Content uploaded by Ji Ruan
Author content
All content in this area was uploaded by Ji Ruan on Jan 26, 2015
Content may be subject to copyright.
Data-Aware Monitoring For Healthcare Workflows
Using Formal Methods
Ji Ruan and Wendy MacCaull
Centre for Logic and Information, StFX University, Canada, {jruan, wmaccaul}@stfx.ca
Abstract. This paper presents an approach to monitor healthcare workflows us-
ing a logic-based formal method. We introduce a monitoring architecture with
workflows and knowledge bases, and propose a logical language, FO-LTL-K, to
express temporal and knowledge properties to be monitored. We formalize some
of the norms for palliative care using the proposed logic and characterize the
complexity of the model checking problem.
Keywords: Data and knowledge integration, Temporal knowledge representa-
tions, Logic-based methods, Ontologies, Complexity.
1 Introduction
A workflow [17] is the automation of a business process, in whole or part, during which
documents, information or tasks are passed from one participant to another for action,
according to a set of procedural rules. Healthcare workflows have been proposed to
improve the efficiency of health services delivery [10, 6]. Using model checking, ini-
tial attempts have been made to verify the correctness of healthcare workflows at the
design stage [7, 12]. Monitoring (which uses data generated during care and relevant
background healthcare knowledge) is necessary to determine the correctness of health-
care workflow execution. In this paper we develop an approach to monitor healthcare
workflows using a logic-based formal method.
Logic-based formal methods provide a solid theoretical foundation for modelling
and verifying complex systems. Three kinds of logic relate to our work: First-order
logic (FOL), Temporal logic (TL), and Description logic (DL). FOL [16] enables us
to represent different healthcare data types and quantify over their contents. TL is a
formalisation describing temporal changes. It is applied to the verification of computer
programs, or more broadly, to reactive systems [11]. Healthcare data reflects the dy-
namics of healthcare systems, such as the changes of health status of patients and the
delivery of care, therefore we must reason about temporal changes. DL [1] models indi-
viduals, concepts, and roles. It is used in Artificial Intelligence for formal reasoning on
the concepts of an application domain (e.g., Medicine), and is of particular importance
in providing a logical formalism for knowledge bases, also called ontologies.
This paper is organized as follows: section 2 introduces palliative care and a moni-
toring architecture; section 3 discusses the representation of healthcare knowledge and
data; section 4 proposes a logical language, FO-LTL-K, to express the properties to be
monitored, and uses it to formalize some palliative care norms; section 5 provides the
complexity of the model checking problem; section 6 discusses related and future work.
51
2 Palliative Care and A Monitoring Architecture
Palliative care refers to the physical, psychological, spiritual and practical care given to
patients and their families when they are dealing with the issues associated with serious
illness. As patients are usually part of a family, when care is provided, the patient and
family are treated as a unit. The main focus of palliative care is to ease the suffering of
the patient and his or her family and to help them to cope with their difficulties.
According to [3], a palliative care workflow consists of the following essential pro-
cesses: Referral, Consultation, Intake, Therapeutic Encounter, and Discharge. These
processes can be further refined as sub-workflows. For example, a therapeutic encounter
is defined as a sub-workflow with the following processes: Assessment, Information
Sharing, Decision Making, Care Planning, Care Delivery, and Confirmation. It is de-
picted in Fig. 1, in which the black triangle and square represent the start and end of
the workflow respectively, the arrows indicate the order of the processes to be carried
out, and the double-lined squares indicate compound processes. These processes can be
further refined to include a greater level of detail.
Fig. 1. A Therapeutic Encounter Workflow
Many stakeholders are involved in the processes of palliative care, e.g., Nurses,
Physicians, Oncologists, Pharmacists, and Social workers. These stakeholders carry out
the practical work and record various kinds of healthcare information. Their work is
guided by certain requirements to ensure the quality of care and to prevent errors. In
Canada, the norms of practice [3] are set by the Canadian Hospice Palliative Care As-
sociation to guide the process of palliative care. Norms are simple statements that pro-
vide a benchmark of normal or desired practice to which individuals or organizations
providing palliative care can and should aspire. They are less rigid and less specific
than standards, thus enabling individual organizations to develop their own standards
of practice from the norms.
