Information Technology Reference
In-Depth Information
understand how to minimize these risks, which
present a golden opportunity to hackers, thieves,
and other digital crime doers that are interested in
an organization's data or access to their network.
According to Firth (1993) and James and
Coldwell (1993), information security used to
be the responsibility of information system func-
tion, rather than the owner and the users of the
information. It was a reasonable belief because
information often used to be stored and accessed
via terminals or computer systems. Information
security was often considered a technical matter,
subsequently; it was a task presumed to fall within
the responsibility of the computing department
rather than information users. The security of the
information system outside the computer system,
consequently, has been given little consideration
or ignored totally.
Nowadays, the responsibility of implemen-
tation and operation of computer information
systems has somewhat shifted from the system
engineers exclusively to both the system engineer
and the user. Networking, portability, and ease of
software and hardware installation have brought
computers within the reach of non-technical users.
The issue is that, while users are developing
knowledge and know-how in these areas, they
lack expertise and even basic skills in protection
and security related to hardware, software, and
data. End users are hardly ever involved in the
planning or implementation of security processes
that ensure the integrity, confidentiality and avail-
ability of organization information and the related
technology. Many studies, however, have sug-
gested that the involvement of all employees in
information security processes is a crucial factor
in overcoming resistance, raising awareness, and
achieving a greater degree of buy-in, cooperation,
and commitment from personnel (Berleur 1999;
Fagan 1993; Hoppe 1994).
Information security is not limited to digital
information, but organizational information used
outside the computerized environment. Thus,
information security has a broader scope than
purely information systems security. The aim of
information security is to minimize, if not avoid
threats as well as respond to them appropriately.
Threats can be intentional or unintentional and
consist of actions that affect an information sys-
tem (hardware, software and data) and lead to
potential loss. When business information is lost,
the loss may impact only that specific organiza-
tion. In the healthcare industry, however, loss of
personally identifiable healthcare information can
severely impact patients' lives; the automation of
this information has increased governmental and
healthcare industry concerns. The Health Insur-
ance Portability and Accountability Act of 1996
(“HIPAA”) enacted by Congress was aimed at
improving portability and continuity of health
insurance coverage in the group and individual
markets.
According to Annas (2004), the type of infor-
mation recorded depends on the type of medical
facility and the accepted medical practice. It can
contain the patient's history, physical findings,
treatment, and course of diseases and may even
include specific DNA sequences in the future
(Hartl & Jones, 2002).
The fast changing information technology, the
hostile environment of cyberspace, the incorpo-
ration of digital data repositories, networking,
Internet access, and new technologies being
incorporated into healthcare industry processes
all increase the vulnerabilities that made the old
security measures inadequate. Many weaknesses
have been identified in existing healthcare security
measures.
HIPAA security rule is a step towards standards
that would ensure the security and integrity of
patients' information that is stored or transmitted
electronically. The security requirements and rules
suggested or mandated by HIPAA focuses both on
external and internal security threats because the
internal threats are of equal concern and are far
more likely to occur according to many security
experts (Gue, n.d.).
Search WWH ::
Custom Search