Legal issues related to mishandling of information of patients
According to the latest technological advancements it is not a very new implementation that live campuses are introduced within various educational institutions. The provision of the virtual classrooms has been presented to the educational platforms by the technological advancements which also comes along with information security management that the educational institutions need to adapt (Heimes 2016). Following would be a case study report regarding a Nursing School in Australia called NTN that is going to introduce virtual classrooms through satellite campuses for over 200 students at once. The report regarding this would consist of the legal issues and ethics that the nursing Institute needs to maintain and the measures that the information security division should apply to prevent all the staff members of NTN from unethically handling the information system.
There is a possibility of massive legal issues related to the mishandling of the information system of the patients by the mobile teams of NTN. The legal issues can be implemented on any member of the team for the various reasons. This can be characterized by disclosing information about the patient, mishandling the medical records or medical devices been stolen, unethical handling of the patient data through mobiles and social beaches (Chen and Benusa 2017). For a person to violate the handling of patient data and treating it on the basis of mismanagement the breaches that can occur for a patient is also unethical. For this reason legal proceedings can occur against the person who has violated the law regarding handling of patient data as well as for the level of negligence cause the penalties from the team member can be taken at arrange a 100 AUD to 50000 AUD (Silic and Back 2014).
The legal issues show created because latest implementation of Technology enables the EHR machines do not just store the health date of a patient but also includes the contact information of patients and including other personal data.
Information Security Division of NTN falls under the ICT based zone of work. Thus, it has to abide by the ethics and codes of conducts as per the Ethical set standards the NTN institution is set in. NTN institution is set up in the continental country of Australia and thus it has to follow the set standards by the ACS codes of conduct (McLaughlin and Gogan 2017). Therefore, the staff of Information Security Division of NTN should be following the six ethical standards as set by the ACS codes of Conduct in the InfoSec.
The six basic set standards that the staff of Information Security Division should follow are as follows:
- The Primacy of the Public Interest: The staff of NTN has to make sure that whatever their conduct is, it should always be dedicated to the requirements of the students only. They are on the receiving end of the services provided by the nursing institution, therefore it is to be kept in mid that the ethical conducts should always work for the benefit of the nursing students.
- The Enhancement of Quality of Life: The live video streaming classes to the nursing student requires ICT setup within the institution and thus, it is to be made sure that all the requirements and codes of conduct by the staff should be only towards enhancing the quality of life of the students with the provision and implementation of the new technically advanced feature (Ramalingam, Lakshminarayanan and Khan 2016).
- Honesty: The information security techniques should be applied honestly to the working strategy for the staff of NTN since it deals with a pile of confidential information of numerous students and teachers and staff as well. Any dishonesty in the codes of conduct should be punishable since these data can never be compromised.
- Competence: The core competence for the institution should be working to maintain the diligence of their codes of conduct so that it would prevent causing any ruckus in the institution for initiating digitization and thus help the institution stay ahead of the other nursing institutes.
- Professional Development: Ideally, it is justified by the ACS codes of conduct that maintaining ethical values in the codes of conduct, a person can only develop individually as per their profession. Thus, the staff of Information Security Division of NTN should also focus towards this goal.
- Professionalism: The staff of the Information Security Division for NTN is expected to be thoroughly professional and should not be driven by any sort of personal interest towards their duty. There should be a proper balance maintained between the professional and personal life.
The case study has already predicted that there would be more student incoming every year. This is also the case with data management in the latest era since it is found that the amount of data keeps on increasing every day (Laudon and Laudon 2016). It would become difficult to handle such a huge amount of data and there should also be a set methodology to handle these with ease even with the increasing amounts per year. Thus, following would be few suggested measures taken to prevent the staff members of NTN from handling the information unethically:
- Handling data as a corporate asset should be the sole priority of the staff.
- The CISO should be made the responsible person to look after the data management procedure
- Only the CISO can access and handle the student data at free will and the unauthorized accessing of data should be absolutely prohibited (Nelson and Staggers 2016).
- There should be a set principle or set or policies implied upon the processing in the organization which should be ardently followed by all the staff members. Each member should be adhering to the policies while serving the institution.
- The CISO should partner with executive peers to develop and execute the organization’s data management policies.
i) Components of InfoSec programs that you found
The components of InfoSec programs that have been found out of the web researches can be listed as below:
- Network Security
- Application Security
- Risk Management, including risk assessment, risk treatment and continuous monitoring of the risks (Amankwa, Loock and Kritzinger 2015).
- Compliance management
- Disaster recovery
- Physical security management
- Identity management and data access
- Incident management
ii) National and/or international InfoSec standards that these organizations follow
The national and international InfoSec Standards that the health organizations follow have been found as per web research and can be listed as follows:
- NIST framework for improving the critical cyber security
- HITRUST standards for cybersecurity (Sallis 2014).
- CIS critical security controls
- ISO cybersecurity standards
- COBIT information security standards
Conclusion
Therefore it can be said that the implementation of any technically advanced form of educational system in an institution should always be followed by specific set of planning and knowledge about ethically and legally handling the Information Security System that goes hand in hand with this implementation. Thus, with a case study report regarding the Nursing School in Australia called NTN that is going to introduce virtual classrooms through satellite campuses for over 200 students at once, the analysis is made. The report regarding this consisted of the legal issues and ethics that the nursing Institute needs to maintain and the measures that the information security division should apply to prevent all the staff members of NTN from unethically handling the information system.
References
Amankwa, E., Loock, M. and Kritzinger, E., 2015, November. Enhancing information security education and awareness: Proposed characteristics for a model. In Information Security and Cyber Forensics (InfoSec), 2015 Second International Conference on (pp. 72-77). IEEE.
Benslimane, Y., Yang, Z. and Bahli, B., 2016, December. Information Security between Standards, Certifications and Technologies: An Empirical Study. In Information Science and Security (ICISS), 2016 International Conference on (pp. 1-5). IEEE.
Chen, J.Q. and Benusa, A., 2017. HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management, 10(2), pp.135-146.
Heimes, R., 2016. Global InfoSec and Breach Standards. IEEE Security & Privacy, 14(5), pp.68-72.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.
McLaughlin, M.D. and Gogan, J., 2017, January. InfoSec Research in Prominent IS Journals: Findings and Implications for the CIO and Board of Directors. In Proceedings of the 50th Hawaii International Conference on System Sciences.
Nelson, R. and Staggers, N., 2016. Health Informatics-E-Book: An Interprofessional Approach. Elsevier Health Sciences.
Ramalingam, R., Lakshminarayanan, R. and Khan, S., 2016. Information Security Awareness at Oman Educational Institutions: An Academic Prespective. arXiv preprint arXiv:1605.05580.
Sallis, E., 2014. Total quality management in education. Routledge.
Silic, M. and Back, A., 2014. Information security: Critical review and future directions for research. Information Management & Computer Security, 22(3), pp.279-308.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
