Introduction
The era of high technological innovative inventions needs rather new approaches towards the security systems of technological implementation. Their versatile nature and current standards still adhere to the logical explanation as for business and legal arrangement of it. The asset management should point out all the expenditures about the main suppliances needed.
The organization under analysis is a company providing services of medical support within two cities being situated close to each other. The age of it is almost ten years and the staff is divided into several departments, including private clinics in the suburb between two cities. The total amount of employees contains 172 persons of straightforward medical workers and 34 persons working as technical employees. A special role is dedicated to the IT department which comprises 8 persons dealing with the modernization and support of current software in order to promote the best quality of medical services throughout means of communication and security systems. Living in the post-industrial society means providing people with a better connection. Medicare service should be as immediate as possible, so the modern technological decisions are core elements for the successful functioning of the healthcare system.
“Organizational risk is an aggregate factor and must be determined collectively by all of the information owners within and throughout the organization.” (Freeman, p. 234) That is why the policy of the company is according to the usage of informational technologies and assets which they encompass. First of all, the management team should point out probable risks and personal responsibility of the needful and appropriate implementations of technological implications. Current practice shows strict and rather fair competitiveness between representatives of Medicare struggling for better services maintained and evaluated out of the current and potential customers’ feedbacks. In this prospect, it is useful to realize the extent of policy points. Alan Calder in his book directly assumes the following way of steps before working out the security policy as of informational assets:
An information security policy answers the four key questions: who, where, what and why? Who is responsible for information security in the organization? To which parts of the organization does the policy apply? What are we required to do? And why are we required to do it? (Calder, p. 56).
Consideration of needs
The cabinets of medical workers should be supported with software that does not lag behind current technologies. Though the assets about equipping the company concern the following points:
- filing cabinets and stores containing paper records
- computer databases
- data files and folders
- software licenses
- physical assets (computer equipment and accessories, PDAs, cell phones)
- key services
- key people
- intangible assets such as reputation and brand (Asset Management, Ch. 12)
Concrete demands
Every employee is to be instructed before the start of official working activities with regards to basic law. Every piece of information is stated to be attached to a definite employee so that to protect the organization from information leaks. That is why all representatives should be aware of their responsible attitude towards the documents and other supported informational sources they create. The seniority of a staff member determines more responsibility in terms of information ownership policy. The level of protection about different information assets should follow the criteria schedule of their classification in order to designate whether the information is of personal character or confidential by its content. (Asset Management, Ch. 12) Thus, accountability and responsibility are the factors that provide the personnel with a conscientious attitude gained before during and after official employment. Also, employees are controlled due to the IT department in their use of other than are required as for direct profession credibility web sites and Internet services. All sites of entertaining characters are prohibited and banned inside the company. E-mailing is required in a local net which comprises all subsidiaries of the company in different locations including call-center and technical service branches.
Ethical, moral, and legal implications
Looking at the three sides of an employee’s personal following the prescriptions of a standardized and approved policy about asset management regarding informational systems and their technological implications one should carry the ethical, moral, and legal aspects about the company’s promotion of security protection. From the ethical point of view, employees should follow the appropriate way of communication with customers and within the personnel as well. The point of self-estimation and reliable attitude of an employer towards the company’s policy rises above all. This is the standpoint that prevents on the entry-level any intentional or unintentional attempt of careless employees to violate the rules according to which the company is acting and providing its services. This also concerns somehow the moral part of the issue. For example, the many-faceted nature of Internet resources tends to make medical workers be engaged in sharing any sort of information forbidden in accordance with morality and current law guidelines.
If the above-mentioned factors of attitude towards the policy of the company do not tend employees to follow them straightforwardly, in this case, the power of law dots all the “i”s. The Electronic Communications Privacy Act (ECPA), which was reformulated by Congress in 986, imposes liability on any individual who “intentionally intercepts, endeavors to intercept, or procures any person to intercept or endeavor to intercept, any wire, oral, or electronic communication.” (Brennan, p. 84) Moreover, the traditional right to privacy also gives a base for the protection of informational technologies and data used within the company. The concept of privacy adopted and widely realized in the United States is a preventing prospect as of the criminal responsibility for those who violate it. Companies are working in different spheres of life activities are provided also with the “business extension exception.” (Brennan, 84) According to it, network providers are required to use electronic communications in the specific time frame of appropriate use when:
- the intercepting device is part of the communications network;
- the device is used in the ordinary course of business. (Brennan, p. 84).
All precedents of every known attempt to violate the security policy in this or that company are stated in the law base accordingly. This gives hope for further consideration of every such try of an employee. The entire attitudinal harmony still contributes to the perpetual well-being of the company. “To protect themselves from legal liabilities, health care organizations need to show due diligence in attempting to implement best practices in this regard.” (Freeman, p. 234).
Conclusion
Thus, in accordance with the IT security policy, the activity of the company dealing with Medicare conduct of services is aimed to keep a strict eye on the employees’ interactive relationships by means of informational technologies and devices. The ethical, moral, and finally legal bases for the purpose of policy’s protection are greatly developed in order to provide a company’s successful functioning.
Reference
- Assets and Information Systems Strategic Plan 2007-2011. Healthcare Practioner Registration Board. Queensland Government.
- Brennan, Linda L., Johnson, Victoria Elizabeth. (2003) Social, ethical and policy implications of information technology. Idea Group Inc (IGI)
- Calder, Alan. (2005) A business guide to information security: how to protect your company’s IT assets, reduce risks and understand the law. Kogan Page Publishers
- Freeman, Lee, Peace, Graham. (2005) Information ethics: privacy and intellectual property. Idea Group Inc (IGI)