal Injuries Proceedings Act 2002, s 32 - Duty to Disclose - consequences of non-disclosure - discretion to excuse non-compliance

In Newson v Aust Scan Pty Ltd t/a Ikea Springwood [2010] QSC 223 the Supreme Court examined the discretion under s 32(2) of the Personal Injuries Proceedings Act 2002 (Qld), to permit a document which has not been disclosed as required by the pre-court procedures under the PIPA to be used in a subsequent court proceeding. This appears to be the first time that the nature and parameters of the discretion have been judicially considered.

Privacy compliance verification in cryptographic protocols

To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.

The GST Compliance Costs Of Nonprofit Organisations

On 2 December 1998, the Federal Government tabled their policy paper entitled Regulation Impact Statement for the Introduction of a Goods and Services Tax (RIS) in the House of Representatives. The Federal Government predicted that total gross GST compliance costs to Australian businesses in the first year of implementation would be approximately $1,912 million (or $1,195 per firm). Furthermore, it is estimated that the recurrent net compliance costs will be much lower at $131 per firm. Whilst the government made brief references to charitable organisations in their analysis, it stated that the compliance costs faced by nonprofits would, in substance, be no different to the compliance costs faced by businesses or government departments. This paper examines the RIS process in relation to nonprofit organisations in the context of recent taxation legislation affecting nonprofit organisations. It argues that the assumption that nonprofit compliance costs are similar to government and business costs is flawed and makes a case for the RIS process to be reformed to include more appropriate assessments of the impact of legislation on nonprofit enterprises.

Business Process Data Compliance

Most approaches to business process compliance are restricted to the analysis of the structure of processes. It has been argued that full regulatory compliance requires information on not only the structure of processes but also on what the tasks in a process do. To this end Governatori and Sadiq[2007] proposed to extend business processes with semantic annotations. We propose a methodology to automatically extract one kind of such annotations; in particular the annotations related to the data schema and templates linked to the various tasks in a business process.

Automated support for versioning compliance checking between workflow management and product lifecycle management (in Chinese)

With the development of enterprise informatisation, Product Lifecycle Management (PLM) systems have been widely deployed and applied in enterprises. This paper analyzes the requirement that conducting version operations on business objects as specified in process models should be compliant with the versioning policies imposed by product lifecycles. This leads to the introduction of the concept of versioning compliance, and the approach of compliance checking that we proposed in our earlier work, which comprises both syntactical compatibility and behavioural compatibility checking. The paper then focuses on the tool implementation for providing automated support to the versioning compliance checking. An empirical evaluation of the tool was also performed with industrial partners using the well-known questionnaire-based method. The evaluation and feedback from practitioners further evidence the practical significance of this research question in the PLM field and demonstrate that the proposed solution with its automated tool support possesses a high application potential.

Effects of average speed enforcement on speed compliance and crashes : a review of the literature

Average speed enforcement is a relatively new approach gaining popularity throughout Europe and Australia. This paper reviews the evidence regarding the impact of this approach on vehicle speeds, crashes rates and a number of additional road safety and public health outcomes. The economic and practical viability of the approach as a road safety countermeasure is also explored. A literature review, with an international scope, of both published and grey literature was conducted. There is a growing body of evidence to suggest a number of road safety benefits associated with average speed enforcement, including high rates of compliance with speed limits, reductions in average and 85th percentile speeds and reduced speed variability between vehicles. Moreover, the approach has been demonstrated to be particularly effective in reducing excessive speeding behaviour. Reductions in crash rates have also been reported in association with average speed enforcement, particularly in relation to fatal and serious injury crashes. In addition, the approach has been shown to improve traffic flow, reduce vehicle emissions and has also been associated with high levels of public acceptance. Average speed enforcement offers a greater network-wide approach to managing speeds that reduces the impact of time and distance halo effects associated with other automated speed enforcement approaches. Although comparatively expensive it represents a highly reliable approach to speed enforcement that produces considerable returns on investment through reduced social and economic costs associated with crashes.

Request for production of documents – UCPR r 222 – manner of compliance

In John Kallinicos Accountants Pty Ltd v Dundrenan Pty Ltd [2009] QDC 141 Irwin DCJ considered the nature of a party’s obligation under r 222 of the Uniform Civil Procedure Rules 1999 (Qld) (UCPR) to produce documents referred to in the parties’ pleadings, particulars or affidavits. The decision examined whether the approach in Belela Pty Ltd v Menzies Excavation Pty Ltd [2005] 2 QdR 230 in relation to disclosure of documents under UCPR r 214 also applied to production of documents under r 222.