We propose a monitoring architecture to check whether the actual healthcare prac-
tice meets these norms. It has the following four components (Fig. 2): (1) a Workflow
Management System (WfMS) which defines, creates and manages the execution of
workflows through the use of a workflow engine able to interpret the process defini-
tion and interact with workflow participants; (2) a Data Management System (DMS)
52
Fig. 2. A Monitoring Architecture
which stores and retrieves the information that is produced by the execution of work-
flows in WfMS; (3) a Knowledge Base (KB) which holds medical, organizational, and
healthcare knowledge to support the execution of workflow; (4) a Data Monitor which
monitors the data flow from the DMS and uses the knowledge from the KB to help
healthcare stakeholders with decision-making.
3 Healthcare Knowledge and Data Representation
There are different kinds of information contained in a healthcare system. We classify
them into two kinds in our architecture. The first is static, or changes infrequently over
time–e.g., the knowledge of medication compatibility and the relationship of stakehold-
ers in healthcare; the second is dynamic, hence may change frequently over time–e.g.,
the assessment result of pain may reduce from level 9 to level 3 due to proper treatment.
The first kind of information comes from the healthcare domain knowledge, and is
maintained in the KB. There is a vast amount of knowledge related to healthcare, such
as the knowledge of disease and human coping, the medication compatibility, and the
responsibilities of different caregivers, etc. An ontology is a formal representation of
a set of concepts within a domain and the relationships among those concepts. Exten-
sive ontologies for the healthcare domain, such as the International Classification for
Nursing Practices (ICNP) and the Systematized Nomenclature of Medicine - Clinical
Terms (SNOMED CT), as well as numerous drug ontologies have been developed for
the electronic exchange of clinical health information. Many ontologies are constructed
using some fragment of DL. Efficient DL reasoners [15] are available, and are useful
both in the development stage of the ontology (e.g., for consistency checking) and for
querying the ontology. We use DL to encode knowledge related information to facilitate
the use of DL reasoners.
The second kind of information is produced during the care delivery processes, and
is managed in the DMS. A basic healthcare data unit is called a healthcare record, which
has three required data fields: the patient’s ID, a time stamp, and an electronic signature
of the caregiver who provided the record. The time information is critical in healthcare
since some tasks must be completed within a certain time limit, and some tasks should
be repeated regularly. The granularity of time in palliative care is usually measured by
hours or even days. According to the time stamp of each record, the healthcare records
of a patient can be retrieved, and form a linear order. Thus, we use a linear temporal
model to represent a patient’s healthcare history. Apart from the three required data
53
<r e c o r d >
<t im e >9am J a n u a r y 6 , 2 010 </ t i me >
<p a t i e n t I D >B9527 </ p a t i e n t I D >
<pa i n >9</ p a i n >
<weakness >6</ we a k n e s s >
<m e d i c a t i o n >Med1 </medication>
<m e d i c a t i o n >Med2 </medication>
<a c t i o n t a k e n >A s s e s s m e n t ; B 952 7 </actiontaken >
<s i g n a t u r e >Bob </ s i g n a t u r e >
</ r e c o r d >
Fig. 3. A healthcare record in XML format.
fields, each healthcare record will have other data fields, depending on what is intended
to be captured at the moment. For example, it may include assessment results for pain,
tiredness, depression, etc., or the medication that is prescribed, or other data. We use a
standard XML format to encode and facilitate the exchange of such healthcare records.
Definition 1 (Healthcare Data Model). A healthcare data model Mis a finite se-
quence r1r2· · · rnwhere riis a healthcare record. A healthcare record contains tags
and data. Data content is included in tags in the format: <tag>content</tag>,
and content items within the same tag can be separated using ‘;’. The whole record
is wrapped by a pair <record> </record>. In particular, patient’s ID, time stamp,
and caregiver’s signature are tagged with <patientID>,<time>, and <signature>
respectively.
