Introduction
This is an essay on information security. The essay will give a brief history of information technology and practices. This will include what triggered the need for information security, specifically in the healthcare sector and the role that HIPAA has played.
A review of the technologies and practices used today and how they could or will be used in the future will also be discussed in details. Additionally, the essay will address the different types of information security, compare and contrast the different applications that are available for use.
It will conclusively address the current legal and ethical issues that apply to the subject matter, both currently and potential issues that could arise in the future.
The essay will informatively give relevant and real-life examples of the information security measures/technology that have been discussed as well as a personal experience upon the completion of the essay. An electronic health record system will form a basis of this essay, and hence its pros and cons will be analyzed including security and privacy.
Information Security
So just what is information security? Information security is regarded to as the processes and methodologies put in place and implemented to protect print, electronic, or any confidential information be it print, private, electronic, and sensitive information or data from unauthorized access, use, destruction, disruption, misuse, disclosure or modification at any given time (SANS, 2011).
Information security is generally the process of protecting information availability, privacy and integrity. Business entities and individuals are founded on information stored in a computer database. Such information could be personal staff details, marketing and sales information, client lists, debtors’ lists, salaries, and bank account details.
However, there are still a few individuals inform of hackers who can access this information if they have the right hardware and thus proper procedures and systems ought to be applied in order to curb this malpractice. Computer experts and information technologists reserve the right of designing, operating, securing and maintaining an efficient information system.
History of Information Technology and Practices
Algorithm, which is the procedure as to which things should be accomplished is the shortest yet most correct definition of Information technology. Over the last three hundred years, tools have been created to define and replicate occurring and constructed patterns mathematically. This has been largely demonstrated in hardware and software processes.
But it is Aristotle’s study of logic that brought to light algorithms. The creator of calculus, Leibniz, later on observed and proved that real world processes could be mapped using mathematical symbols and this gave a theoretical possibility of modeling social processes, sequences of DNA and mathematical abstractions. Information security bore its roots from this prove.
Information security can be defined as the definition of a logical algebraic function that yields consistent outcomes for given processes then coding them in hardware or software formats. Although it took centuries for this Leibniz conception to be actualized, information security history has its roots in this concept.
Development of machine computers was the initial step to the IT development and it started in the industrial revolution. Numerous attempts were made to create smart machines to solve the simple and complex mathematical calculations that came into being. In the 1830s, Charles Babbage attempted to develop the difference engine in England to produce solutions for tide-table mechanically, efficiently and accurately.
But there was no potential to construct the engine though, the concept was well understood. This led to the development of the analytical engine that could perform multiple mathematical tasks and it formed the basis for a computer.
But the increasing demand for information processing overrode the general idea for multi-purpose calculating machine and as of that Herman Hollerith developed a mechanical system for processing census data in the US by 1890. The innovation was very successful and hence he went forth to form the Tabulating Machine Company that founded the IBM.
However, the search for mechanical means to generate and manipulate information continued on mechanical analog computers over the years and reached its peak in the world wars with improved models helping to analyze the complex engineering and scientific problems from the wars. In 1931, however, Vannevar Bush of MIT developed a differential analyzer that could perform a series of engineering and scientific problems.
But it was after the World War II that binary logic of Leibniz, Babbage’s general purpose computing machine idea, Bush’s practical model of a multi-purpose machine, business experience and the need for pure mathematical information that led to the development of a modern computer.
The first fully programmable computer, Mark 1 came to be in the August 1944 courtesy of Hathaway Aiken and a team at Harvard. It was designed to produce ballistics computations and code breaking for the US Navy. It was implemented by IBM. More technical advancements continued on the computer with time.
The first electronic computer was also completed in 1944 by the National Defense Research Council (NDRC) with 18,000 vacuum tubes, 6,000 switches, 1500 relays and 10,000 capacitors. In the 1950s and 1960s, computing was only for big companies for it involved a lot of money with IBM dominating the industry.
