Establishing Regulatory Compliance for Information System Requirements: An Experience Report from the Health Care Domain