An example of a healthcare record in Fig. 3 shows (a) that the patient (ID ‘B9527’)
underwent an assessment (which gives pain level 9 and weakness level 6) by caregiver
Bob at 9am January 6, 2010, and (b) the prescribed medication (Med1 and Med2).
4 Specifications
Specifications express properties that should hold in a system. We propose a language
called FO-LTL-K, which is a combination of a first-order linear temporal language and
a description logic language. It is designed:
–to represent and quantify over the data contents in a health record, e.g., all the
medications inside the tag <medication>;
–to specify real-time requirements in different intervals, e.g., an assessment must be
made within 3 hours (or 3 days);
–to specify temporal changes of data, e.g., in one assessment, the pain level is 4, but
in the next assessment, it is 8;
–to specify healthcare knowledge expressions, e.g., medication Med1 is not compat-
ible with medication Med3.
Definition 2 (Syntax). The language FO-LTL-K is constructed from the alphabet:
54
–Predicate symbols P1, P2,· · · ,each of which is some fixed arity;
–Function symbols F1, F2,· · · ,each of which is some fixed arity;
–Concept symbols (also called atomic concepts) C1,C2,· · ·;
–Role symbols (also called atomic roles) R1,R2,· · ·;
–Individual variables x1, x2,· · ·; Individual constants c1, c2,· · ·.
Terms t:Variables and constants are terms; F(t1,· · · , tn)is a term if Fis an n-ary
function symbol and tiis a term.
Concepts C,D:C::= Ci| ⊤ | ⊥ | ¬C|C⊓D| ∀R.C| ∃R.C, where, Ciis a concept
symbol and Ris a role symbol.
Formulas:ϕ::=t1=t2|P(t1,· · · , tn)|u1:C|(u1, u2) : R| ¬ϕ|ϕ∧ψ|Xϕ|
ϕUψ| ∀x.ϕ(x), where tiis a term, xis a variable, uiis a constant or variable, Pis a
predicate, Cis a concept, and Ris a role. We use the following abbreviations for other
connectives and operators: C⊔D=¬(¬C⊓ ¬D), ϕ ∨ψ=¬(¬ϕ∧ ¬ψ), ϕ →ψ=
¬(ϕ∧ ¬ψ),Fϕ=⊤Uϕ, Gϕ=¬F¬ϕ, ∃x.ϕ(x) = ¬∀x.¬ϕ(x).
A variable xis a free variable if it is not in the scope of any ∀xor ∃x. A formula is
a sentence if it does not have any free variables.
Intuitively, a temporal formula Xϕmeans “in the next record, ϕholds”, Fϕmeans
“in a future record, ϕholds”, and ϕUψmeans “ϕholds until ψholds”. The precise
meanings will be given in Definition 6. We introduce a formal definition of knowledge
bases.
Definition 3 (Knowledge Base). A knowledge base Kis a tuple hT ,Ai, where T(the
TBox) is a set of expressions of the form C⊑D(R⊑S) and C≡D(R≡S) for con-
cepts C,D(and roles R,S), and A(the ABox) is a set of expressions of the form (c1:C)
and ((c1, c2) : R)for constants c1, c2, concept Cand role R.
Here are a few examples to show the intuitive meaning of knowledge expressions.
–Oncologist, Nurse, Physician, Caregiver, Manager : These are concepts that
express the stakeholders associated with a care unit. (Alice :Nurse)asserts that
Alice is a nurse, and (Bob :Manager)asserts that Bob is a manager. Nurse ⊑
Caregiver expresses that every nurse is a caregiver.
–HasSupervisor: This is a role relating two individuals. For example, ((Alice, Bob) :
HasSupervisor)asserts that Alice has a supervisor named Bob.
The following introduces the model that interprets the formulas in Definition 2.