Normative requirements for business process compliance

Norms regulate the behaviour of their subjects and define what is legal and what is illegal. Norms typically describe the conditions under which they are applicable and the normative effects as a results of their applications. On the other hand, process models specify how a business operation or service is to be carried out to achieve a desired outcome. Norms can have significant impact on how business operations are conducted and they can apply to the whole or part of a business process. For example, they may impose conditions on the different aspects of a process (e.g., perform tasks in a specific sequence (control-flow), at a specific time or within a certain time frame (temporal aspect), by specific people (resources)). We propose a framework that provides the formal semantics of the normative requirements for determining whether a business process complies with a normative document (where a normative document can be understood in a very broad sense, ranging from internal policies to best practice policies, to statutory acts). We also present a classification of normal requirements based on the notion of different types of obligations and the effects of violating these obligations.

Securities market regulators’ use of the ‘please explain’ queries sanction and its power of compliance

The aim of this study is to investigate the compliance impact of price queries issued by a securities market operator to its participating firms. Market operators in Australia and New Zealand, such as the Australian Securities Exchange and the New Zealand Securities Exchange, have the regulatory power in their rules to issue queries to its market participants to explain unusual fluctuations in trading price or volume in the market. The operator will issue a price query where it believes that the market has not been fully informed as to price relevant information. Responsive regulation has informed much of the regulatory debate in securities laws in our region. We posit that price queries are one strategy that a market operator can use in communicating its enforcement expectations to its stakeholder. However, whilst responsive regulation informs regulatory choices, an alternate view seeks to explain why participants respond to these regulatory strategies, and we use disclosure behaviour after price queries to test compliance behaviour

A methodological evaluation of business process compliance management frameworks

Existing compliance management frameworks (CMFs) offer a multitude of compliance management capabilities that makes difficult for enterprises to decide on the suitability of a framework. Making a decision on the suitability requires a deep understanding of the functionalities of a framework. Gaining such an understanding is a difficult task which, in turn, requires specialised tools and methodologies for evaluation. Current compliance research lacks such tools and methodologies for evaluating CMFs. This paper reports a methodological evaluation of existing CMFs based on a pre-defined evaluation criteria. Our evaluation highlights what existing CMFs offer, and what they cannot. Also, it underpins various open questions and discusses the challenges in this direction.

Insights into special costs orders : WA court examines compliance and retrospectivity

In Walter v Buckeridge [No.5] [2012] WASC 495 Le Miere J considered an application by the defendants for special costs orders under the applicable legislation in Western Australia. Aspects of the decision may be of persuasive value in dealing with similar issues under Queensland legislation.

An instrument to measure adherence to weight loss programs : the Compliance Praxis Survey-Diet (COMPASS-Diet)

Adherence to behavioral weight loss strategies is important for weight loss success. We aimed to examine the reliability and validity of a newly developed compliance praxis-diet (COMPASS-diet) survey with participants in a 10-week dietary intervention program. During the third of five sessions, participants of the “slim-without-diet” weight loss program (n = 253) completed the COMPASS-diet survey and provided data on demographic and clinical characteristics, and general self-efficacy. Group facilitators completed the COMPASS-diet-other scale estimating participants’ likely adherence from their perspective. We calculated internal consistency, convergent validity, and predictive value for objectively measured weight loss. Mean COMPASS-diet-self score was 82.4 (SD 14.2) and COMPASS-diet-other score 80.9 (SD 13.6) (possible range 12–108), with lowest scores in the normative behavior subscale. Cronbach alpha scores of the COMPASS-diet-self and -other scale were good (0.82 and 0.78, respectively). COMPASS-diet-self scores (r = 0.31) correlated more highly with general self-efficacy compared to COMPASS-diet-other scores (r = 0.04) providing evidence for validity. In multivariable analysis adjusted for age and gender, both the COMPASS-diet-self (F = 10.8, p < 0.001, r2 = 0.23) and other (F = 5.5, p < 0.001, r2 = 0.19) scales were significantly associated with weight loss achieved at program conclusion. COMPASS-diet surveys will allow group facilitators or trainers to identify patients who need additional support for optimal weight loss.

A field experiment in moral suasion and tax compliance focusing on underdeclaration and overdeduction

One of very few field experiments in tax compliance, this study generates a unique data set on Swiss taxpayers’ underdeclaration of income and wealth and overdeduction of tax credits by obtaining exclusive access to tax-return corrections made by the tax administration. Using this commune-level data from Switzerland, it explores the influence on tax compliance of moral suasion, introduced through a treatment in which taxpayers receive a letter containing normative appeals signed by the commune’s fiscal commissioner. This letter also serves to operationalize elements of social identity and (mutual) trust. Interestingly, the results not only echo the earlier finding that moral suasion has barely any effect on taxpayer compliance, but show clear differences between underdeclaration and overdeduction.