Information Sensitivity and Protection of Data - Essay Example

Information Sensitivity and Protection of Data Since it is important for healthcare organizations to protect their crucial information regarding the organization, employees and the patients, thus Beth Israel Deaconess Medical Center (BIDMC), Mayo Foundation, and Georgetown University Medical Centers have put forward their detailed privacy and security policies that all users of the system have to comply with in order to ensure data protection. All the three policies discuss the security measures that should be taken to protect information that has been stored on technological devices, that is computer systems and networks, and ensures that the employees use proper passwords, softwares and firewalls to authorize data access.

Each organization significantly talks about the scanning of emails and other information that is being exchanged on internet to ensure that no illegal activity or transaction is being conducted. The use of email for the exchange of confidential information is discouraged by each organization. Authorization controls have been stressed upon so that the persons utilizing the information systems are authenticated to make sure that data does not get disclosed to wrong persons. 2. Each organization has a different form of information that it has to protect.

BIDMC stores all sorts of information regarding BIDMC that includes general information and medical records which the employees can make use of for academic and research purposes. Thus, its policy talks about the protection of this specific kind of information that can help its employees in the development of projects and professionalism. Mayo Foundation stores not only general information but also regarding patients that can be useful during transactions for health benefits of the patients. Georgetown, on the contrary, has to store only the medical information of the patients that register themselves with the organization for treatment purpose or as part of research projects (Georgetown University Medical Centers, 2007).

Since BIDMC has to store all information on computerized system, it specifically talks about data protection methods online and talks about no privacy for employees as information is easily accessible to everybody (Beth Israel Deaconess Medical Technology Resources Policy, 2007). Mayo has a different approach as it has divided the access control into three categories: individual-based access control, role-based access control, and context-based access control (Mayo Foundation, 2002). The scanning of information through email and visited websites is even stricter in Mayo policy than other organizations because every bit of visited or shared information is being checked by the information security office. 3. I feel that one of the most important principles is the use of passwords and the responsibility for safeguarding the passwords because once the password is broken, the unauthorized person will have easy and direct access to all crucial information regarding the organization, its research projects and the medical records of the patients.

The length, content and duration of passwords should matter the most. Another important element of these security policies is the internet access control that is, proper check is being kept upon the internet usage by the employees so that they cannot use or share any illicit information regarding the organization or any other information that is against ethics. Thus, password protection and internet monitoring are some of the most important elements I have found in these security policies. References Beth Israel Deaconess Medical Technology Resources Policy (2007). HIMSS. Retrieved April 26, 2011, from http://www.himss.org/content/files/CPRIToolkit/version6/v6%20pdf/D39a_Beth_Israel_Deaconess_Medical_Center_Technology_Resources_Policies.

pdf Georgetown University Medical Centers (2007). HIMSS. Retrieved April 26, 2011, from http://www.himss.org/ASP/privacySecurityTree.asp?faid=78&tid=4 Mayo Foundation (2002). HIMSS. Retrieved April 26, 2011, from http://www.himss.org/content/files/CPRIToolkit/version6/v6%20pdf/D39e_Mayo_Foundation_Information_Security_Policies.pdf