Definition 4 (First-order Temporal Structure). A first-order temporal structure His
a tuple h∆, I, h1h2· · · hni, where ∆is a nonempty set that forms the domain, Iis a
knowledge interpretation, and h1h2· · · hnis a finite sequence of first-order interpre-
tations. The interpretation Iassigns every atomic concept Cito a set Ci
I⊆∆, every
atomic role Rto a set RI⊆∆×∆, every constant cto an element cI∈∆, and every
function Fwith n-arity to a function FIfrom ∆nto ∆, such that FI
i(cI
1,· · · , cI
n) = cI
whenever F(c1,· · · , cn) = c. Then Iis extended to the concepts as follows:
⊤I=∆;⊥I=∅
(¬C)I=∆\CI;(C⊓D)I=CI∩DI
55
(∀R.C)I={a∈∆I| ∀b.((a, b)∈RI→b∈CI)}
(∃R.C)I={a∈∆I| ∃b.((a, b)∈RIand b∈CI)}
Each first-order interpretation hi(1≤i≤n) assigns an n-ary predicate symbol P
to a relation Phiover ∆n.
The reader will recall that we have partitioned all information into static knowledge
and dynamic data. Therefore the knowledge interpretation Iinterprets the fragment of
the language that does not change over time, i.e., concepts, roles, constants and func-
tions; and the first-order interpretation hiinterprets the rest of the language.
The following defines a relation ‘|=’ between a first-order temporal structure and a
knowledge base, which is sufficient to ensure that the two are consistent.
Definition 5 (Knowledge Base Satisfaction). Given a first-order temporal structure
H=h∆, I, h1h2· · · hniand a knowledge base K= (T,A), we say that Hsatisfies
K, written as H |=K, if the following hold:
–for all C⊑Din T,CI⊆DI, and for all C≡Din T,CI=DI.
–for all R⊑Sin T,RI⊆SI, and for all R≡Sin T,RI=SI.
–for all t:Cand (t1, t2) : Rin A,tI∈CIand (tI
1, tI
2) : RI
A first-order temporal structure H=h∆, I, h1h2· · · hnican be derived as follows.
1. The ∆consists of a finite set of strings that is used to specify the data contents;
2. The interpretation Iis specified according to the setting of care, so that H |=K;
this makes sure that the interpretation is consistent with the knowledge base;
3. The sequence of first-order interpretation h1h2· · · hnis derived from a healthcare
data model (Definition 1). Suppose hiis associated with the i-th record miin a
corresponding healthcare data model M. Thus the his act as the states in a temporal
system. Each predicate Pthat corresponds to a tag occurring in miis assigned to
the set of data inside the tag, written as Phi, otherwise it is assigned to an empty
set. For example, Fig. 3 shows a healthcare record m; suppose mis associated with
h, the tag <medication> is associated with a unary predicate P1, and no tag is
associated with unary predicate P2, then Ph
1={Med1, M ed2}, P h
2={}.
Definition 6 (Semantics). Given a first-order temporal structure H=h∆, I, h1h2· · · hni,
and a knowledge base Kthat is satisfied by H, the sentences in FO-LTL-K are inter-
preted as follows.
–H, hi|=t1=t2iff t1hi=t2hi;
–H, hi|=P(t1,· · · , tn)iff (thi
1,· · · , thi
n)∈Phi;
–H, hi|=¬ϕiff H, hi6|=ϕ;
–H, hi|=ϕ∧ψiff H, hi|=ϕand H, hi|=ψ;
–H, hi|=Xϕiff there exists hi+1 such that H, hi+1 |=ϕ;
–H, hi|=ϕUψiff there exists j≥isuch that for all i≤k < j,H, hk|=ϕand
H, hj|=ψ;
–H, hi|=c1:Ciff cI
1∈CI;
–H, hi|= (c1, c2) : Riff (cI
1, cI
2)∈CI;
–H, hi|=∀x.ϕ(x)iff for all a∈∆,H, hi|=ϕ[a/x].
56
We now specify some of the norms in [3] using FO-LTL-K. Recall that the inter-
pretation of norms depends on a local setting, each of which should have a reasonable
time frame for actions to be completed. Therefore we consulted the caregivers in the
Guysborough Antigonish Strait Health Authority (GASHA) for their interpretation of
these norms.
– Norm 1: When language is a barrier, translators who understand the medical con-
cepts and terminology facilitate information sharing.
