How to Write a SE Code Argument



Similar documents
Software Engineering Code of Ethics and Professional Practice

Ethics. Code. The Board of Governors of. Software. Engineering. Don Gotterbarn, Keith Miller, and Simon Rogerson

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

VALPARAISO UNIVERSITY NOTICE OF PRIVACY PRACTICES. Health, Dental and Vision Benefits Health Care Reimbursement Account

Sunrise Report Licensing of Alcohol and Drug Addiction Counselors August 2012

8 Wakeman Rd Fairfield, CT (203)

Software engineering has evolved

Notice of Privacy and Electronic Communication Practices

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

Fact Sheet. Prescription Data Mining

Advanced Eye Care & Optical 499 E Winchester Blvd., Suite 101 Collierville, TN Phone: Fax:

Guilford Medical Associates, P.A.

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES

Dear Applicant: Criteria for admission to the program includes:

HIPAA Notice of Privacy Practices - Sample Notice. Disclaimer: Template Notice of Privacy Practices (45 C.F.R )

NOTICE OF PRIVACY PRACTICES. The University of North Carolina at Chapel Hill. UNC-CH School of Nursing Faculty Practice Carolina Nursing Associates

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

Notice of Privacy Practices

HIPAA NOTICE OF PRIVACY PRACTICES Woodlands Behavioral Healthcare Network (WBHN)

HIPAA NOTICE TO PATIENTS

Best practice guidelines are not ethics, per se, but do recommend practice standards that professional counselors should strive to uphold.

PSYCHIATRIC MENTAL HEALTH NURSE PRACTITIONER SERVICES

INSURANCE/FINANCIAL DISCLAIMER FOR BRIER CREEK DENTAL

Accredited Home Health Care of America - Notice of Privacy Practices

THE INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

The What to Expect Series FINRA s Dispute Resolution Process 1

INTEGRITY WELLNESS CENTER NOTICE OF PRIVACY PRACTICES

ΗΜΥ 317 Τεχνολογία Υπολογισμού

THE CIPM ASSOCIATION CODE OF ETHICS AND STANDARDS OF PROFESSIONAL CONDUCT PREAMBLE THE CODE OF ETHICS

DALLAS ALLERGY & ASTHMA CENTER

Toronto School of Theology Guidelines for the Preparation and Ethics Review of Doctor of Ministry Thesis Projects Involving Human Subjects

NOTICE OF PRIVACY POLICY. Effective:, 2013

What is social media?

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

SONA SYSTEMS RESEARCHER DOCUMENTATION

9129 Monroe Rd. Suite 100, Charlotte, NC 28270

HIPAA NOTICE OF PRIVACY PRACTICES

Bradley D. Powell, PhD NOTICE OF PRIVACY PRACTICES: Effective June 1, 2004

Health Insurance Portability and Accountability Act (HIPAA)

Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices. l. Use and Disclosures of Protected Health Information

American Guild of Musical Artists ( AGMA ) Health Fund Privacy Notice. Plan A and Plan B

Secondary School Policies: Release of Student Disciplinary Information to Colleges

LIFESTREAM BEHAVIORAL CENTER, INC. JOINT NOTICE OF PRIVACY PRACTICES. Effective Date: April 14, 2003

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES. for Sony Pictures Entertainment Inc.

HIPAA Notice of Patient Privacy Practices

NOTICE OF PRIVACY PRACTICES FOR THE NORTH CENTRAL NURSING CLINICS

Don Gotterbarn, Keith Miller, and Simon Rogerson

Credit Union Code for the Protection of Personal Information

Guide to Filing Ethics Complaints and Arbitration Requests

TWENTY-FIVE TIPS FOR EMPLOYEE TRAINING AND SUPERVISION (INCLUDING AVOIDANCE OF UNAUTHORIZED PRACTICE OF LAW)

WRITING A CRITICAL ARTICLE REVIEW

SUPREME COURT OF THE STATE OF ARIZONA

Wisconsin Lawyers Use Cooperative Practice in Divorce Cases John Lande University of Missouri School of Law

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

NOTICE OF PRIVACY PRACTICES FOR PURDUE UNIVERSITY HEALTH PLANS

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX Main Fax

Pierce County Policy on Computer Use and Information Systems

155 McDonald Drive SW Shirley E. Charette, MS, PA-C

The Ethics of E-Discovery. computer technologies in civil litigation, courts are faced with a myriad of issues

Addressing Abusive Lawyer Conduct in Relation to Litigation Proceedings

SCRIPT FOR PROVIDER/ACO PHONE INQUIRIES. What is an ACO?

