Information Technology Reference
In-Depth Information
factors, such as technical innovations, new and
creative ideas, strategic alliances, acquisitions
and mergers, and a culture of continuous change
(Ekstedt et al., 2005). The information assets of
organizations have been stored mostly in a digi-
tal format. As Qu (2001) points out, these assets
include the intellectual property, products, as
well as classified and private information about
business partners and customers. Modern busi-
ness practices require that these assets have to be
available, reliable, and accessible by customers,
employees, and partners on site and at a distance.
Because the digital world in which these assets are
stored (cyber-space) is as vulnerable to attack as
it is accessible. It is dangerous to store valuable
data in this environment. Securing these infor-
mation assets is crucial and a leading priority of
responsible management, especially IT managers
in healthcare establishment. “Security” to these
leaders is closely connected to, if not synonymous
with, “disaster recovery” of information assets
(Johnson, 2002).
The aim of planning, designing, and imple-
menting Information Technology (IT) security best
practices is not only to ensure the confidentiality
and the integrity of the data produced and used,
but also to sustain the availability of the Informa-
tion Systems (IS) (Davies, 1986; Forcht, 1994;
Pfleeger, 1997).
The IT security dilemma becomes more
relevant when private healthcare information is
concerned. The Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”) enacted
by Congress was designed to improve portability
and continuity of health insurance coverage in the
group and individual markets. The HIPAA security
rule is a step towards standards that would ensure
the security and integrity of patients' information
stored or transmitted electronically or what is
called electronic private healthcare information
(ePHI).
The security requirements and rules mandated
by HIPAA focus both on external and internal
security threats. Contrary to popular conception,
however, the internal threats are at least equal
external problems as security concerns and are far
more likely to occur according to many security
experts. The problem is that it is doubtful that
healthcare institutions will be able to meet the
requirements of the HIPAA security rule to pre-
pare for these threats (Walt, 2004; Bravo, 2005).
BACKGROUND OF THE STUDY
As Information Technology has become a part of
the core business in today's organizations and the
fabric of our daily lives, the security of private and
personal information has become an increasing
concern. This concern has evolved as the rate of
computer-related crimes has risen especially in
the areas of hacking, theft, fraud, sabotage, and
cyber terrorism. Changes in cultural, social, eco-
nomic, and business boundaries make Information
Systems (IS) easy to reach. Private and personal
information can be remotely targeted. The value
of this information makes it attractive to hackers,
thieves, and rivals.
Information security, however, has evolved
through time alongside the bad guys. Organiza-
tions' policies and rules to protect sensitive data
have been evolving through careful trial and error
over the last 20 years.
Research of computer crimes and security
management often suggests poor implementation
of security measures and little awareness about
security issues. Security and protective measures
are implemented in a piecemeal manner, often in
response to surfacing security problems or viola-
tions. Most employees within organizations and
computer users at home are not aware of vulnerable
and possible exposure areas that may threaten an
organization's or personal information nor do they
Search WWH ::
Custom Search