The creation of a micro processor by Intel in 1971 was significant in combining all computing elements. This helped in separation, heating problems, size and computing power. A multi-purpose information machine that could create information in multiple formats was later developed followed by the possibility of separating software and hardware innovations.
The range of programs increased with time, memory and storage facilities, internet services, networking and connectivity advancements all led to the current demand for use of computers.
The public dissemination of intellectual property has also boosted ownership and protection of programs. All these patterns and structures will define the development of IT in the future (Kyle, 2000).
What triggered the need for Information Security Specific to Healthcare?
It is generally known that people choose to disclose their most intimate information to get the best treatment. And because sickness is not a matter of celebration and the fact that many view it as a weakness, people will only give such information regarding their ailment in privacy and to people they can trust in confidentiality.
Even doctors gain trust only if they guarantee privacy. Without privacy people will lie or omit information hence getting sicker. Personal information that patients gave out was not stored in a satisfactorily manner but rather in such a way that anybody could easily access the information.
The patient information was not stored well and as such any personal details could easily be leaked out. After years of consultations, the U.S. Department of Health Businesses associated with medical organizations would also target those files for purposes of selling a patient some of their products.
American deserves care and privacy hence, the need for an information security system (Privacy Rights Clearing House, 2003).
The Health Insurance Portability and Accountability Act
In 1996, the Congress passed The Health Insurance Portability and Accountability Act (HIPAA). This was aimed at setting a national standard for electronic transfers of health data. HIPAA has a clear role in information security in that “it sets the standard for privacy in this electronic age where health industry, government, and public interests often prevail over the patients’ desire for confidentiality” (Privacy Rights Clearing House, 2003, p. 1).
Patients can now access their own records and any private dealings with their files must be disclosed to them. Accounting of disclosures should also be availed to the patient and a patient has a right to file a complaint if his privacy is violated where both civil and criminal penalties can apply to the violator.
Patients can be granted special requests for confidential communications where possible and they can choose to have their names included in a hospital directory. They can equally choose to have their medical information discussed with designated people (Privacy Rights Clearing House, 2003).
Review of the technologies and practices used today and how they could or will be used in the future
The growth of technology has with it many beneficial uses. The use of technology has improved the modes and speed of communication and networking; this is evident in social networking, video conferencing, broadcastings and entertainment. Technology has also been used in the construction industry with architectural designs being done with computers.
Technology has significant effects on modern agriculture where green housing has taken centre stage. Hybridization, cross breeding, computerized farming and breeding services are all intertwined with technology. Preservation and marketing of agricultural products online is another contribution of technology.
Technology has wide effects on the learning systems with students learning online and making distance learning possible. Additionally, it has made and improved research activities hence bringing advancements (PBS Teachers, 2007). In the health sector, technology has been of great importance in surgical operations, diagnosis and treatment like chemotherapy.
This is in addition to the information security offered to patients. Advancing technologies have been used to explore the universe and in the recent future they will aid in exploring the outer space, analyzing life in the space, creating nuclear bombs, advanced surgeries, and advanced reproduction, which have started with test-tube babies.
Different types of Information Security
Information security has classified data security into three levels:
- Confidential Data – these are specific data elements that are subject to more stringent security requirements.
- Restricted Data – this is all information used in the conduct of any business and is not open to the general public.
- Public Data – this is the data that has been explicitly made available to the public, with no authentication required for network access. However, controls for providing information security can be physical, technical, or administrative. The three categories of controls can be further classified as either preventive or detective.
Contrast and Comparison
Preventive controls attempt to avoid the occurrence of unwanted events, while detective controls attempt to identify unwanted events after they have occurred. Preventive controls inhibit the free use of computing resources, and therefore, can be applied only to the degree that the users are willing to accept while detective controls do not inhibit the use as they respond after access.