HIPAA Privacy & Security Training for Clinicians

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Analyzing Research Articles: A Guide for Readers and Writers 1. Sam Mathews, Ph.D. Department of Psychology The University of West Florida

Guidelines for membership and operation of NCIRS-AIP discussion group

The Ethics of Pre-Employment Screening Through the Use of the Internet

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

Eye Clinic of Bellevue, LTD. P.S. Privacy Policy EYE CLINIC OF BELLEVUE LTD PS NOTICE OF INFORMATION PRACTICES

REGISTRATION FORM (Please print)

Forrestville Valley School District #221

Acceptable Use of Electronic Networked Resources & Internet Safety

NOTICE OF PRIVACY PRACTICES (NPP)

NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Ethical Guidelines to Publication of Chemical Research

CBIA Service Corporation Privacy and Security Notice

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES

State of Florida Employees' Group Health Insurance Privacy Notice

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

SECTION 18 1 FRAUD, WASTE AND ABUSE

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

ANNUAL SECURITY RESPONSIBILITY REVIEW

Publication Ethics and Publication Malpractice Statement of the German Journal of Agricultural Economics (GJAE) 1

9180 Katy Fwy Houston, TX aokmedicalcenter.com

Fraud Prevention and Deterrence

Certified Alcohol & Drug Counselor (CADC) Appendix B. Code of Ethical Standards

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL Fax HIPAA Notice of Privacy Practices ( Notice )

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

HUMAN RESOURCE PROCEDURE GUIDE CONDUCTING WORKPLACE INVESTIGATIONS

Re: HIPAA/HITECH Final Rule Clarification and Guidance Sought on Refill Reminder Programs

* IN THE. * CASE NO.: 24-C Defendant * * * * * * * * * * * * * * * * * * * * * * * MEMORANDUM

Etiquette (Netiquette) Guidance

READ ONLY COPIES (These forms to be completed in the doctor s office at time of visit)

The Mathematics of Alcoholics Anonymous

DEKALB COUNTY GOVERNMENT DRUG-FREE WORKPLACE POLICY

Transcription:

How to Write a SE Code Argument CSC 300: Professional Responsibilities Dr. Clark Turner 1 Overview This handout is intended to provide explicit instructions for creating an ethical argument using the Software Engineering Code of Ethics. A general overview is as follows. 1. Facts: Introduce the domain and relevant information. 2. Ethical Question: From these facts, an ethical question should logically follow and be asked. 3. Find SE Code Rules: With this focused ethical question, find all SE Code rules which apply. After you have chosen the applicable rules, choose a few which most strongly apply. These rules will be the basis for your analysis. 4. Apply the Rules: Break down each SE Code rule into its phrases and replace the phrases with the equivalent domain specific phrase. With all phrases substituted, show how the modified rule was or was not followed using the aforementioned facts. 5. Conclude: Once you have shown whether the particular SE Code rules were or were not followed, conclude by summarizing the results and answering your ethical question. Your conclusion should logically flow from your analysis. This handout will now go further into each of these steps with more explanation and an example. This example is based on an incident where CVS Pharmacy gave private patient data to a third party. Note: Dr. Turner appreciates the use of L A TEX to write your papers. L A TEX is a great skill to have which will make your resulting paper look more consistent and professional. 2 Facts In order for your audience to understand your analysis, you must introduce the facts you plan to use in your argument. Do not include more facts than are needed for comprehension since they will distract your reader. 2.1 Facts Example CVS is a drug store and pharmacy which fills medical prescriptions written by authorized medical professionals.[7] In order to help people stay current with their prescriptions, CVS management decided to send out reminders to all of its patients. CVS, however, did not have the necessary technology to send reminders efficiently themselves. A direct mail marketing company named Elensys had the technical ability. CVS therefore contracted with Elensys to provide direct mail reminders for patients who would likely forget to renew their prescriptions.[12] To more accurately target forgetful patients, CVS gave Elensys all of its patients prescription information for Data Mining purposes. This transfer of patient data has caused much controversy since CVS patients did not sign an agreement for CVS to release their data to a third party.[2] CVS patients additionally were not notified that CVS was sending reminders.[8] Fur- 1