This norm guides the second stage (Information Sharing) of a therapeutic encounter
(see Fig. 1). When a patient is admitted into a palliative care program, some basic in-
formation, including the languages that he or she can speak, is entered into his or her
healthcare record. This is captured in a unary predicate P atientLanguage. Suppose
the official language of the palliative care program is kept in its knowledge base under
the concept OfficialLanguage1. Our specification of this norm takes time into consid-
eration, requiring an action to take place within a constant time c, e.g., ‘3 hours’. It is
represented as follows:
∀t1.(¬∃x.(P atientLanguage(x)∧x:OfficialLanguage)∧T ime(t1)
→X(∃t2.(T ime(t2)∧(t2−t1)≤c∧ActionT aken(d, p))))
where, t1refers to the time stamp of a ‘current’ record, t2refers to the time stamp of the
‘next’ record due to the temporal operator X, the binary predicate ActionT aken(x, y)
denotes “action xis taken to y”, constant ddenotes an action “Find a translator”, con-
stant pdenotes a patient, and the predicate T ime is interpreted as a singleton set of the
unique time stamp associated to a record2.
– Norm 2: The patient family’s understanding of the shared information is assessed
regularly.
There are at least 7 norms requiring regular assessments. The gap between two as-
sessments depends on numerous factors, such as the severity of the issues, the availabil-
ity of resources, etc. In palliative care, patients’ families often play a very important role
as many patients choose to receive care at home. Suppose the knowledge base already
has the following role definition: IsFamilyOf ≡IsFatherOf⊔IsMotherOf⊔IsChildOf,
we can express “x is a family member of y” implicitly using (x, y) : IsFamilyOf instead
of using (x, y) : IsFatherOf ⊔IsMotherOf ⊔IsChildOf. This norm can be specified as
“the next assessment should be made within a time duration c”, and is represented as:
∀t1∀x.(T ime(t1)∧((x, p) : IsFamilyOf)→F(∃t2.(T ime(t2)
∧(t2−t1)≤c∧(ActionT aken(e, x)))))
where the temporal operator Frefers to a ‘future’ record, constant edenotes “assess-
ment of the understanding of shared information”, and constant pdenotes a patient.
1In comparison, the predicate P atientLanguage is interpreted over healthcare records be-
cause different patients may speak different languages.
2If T imeh={c}, where cis the content of the single time stamp in the record associated with
h, then H, h |=∀x.(T ime(x)→x=c)∧ ∃x.T ime(x).
57
5 Complexity
A data monitor constructs a first-order temporal structure from a healthcare data model
and a knowledge base, then updates itself when a new healthcare record is received. It
checks or monitors the properties specified in FO-LTL-K, and generates alerts when
necessary. The core of our monitoring method is the model checking problem H, hi|=
ϕin FO-LTL-K. We examine the computational complexity of this problem.
Computational complexity theory studies the amount of computational resources
needed, such as time and storage, to solve a problem. It is well-known that the com-
plexity of the model checking problem (also called the satisfaction checking problem)
of first-order logic is PSPACE-complete [18]. We show that the model checking prob-
lem of FO-LTL-K has the same complexity by reducing it to a model checking prob-
lem of first-order logic, using a syntactic translation TR S and a semantic translation
TR SM. The main idea is to, (1) let TR S associate a natural number iwith a formula
ϕin FO-LTL-K so the temporal information is embedded in T RS (ϕ, i); (2) let TRS M
transform the h1h2· · · hninto a single hby augmenting each hiwith a time parameter
isemantically. We show this in detail.
