• DocumentCode
    1764702
  • Title

    Evaluating Legal Implementation Readiness Decision-Making

  • Author

    Massey, Aaron K. ; Otto, Paul N. ; Antn, Annie I.

  • Author_Institution
    Sch. of Interactive Comput., Georgia Inst. of Technol., Atlanta, GA, USA
  • Volume
    41
  • Issue
    6
  • fYear
    2015
  • fDate
    June 1 2015
  • Firstpage
    545
  • Lastpage
    564
  • Abstract
    Software systems are increasingly regulated. Software engineers therefore must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas requirements that have not met or exceeded their legal obligations need further refinement. In this paper, we examine how software engineers make these determinations using a multi-case study with three cases. Each case involves assessment of requirements for an electronic health record system that must comply with the US Health Insurance Portability and Accountability Act (HIPAA) and is measured against the evaluations of HIPAA compliance subject matter experts. Our first case examines how individual graduate-level software engineering students assess whether the requirements met or exceeded their HIPAA obligations. Our second case replicates the findings from our first case using a different set of participants. Our third case examines how graduate-level software engineering students assess requirements using the Wideband Delphi approach to deriving consensus in groups. Our findings suggest that the average graduate-level software engineering student is ill-prepared to write legally compliant software with any confidence and that domain experts are an absolute necessity.
  • Keywords
    electronic health records; law; software engineering; HIPAA obligations; US Health Insurance Portability and Accountability Act; electronic health record system; legal implementation readiness decision-making; legal obligations; legally compliant software; requirement assessment; software systems; wideband Delphi approach; Atmospheric measurements; Decision making; Law; Particle measurements; Software; Software engineering; Legal Implementation Readiness; Legal Requirements; Legal implementation readiness; Regulatory Compliance Software Engineering; Requirements Engineering; legal requirements; regulatory compliance software engineering; requirements engineering;
  • fLanguage
    English
  • Journal_Title
    Software Engineering, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    0098-5589
  • Type

    jour

  • DOI
    10.1109/TSE.2014.2383374
  • Filename
    6991569