thermore, this patient data was not anonymized meaning that patient names and other personal information was available to anyone who viewed the data.[6] This incident is currently in litigation in a Massachusetts court as the case Weld and Kelly v. CVS Pharmacy, Inc., Elensys, and Glaxo Wellcome, et al. [11] 3 Research Question In order to focus your writing, you need to have a single yes or no question to answer. This question should follow from the natural progression of your facts. That is after the reader finishes your facts section, they should be asking to themselves your research question. 3.1 Research Question Example Was it ethical for CVS and Elensys to transfer patient information for the purpose of efficiently sending prescription reminders? 4 SE Code Analysis One of the best ways to analyze the ethics of an action performed by a software related entity is to use the Software Engineering Code of Ethics. The SE Code is the professional standard adopted by both ACM and IEEE to govern members of the Software Engineering profession. Before you start your actual analysis, you must first state why the SE Code can be used to evaluate the entities in your question. This means that the participants involved must deal with software in some way. The example analysis quotes the SE Code s description of all possible individuals included under its domain. Once the readers have seen the applicability of the SE Code to the entities in your question, you can start your analysis. Each main SE Code rule should be analyzed separately, but similar rules can be ordered together for readability. To make a strong case that the parties involved followed or did not follow a SE Code rule, the rule must be broken down into its phrases. These phrases must then be replaced by their equivalent meaning as applied to your question. This results in a modified SE Code rule which applies to your particular domain. The final step is to use this modified SE Code rule and your facts to come to an ethical answer. This substitution process can be seen twice in the example. 4.1 SE Code Analysis Example In order to determine whether or not CVS and Elensys were ethical, this paper will apply the Software Engineering Code of Ethics[9]. Since the SE Code technically only applies to Software Engineering professionals, CVS and Elensys must first be considered professionals under the SE Code s definition. The SE Code states that it applies to professional software engineers, including practitioners, educators, managers, supervisors and policy makers, as well as trainees and students of the profession. [9] Elensys is included by this definition since they directly developed Data Mining software making them professional software engineers. CVS, however, is not directly a software development company. CVS does maintain the database of all its patients making them practitioners and therefore required to abide by the SE Code. Now that it has been shown that the SE Code applies 2

to both entities, the SE Code can be used to judge the ethics of CVS and Elensys actions. The first SE Code rule that is applicable is 2.03 which states SE Code 2.03: Use the property of a client... only in ways properly authorized, and with the client s... knowledge and consent.[9] SE Code 2.03 deals with using the property of a client in an authorized manner. Specifically the client in this case refers to the CVS patients and their property is their confidential information. The phrase properly authorized requires that the patients have previously signed paperwork giving CVS the authority to share their medical information with a third party.[1] The use of patient information must further be used with both the client s knowledge which means the patient is aware that their data is being used to send reminders as well as the client s consent which is the approval given by the patients after they know the intended use of their data. After the appropriate substitutions, SE Code 2.03 reads Substituted SE Code 2.03: Use the CVS patient data... only in ways properly authorized, and with the CVS patients... knowledge and approval of the data transfer to Elensys. CVS and Elensys did none of the previously mentioned requirements to ethically transfer patient data under SE Code 2.03. As was stated in the facts, patients did not give CVS prior authorization to share their information with a third party such as Elensys. There was no client knowledge as CVS did not notify their patients that they were planning to give their data to Elensys. Furthermore, since CVS patients were not informed, they could not give their consent. Since CVS patients did not authorize, know or consent to this data transfer, CVS and Elensys are in violation of SE Code 2.03 which makes their actions unethical. SE Code 2.03: Authorized Use CVS and Elensys Actions: The second SE Code rule that applies is 3.12 which states SE Code 3.12: Work to develop software and related documents that respect the privacy of those who will be affected by that software.[9] We again break this rule into its parts. Develop software in this case refers to the creation of the prescription reminder system. This system will affect the CVS patients so those who will be affected by that software refers to the CVS patients. The privacy of the CVS patients equates to their provided medical data and to respect that private medical data means to make an effort to protect it.[10] After these substitutions SE Code 3.12 states Substituted SE Code 3.12: Work to create a reminder system... that makes an effort to protect the confidential medical data of CVS patients. The answer to this rule depends on whether CVS and Elensys respected the patients private data. A minimal approach to making an effort to protect the confidential data would be to look at the current research to see if any work already exists to anonymize data for security purposes. Since such anonymization 3