Users are not aware of detective controls while preventive controls are known as they display a no access note. Both controls serve the same purpose of securing information. They are both administered by the owner of the information. Both are cost-effective as they guarantee the valuable privacy of information. Both are subject to renewal, upgrading and maintenance.
They include passwords, security codes, identifications requirements and even physical controls like alarms, locks, badges and security guards (Tipton, 2011) further examples of information security are Social Security numbers, Credit cards, Driver’s license numbers, Visa cards, Bank account information, Pin numbers, passport numbers, and protected health information.
Legal and Ethical Issues
All professionals must adhere to legal reporting requirements related to the performance of their work. The legal requirements are mandatory and failure to adhere to the amount to a criminal offence. Ethical issues reflect the standards of performance and practice that are usually identified by professional organizations.
They provide guidance to licensing bodies and failure to adhere to those standards can result in loss of license or subsequent expulsion from a professional organization. However, there are inconsistencies between states, and within jurisdiction on legal and ethical issues.
The Electronic Communications Privacy Act (ECPA) passed in 1986 by Congress ensures the privacy of e-mails. In view of the information available in the networks, there are laws banning or restricting pornography though its application varies from one country to another. In matters relating to ownership, there are a number of laws and agreements throughout the world to protect intellectual property rights.
They also include patents and copyrights which are held by the owners. In the context of the health care, both legal and ethical requirements remind the therapist of their responsibility to protect the patient and not harm them.
In an electronic health system, the concept of confidentiality is a legal and ethical concept that mandates the clinician to reveal nothing learned during the course of treatment except what may be mandated in law or agreed to by the client (Sonkin & Liebert, 1999).
Electronic Health Record System
As stated herein, the Electronic health record system was introduced in the US courtesy of Health Insurance Portability and Accountability Act (HIPAA). It gives patients many benefits including: right to accessing their own records, being notified when personal medical records are to be disclosed to other private people, an account of all disclosures, right to file a complaint if privacy is violated and consequent penalties to the violator.
They equally have a choice on whether to enter their names in medical records and designate sharing of medical information on request.
However, this system has a number of shortcomings: Clients’ consent to the use of medical information is not required if it is used or disclosed for treatment, payment, or health care operations; client’s past medical information may become available, even if they wanted the information to remain private; client’s private health information can be used for marketing or be disclosed without their authorization to pharmaceutical companies or businesses; a client has no right to sue under HIPAA for violations of privacy; medical information may be available to many who are not covered by HIPAA like Life insurance companies and Law enforcement agencies.
All these shortcomings jeopardize the client’s security and right to privacy (Privacy Rights Clearing House, 2003).
Conclusion
With the growth of information technology and its increased access, information security is a point of concern especially in regard to the transmission of the same. Many people in the world now own computers, programs and their applications.
This has eased the way of life, passage of information and entertainment. Information technology has brought advancements in other fields like Agriculture, health, education, research and exploration.
However, with knowledge on technology being available to all, a class of technology experts who destroys, deviates and unlawfully access personal information has cropped up – hackers. This brings up the need to protect our information and hence information controls.
The electronic health record system has a number of benefits as well as shortcomings as stipulated in the HIPAA, although the benefits overrun the shortcomings. In conclusion, stricter laws that are binding on all states need to be enacted for purposes of uniformity. This will improves information security and promote privacy.
References
Kyle, E. (2000). Information technology: History, Practice, and Implications for Development. Centre for Global, International and Regional Studies, UC Santa Cruz. Web.
PBS Teachers. (2007). Technology Integration. PBS Teachers. Web.
Privacy Rights Clearing House. (2003). Medical Privacy in the Electronic Age. Privacy Rights. Web.
SANS. (2011). SANS Information Security Resources. SANS Institute. Web.
Sonkin, J & Liebert, S. (1999). Legal and ethical issues in the treatment of multiple victimization child maltreatment. Daniel Sonkin. Web.
Tipton, F. (2011). Types of Information Security Controls. CC Cure. Web.