Syntactic Translation TRS.The syntactic translation TRS recursively maps a FO-LTL-K
expression and a natural number tto a first-order expression as follows:
–For each constant cand variable x,TRS(c, t) := c,TR S(x, t) := x; for each n-arity
function and term tiTR S(F(t1,· · · , tn, t)) := F(TRS(t1),· · · ,T RS(tn)); for each
concept symbol Ci,TR S(Ci, t) := Ci; for each role symbol R,TRS(R, t) := R;
–For each concept C,Dand role R,TRS(¬C, t) := ¬TR S(C, t),T RS(C⊓D, t) :=
TR S(C, t)∧TRS(D, t),T RS (∀R.C, t) := ∀y(R(x, y)→T RS(C, t)(y)),TRS(∃R.C, t)
:= ∃y(R(x, y)∧TRS(C, t)(y));
–For each predicate Pand terms ti,TRS(P(t1,· · · , tn), t) := P(t1,· · · , tn, t); for
each formula with concepts or roles: TR S(u1:C, t) := T RS (C, t)(u1),TR S((u1, u2) :
R, t) := R(u1, u2); for each formula ∀x.ϕ,TR S(∀x.ϕ, t) := ∀x.T RS(ϕ, t);
–For each formula with temporal modalities:
•TR S(X(ϕ), t) := ∃t′((t′=t+ 1) ∧TRS(ϕ, t′));
•TR S(ϕUψ, t) := ∃t′((t≤t′)∧T RS(ψ, t′)∧∀t′′ ((t≤t′′)∧(t′′ <t′)→TR S(ϕ, t′′ )));
Semantic Translation TRS M.The semantic translation T RS M maps a first-order tem-
poral structure H=h∆, I, h1· · · hnito a first-order structure TR SM(H) = h∆′, hi:
–The domain ∆′=∆∪ {1, ..., n};
–The interpretation hcoincides with Ion the constants and function symbols. For
the new predicates
•The concept and role symbols are associated with unary predicates and binary
predicates, and huses the interpretation from I, e.g., t∈C1
Iiff t∈Ch
1.
•Suppose P1is an n-arity predicate in the FO-LTL-K and P2is the correspond-
ing (n+1)-arity predicate in the first-order language that is being mapped to
using TR S; we require (t1, t2, ..., tn, k)∈Ph
2iff (t1, t2, ..., tn)∈Phk
1in H.
We can show the following by an induction on the structure of ϕ.
58
Theorem 1. Given a first-order temporal structure Hand a FO-LTL-K sentence ϕ, we
have: H, hi|=ϕiff T RS M(H, hi)|=TR S(ϕ, i)
Since both translation functions TR S and TRS M are linear, and the model checking
problem for first-order logic is PSPACE-complete [18] , we have the following:
Theorem 2. Given a first-order temporal structure Hand a FO-LTL-K sentence ϕ,
the model checking problem: H, hi|=ϕ, is PSPACE-complete.
This result is not surprising, but at least it shows that the model checking problem of
this logic is not computationally too expensive (e.g., exponential). Based on Definition
6, it is straightforward to develop an algorithm for model checking, that is, to determine
if H, hi|=ϕ. For details of proofs and algorithms, see [13], where the application of
DL reasoners to enhance the efficiency of the model checking is also discussed.
6 Related & Future Work
A number of frameworks (e.g., Asbru, EON, GLIF, GUIDE) [8] are available for the
computer interpretation of clinical guidelines (also called medical guidelines). Clinical
guidelines aim at guiding decisions and establishing criteria for diagnosis, management,
and treatment of specific medical problems. They are based on an examination of cur-
rent evidence within the paradigm of evidence-based medicine. Palliative care norms,
as we have discussed, are more general, and are meant to be interpreted relative to the
context of particular care settings. Model checking techniques have been used to verify
the correctness of a variety of guidelines and to monitor their executions [2, 4]. While
we also apply model checking techniques, our focus is different from these approaches,
as our logical language is designed both to specify the norms and to take the advantages
of the existing knowledge bases.
In [9], the authors provided an agent-based alarm management system for a pal-
liative care unit. They showed how intelligent agents can continuously monitor the
evolution of the health status of palliative patients using two kinds of alarms: basic
alarms (e.g., (Hunger <3) and Extreme weakness : Dangerous weakness), and evolu-
tion alarms (e.g., Number of evaluations: 2. ∆Weakness >2 : Fast weakness increase).
We can specify these alarms in our language. Moreover, our data model and language
are richer for temporal and knowledge-based reasoning.
In [5], the authors proposed a tableau-based algorithm for the runtime monitoring of
workflow constraints. Sample properties taken from runtime monitoring scenarios were
expressed using a first-order linear temporal logic. The main difference with our work is
that knowledge bases are an integral part of our architecture, and we allow description
logic expressions to facilitate the use of existing knowledge bases.