technologies did exist at that time[4, 5, 3], it can be argued that CVS and Elensys did not investigate the current research and therefore did not respect the patients data. Therefore CVS and Elensys are in violation of SE Code 3.12 which makes their actions unethical. SE Code 3.12: Respect Privacy CVS and Elensys Actions: 5 Conclusion The conclusion is a summary of your entire analysis. It should reiterate the answer your audience has been forming while reading your analysis. New information should never be introduced in your conclusion. 5.1 Conclusion Example Many different SE Code rules have been examined throughout this paper to determine whether or not CVS and Elensys actions were ethical. Table 1 summarizes the results. SE Code Rule SE Code 2.03 SE Code 3.12 Final Conclusion Result Table 1: Summary of Ethical Results As Table 1 shows, all of the applicable SE Code rules have been violated. Therefore this paper concludes that CVS and Elensys acted unethically. 6 Bibliography Always make sure to cite the sources of your facts. You may have a great analysis but unless you cite the facts, the foundation of your argument is flawed. Those arguing against your position will simply state, Yes your argument is logically based on the facts you have stated, but how can I be sure you did not just make them up? This, however, could all be avoided by taking a few notes when doing your background research and including them in your paper. Additionally, your argument will be stronger if you cite many different sources as oppose to just a few. The more sources you have cited, the more convinced your readers will be that you have conducted thorough background research. References [1] Dictionary.com unabridged. Feb 2010. [2] P.S. Appelbaum. Threats to the Confidentiality of Medical Records No Place to Hide. JAMA, 283(6):795, 2000. [3] U. Blien, H. Wirth, and M. Muller. Disclosure risk for microdata stemming from official statistics. Statistica Neerlandica, 46(1):69 82, 1992. [4] M.S. Chen, J. Han, and P.S. Yu. Data mining: An overview from a database perspective. IEEE Transactions on Knowledge and data Engineering, 8(6):866 883, 1996. [5] C. Clifton and D. Marks. Security and privacy implications of data mining. In ACM SIGMOD Workshop on Research Issues on Data Mining and Knowledge Discovery, pages 15 19. Citeseer, 1996. 4

[6] M.J. Culnan. Giant Food and Elensys: Looking Out For Customer Gross Privacy Invasion? Communications of the Association for Information Systems, 16(1):14, 2005. [7] CVS. Cvs website. http://www.cvs.com/, 2010. [8] NB Finn and WF Bria. Keeping Health Information Away from Prying Eyes. [9] Don Gotterbarn, Keith Miller, and Simon Rogerson. Computer Society and ACM Approve Software Engineering Code of Ethics. Computer, pages 84 88, 1999. [10] B. Lo and A. Alpers. Uses and abuses of prescription drug information in pharmacy benefits management programs. JAMA, 283(6):801, 2000. [11] Robyn A. Meinhardt. New Perils of Sharing or Selling Prescription Information. Drug Benefit Trends, 11(3):27 28, 1998. [12] Kurt Thearling. Data mining and privacy: A conflict in the making? http://www.thearling.com/text/ dsstar/privacy.htm, 1998. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information