Title :
Evaluating Legal Implementation Readiness Decision-Making
Author :
Massey, Aaron K. ; Otto, Paul N. ; Antn, Annie I.
Author_Institution :
Sch. of Interactive Comput., Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
Software systems are increasingly regulated. Software engineers therefore must determine which requirements have met or exceeded their legal obligations and which requirements have not. Requirements that have met or exceeded their legal obligations are legally implementation ready, whereas requirements that have not met or exceeded their legal obligations need further refinement. In this paper, we examine how software engineers make these determinations using a multi-case study with three cases. Each case involves assessment of requirements for an electronic health record system that must comply with the US Health Insurance Portability and Accountability Act (HIPAA) and is measured against the evaluations of HIPAA compliance subject matter experts. Our first case examines how individual graduate-level software engineering students assess whether the requirements met or exceeded their HIPAA obligations. Our second case replicates the findings from our first case using a different set of participants. Our third case examines how graduate-level software engineering students assess requirements using the Wideband Delphi approach to deriving consensus in groups. Our findings suggest that the average graduate-level software engineering student is ill-prepared to write legally compliant software with any confidence and that domain experts are an absolute necessity.
Keywords :
electronic health records; law; software engineering; HIPAA obligations; US Health Insurance Portability and Accountability Act; electronic health record system; legal implementation readiness decision-making; legal obligations; legally compliant software; requirement assessment; software systems; wideband Delphi approach; Atmospheric measurements; Decision making; Law; Particle measurements; Software; Software engineering; Legal Implementation Readiness; Legal Requirements; Legal implementation readiness; Regulatory Compliance Software Engineering; Requirements Engineering; legal requirements; regulatory compliance software engineering; requirements engineering;
Journal_Title :
Software Engineering, IEEE Transactions on
DOI :
10.1109/TSE.2014.2383374