Computers and Information Systems Essay

INTRODUCTION OF INFORMATION SECURITY POLICY Information is a valuable asset. The protection of these assets is a basic management responsibility. Employing officers are responsible for: †¢ Identifying and protecting computer-related information assets within their assigned area of management control and ensuring that these assets are used for management-approved purpose only and all employees understand their obligation to protect them. †¢ Implementing security practices and procedures that are consistent with the Company Information Asset Security Manual and value of the assets. PRIVACY AND SECURITY POLICIES TAKEN CARE BY VARIOUS HIGHLY RECOGNIZED HEALTHCARE ORGANIZATION PARTNERS HEALTHCARE ORGANIZATION Partners HealthCare is committed to ensuring the privacy and security of patient health information. In order to facilitate and implement the activities related to the privacy and security of Protected Health Information (PHI), Partners HealthCare has appointed a Corporate Privacy Officer. The privacy officer responsible for implementation and oversight of the policies and procedures regarding the privacy of health information at their site. BETH ISRAEL MEDICAL CENTER Beth Israel Medical Center has adopted CPRI Toolkit -Technology Resources Policy to ensure uniform and appropriate use of its computer and telecommunication resources (the â€Å"Technology Resources,† defined below). POLICY: In using or accessing the Technology Resources, Users must comply with the following provisions. NO EXPECTATION OF PRIVACY â€Å"Users understand and agree that: BIDMC retains the right, with or without cause or notice to the User, to access or monitor the Computer Information, including User e-mail and Internet usage.†(Hodge et al. 1968, pg 17) Please keep in mind that anything created or stored on the Technology Resources, including the Computer Information, may be reviewed by others and that even deleted files may be recovered. USE OF E-MAIL AND INTERNET ACCESS AND USE All User e-mail addresses assigned by BIDMC shall remain the sole and exclusive property of BIDMC. Users should endeavor to make each of their electronic communications truthful and accurate. â€Å"Users should use the same care in drafting e-mail and other electronic documents as they would for any other written communication. The quality of your writing will reflect on BIDMC. Users are encouraged to use the Internet and intranets to assist them in the performance of their jobs.† (Thomas. R. 2001, 87) PASSWORDS Users are responsible for safeguarding their passwords for access to the Technology Resources. Users should recognize that the combination of a logon identification and password is the equivalent of a signature and that the disclosure to another individual is the equivalent of handing that individual a signed blank check. MAYO HEALTHCARE ORGANIZATION Mayo HealthCare is committed to ensuring the privacy and security of patient health information by means of certain policies. ACCESS CONTROL TERMS – Individual-based access control. – Role-based access control. – Context-based access control. POLICY-RELATED TERMS – Policy: a broad statement of principle or intent that presents Mayo’s position. Policies are interpreted and supported by standards. – Standard: a rule or regulation that specifies conduct or a course of action. Standards are mandatory directives for implementing Mayo policy that ensure uniform compliance. – Guideline: a recommended course of action or a response to a given situation. Guidelines should be considered when determining how to implement standards. PROTECTED HEALTH INFORMATION (PHI) I. Information security Mayo Foundation will protect its vital information from unauthorized access, modification, disclosure, or destruction, by conducting security program with patients and of Mayo Foundation. II. Security administration A group will exist to develop and maintain an information security program for Mayo Foundation entities. THEMES COMMON AMONG EACH ORGANIZATION`S POLICIES †¢ Controlling Access to Information and Systems, Operations and Administration. †¢ Network Security Policies. †¢ E-mail and the Worldwide Web, Telephones and Fax. †¢ Data Management. †¢ Backup, Recovery and Archiving. †¢ Document Handling. †¢ Securing Data. KEY SECURITY PRINCIPLES AND ELEMENTS FOR INFORMATION SECURITY AND PRIVACY MANAGEMENT The key security principles and the critical areas needing improvement for the healthcare organization. SECURING REMOTE ACCESS AND OTHER DRIVERS OF PHYSICIAN EFFECTIVENESS For many providers, ensuring physician effectiveness and quality of life is a top priority. This includes helping physicians gain off-site access to records, without having to come to the hospital or sign into multiple hospital systems. EXTENDING SECURITY AND PRIVACY TO THIRD PARTIES Secure interoperability from hospitals to physician practices is also becoming a requirement as the healthcare industry in many global markets moves towards wider use of electronic medical records and information sharing across collaborative groups (such as the emerging US regional health information organizations). (Perry. E., 1967, 48) DEVELOPING BUSINESS CONTINUITY AND DISASTER RECOVERY PLANS In the wake of high-profile natural disasters and health-related crises worldwide, most healthcare respondents (70%) identified business continuity and disaster recovery planning as one of the most critical business factors driving their information security spending. Forty-four percent, however, do not yet have such a capability, and 59% report that developing or improving these plans is a strategic security initiative for the coming year. References Hodge, Bartow, & Hodgson, Robert. N. (nod.). 1968 Management and the Computer information system McGraw-Hill Companies, The, New York, NY, U.S.A. pg 17 Peltier, Thomas. R. (n.d.). 2001, Information Security Policies and Procedures: A practitioner’s Reference. TAYLOR & FRANCIS LTD, pg. 87 Rosove, Perry. E. (n.d.). 1967, Developing Computer-based Information system. John Wiley & Sons, NY,pg. 48