SLP- Information Sensitivity and Protection of Data - Essay Example

INFORMATION SENSITIVITY AND PROTECTION OF DATA Development level of organization’s information security policies On a scale from to 10, the development stage of the organization’s information security policy will be placed at 7 out of 10. This means that a lot have been achieved since the half mark has been crossed but there still remains a lot to be done. Components that constitutes for the present rating may be based on factors including the fact that the organization has already put in place an in-house learning system whereby all employees and other human resource personnel within the organization are getting themselves acquainted with the new information security policy that has been issued in the organization.

The reason why the present in-house learning system is that the hospital information system (HIS) has been described as one of the most complex, which if practitioners do not get very familiar with could lead to several health complications for service users (Miller and Sim, 2004). In addition to the in-house learning system, there has also been the acquisition of enough information system equipment and technology tools that caters for modern trends and changes in health service delivery.Confidentiality, availability and reliability policies The assurance of confidentiality of data and information constitutes an ethical consideration for the new hospital information system implemented within the organization (Devaraj and Kohli, 2000).

This is because it is important that the organization adheres to national and international provisions of health service delivery such as HIPAA regulations, which enshrines that patients receive maximum security and confidentiality on their data and information (Chaudhry et al, 2006). Presently, the organization uses a technology based policy that makes it impossible for data and information within the database of the organization to be accessed by people who are not directly involved in a given department of the organization to which the information belongs.

For example, regardless of the network provision on the system, those in the pharmacy section cannot access information from the laboratory department without prior approval from the laboratory department. Moreover, there is the use of a password system in the protection of data such that only a limited number of people are allowed access to the system. This policy also goes a long way to ensure reliability of data as the possibility that there will be doctoring of key information is almost an impossibility.

Finally, there is a special biometric identification and coding system that identifies patients and people whose information is stored on the system rather than the use of actual names of patients. This system ensures anonymity as well as confidentiality of participants. Protection of loss dataIn its quest to avoid possible cases of loss of vital data from its database, the organization employs on the use of a specialized backup system that ensures that every data entered into the system is given an automatic backup mechanism.

In case of major power cuts or breakdown in the system, it is still very much possible to retrieve data because the backup system uses an online system. What this means is that because there is a web storage system that is updated on a regular basis, even if an event like fire or natural disaster occurs, it will still be possible to retrieve data from the website that gives automatic online storage and backup to the data (Dennis, 2000). what is more interesting is that even in the process of entering data, there is an automated drafting and backing up of the data after every 5 seconds and so if a catastrophe occurs whiles entering data, only 5 seconds of data previously entered will be lost.

Enhancement of Information SecurityAssessment and evaluation of the level of quality of information security is very important. In this end, into the future, it is recommended that the organization continues to take pragmatic steps towards enhancing information security by including an external quality assurance mechanism. With the advancement of information technology by the day, it is important that the company seek knowledge from external sources by instituting an independent third party quality assurance team whose task will be to constantly monitor the information of the organization to ensure that its operations are within modern scope of information security practice.

It is hoped that the independence of this body will ensure a more enhanced and credible information security assessment system in terms of quality.REFERENCE LISTChaudhry B., Wang J., Wu S., M. Maglione, W. Mojica, E. Roth, S. C. Morton, and Shekelle P. G. (2006). “Systematic review: impact of health information technology on quality, efficiency, and costs of medical care,” Annals of internal medicine, vol. 144, no. 10, p. 742, Dennis J. C. (2000). Privacy and Confidentiality of Health Information.

Jossey-Bass Inc Pub, May Devaraj S.and Kohli R. (2000). Information technology payoff in the health-care industry: a longitudinal study. Journal of Management Information Systems, vol. 16, no. 4, pp. 41–67.Miller R. H. and Sim I.(2004). Physicians’ use of electronic medical records: barriers and solutions. Health Affairs, vol. 23, no. 2, p. 116