For further research, we plan to implement data-aware monitoring for palliative care
and explore the use of autonomous agents [14] in monitoring.
Acknowledgment. We thank the Natural Sciences and Engineering Research Council
of Canada, the Atlantic Canada Opportunities Agency, and GASHA for their support.
We also thank the anonymous reviewers for their comments.
59
References
[1] F. Baader, D. Calvanese, D. L. McGuinness, and D. N. amd P. F. Patel-Schneider. The De-
scription Logic Handbook: Theory, Implementation, Applications. Cambridge University
Press, Cambridge, UK, 2003.
[2] A. Bottrighi, L. Giordano, G. Molino, S. Montani, P. Terenziani, and M. Torchio. Adopting
model checking techniques for clinical guidelines verification. Artificial intelligence in
medicine, 48:1–19, 2010.
[3] F. Ferris et.al. A Model to Guide Hospice Palliative Care: Based on National Principles
and Norms of Practice. Canadian Hospice Palliative Care Association, 2002.
[4] P. Groot, A. Hommersom, P. J. Lucas, R.-J. Merk, A. ten Teije, F. van Harmelen, and
R. Serban. Using model checking for critiquing based on clinical guidelines. Artificial
intelligence in medicine, 46:19–36, 2009.
[5] S. Halle and R. Villemaire. Runtime monitoring of message-based workflows with data. In
Proceedings of the 2008 12th International IEEE Enterprise Distributed Object Computing
Conference, pages 63–72, USA, 2008. IEEE Computer Society.
[6] K. Miller and W. MacCaull. Toward careflow management systems. Journal of Emerging
Technologies in Web Intelligence Special Issue, E-health: Towards System Interoperability
through Process Integration and Performance Management, 1(2):137–145, 2009.
[7] K. Miller and W. MacCaull. Verification of careflow management systems with timed
BDI C T L logic. In 3rd International Workshop on Process-oriented Information Systems
in Healthcare (ProHealth 09), 2009. Ulm, Germany.
[8] Mor Peleg et. al. Comparing computer-interpretable guideline models: A case-study ap-
proach. JAMIA, 10:2003, 2002.
[9] A. Moreno, D. Riano, and A. Valls. Agent-based alarm management in a palliative care
unit. In 3rd Workshop on Agents Applied in Healthcare, IJCAI, Edinburgh, 2004.
[10] S. Panzarasa, S. Madd`
e, S. Quaglini, C. Pistarini, and M. Stefanelli. Evidence-based care-
flow management systems: the case of post-stroke rehabilitation. J. of Biomedical Infor-
matics, 35(2):123–139, 2002.
[11] A. Pnueli. The temporal logic of programs. In Proceedings of the Eighteenth IEEE Sym-
posium on the Foundations of Computer Science, pages 46–57, 1977.
[12] F. Rabbi, H. Wang, and W. MacCaull. YAWL2DVE: An automatic translator for workflow
verification. In The 4th IEEE International Conference on Secure Software Integration and
Reliability Improvement (SSIRI 2010), pages 53–59, 2010.
[13] J. Ruan and W. MacCaull. Data-aware monitoring for healthcare workflows using formal
methods, 2010. StFX CLI Technical Report, CLI-TR 01-2010.
[14] J. Ruan, W. MacCaull, and H. Jewers. Enhancing patient-centered palliative care with
collaborative agents. In The Second International Workshop on Collaborative Agents RE-
search and Development (CARE 2010), Toronto, Canada, 2010.
[15] U. Sattler. A List of Description Logic Reasoners. http://www.cs.man.ac.uk/ ˜sattler/rea-
soners.html. Last accessed May 07, 2010.
[16] R. M. Smullyan. First-order logic. Dover Publications Inc., 1995.
[17] W. van der Aalst and K. van Hee, editors. Workflow Management: Models, Methods, and
Systems. The MIT Press, 2004.
[18] M. Y. Vardi. The complexity of relational query languages (extended abstract). In STOC
’82: Proceedings of the fourteenth annual ACM symposium on Theory of computing, pages
137–146, New York, NY, USA, 1982. ACM.
60
