LSTD517 Law Ethics and Cybersecurity

ABC Healthcare is a startup company with 50 employees. The company’s computer network is shown in Figure 1 below. The healthcare data server contains the company's records, including copies of patient health records with personally identifiable data, patient billing, company financials, and forms.

 

You have been hired as the IT network security officer, reporting directly to the chief information officer (CIO). Currently, there is a network administrator who has very limited experience and worked as a desktop technician prior to joining ABC. This network administrator helped set up the existing network. In addition, ABC plans to hire a desktop technician and a website developer/programmer who will report directly to the CIO.

 

There are no policies or guidelines for employees’ usage of the computers and network. Network setup was done by various vendors, and all of the programs use default usernames and passwords. Wireless access has been set up for staff using wireless laptops. The same wireless access point also provides clients access to the internet. Some staff members bring in their own computers and connect them to the network. Employees use the work systems for personal web browsing and to check personal email accounts.

 

As part of network security, management set up a video monitoring system throughout the office. Employees are not notified of any monitoring.

 

There is a copier/printer in the front office that is used by employees. Currently, all unused copies are left next to the copier for recycling.

 

                                                                   

Figure 1                                                                     

 

The administration office room uses an open cubicle structure for its staff. Figure 2 depicts the cubicles and seating of its staff. Staff members sometimes complain that they can hear each other during the work day.

                                                                                 

Figure 2

Create a comprehensive risk analysis narrative in which you assess ABC Healthcare’s information systems for ethics violations and cyberlaw compliance, and research the framework for creating an acceptable use-of-technology policy and code of ethics.

 

Next, using PowerPoint, Google Presentation, or Prezi, create a presentation in which you recommend appropriate strategies for remediating the instances of ethics violations and cyberlaw noncompliance you identified in your risk analysis. Propose an organizational code of ethics related to information technology that prevents future violations and noncompliance, and propose an acceptable use-of-technology policy that addresses non-adherence.

1. Describe the information technology structure of the organization in the given scenario.

2. Identify specific cyberlaws and ethics regulations that pertain to the organization and its computing operations in the scenario.

 

3. Organizational ethics violations

i. Classify unethical behaviors with respect to whether they are personal or professional in nature, being sure to support your position with specific examples.

ii. Assess the impact of the unethical behaviors on IT and computing within the organization.

4. Cyberlaw noncompliance
i. Identify instances of cyberlaw noncompliance, being sure to cite the specific regulation(s) being violated.
ii. Assess the impact of the noncompliance on IT and computing within the organization.

 

5. Acceptable use-of-technology policies research

i. Compare and contrast acceptable use-of-technology policies from various organizations. You can find suggested organizations below or use policies of your own choosing.

ii. Select aspects of the acceptable use-of-technology policies you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.

 

6. Codes of ethics research

i. Compare and contrast IT-specific codes of ethics from various organizations. You can find suggested organizations below or use codes of ethics of your own choosing.

ii. Select aspects of the codes of ethics you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.

Technology is growing rapidly at lightning speed. With the increase in good and useful aspects of technology, it also brings several numbers of risks and challenges. Cyber law is termed to describe the legal issues regarding these risks. In this report we are going to discuss about the information technology structure of the organization and the risks related to it. Identifying specific cyber laws and ethics pertaining the organization. And finally comparing and contrasting codes of ethics from different organizations.

1. Description of Information Technology Structure of ABC Healthcare

As in the scenario we can see, a startup company ‘ABC Healthcare’ has an employee count of about 50 people. The data server of the organization network server contains the records of the company including patient’s health records, personal identification data, billing in the health centre, company finances and other forms. The Company’s existing authorities are: A Chief Information Officer (CIO), An IT network Security Officer, A Network Administrator and Employees. In addition to this, the employees of the organization also follow their responsibility with some hierarchy such as Network Administration reports directly to the CIO. Future planning of the organization is to hire a well experienced Desktop Technician and a website developer/programmer for better and proper implementation of the network security of the selected organization.

2. Identification of Cyber Laws and Ethics Regulations related to the Organization

The law that deals with the area of internet relationship of technical and electronic elements that includes hardware, software and information systems (IS) is called the Cyber Law (Eichensehr, 2014). This is also known as Internet Law. One of the most important Cyber Laws is Amendment of IT Act 2000. Criminal Provision Section 66: Under IT Act, 2008 all the act s referred under section 43, also covers Sec 66 in case of “dishonesty” or “fraudulently” and also under the section 66(A) also known as “Cyber Stalking”.

Ethics the field of moral philosophy involves systematizing, defending and recommending concepts the correct behavior. The ethical issues involving the management and development of information technology are many and they are increasingly complicated by the power of individual and infrastructure (Dewey, 2016). The national health systems and global public health are also benefited by this system (Coteanu, 2017). The growth of health internet globally has led to some new forms of risks. Cybercrimes like exploitation of data and using health data of individual or groups. ABC Healthcare follows several ethics such as the rights, responsibilities and concern of health care consumers, the legal and ethical issues regarding society, patients and health care professionals sinking with the change of the world, the impact of rising cost on the laws and ethics of health in delivery.

3. Ethics Violation in the Organization

i. Classification of Unethical Behavior:As there are several authorized people in the organization hence obeying the rules and regulation is a must in such workplaces. If there are any reorganization of illegal or unethical behavior in the organization the victim (individual or group) must report the event since it might have an adverse effect on the health, safety or welfare of others within the healthcare agency (Executive & Assessment, 2015). Follow Code of Ethics for their respective job description. Examples of unethical behavior in an organization: Suppose a doctor is doing his private medical practice and his certificate are not original, it has been fraud from an unauthorized medical school.

ii. Impact of Unethical Behavior: Impact of unethical behavior results in different distraction in the organization like: Distraction of the employees from work, Disbelief of patients for the organization and Violation of ethical policies and codes (Miller, 2017).

4. Cyber law non compliance

i. Identifying instances of Cyber Law non-compliance: Failure to comply in the organization can result in civil and criminal penalties. Here in the given organization the Non-Compliance are detected as violating the HIPAA and HITECH rules (Frumkin, 2016). Proper training in use of new technologies are somewhat violated (Faden et al., 2013). Lower maintenance may cost in the reputation of the organization resulting in customer loss.

ii. Impact of non-compliance:Failure of the HIPAA penalized in degree of violation levels are I) The lowest level: where the individual is unaware of the violation. Minimum cost $100, II) The highest level: due to willful negligence. Maximum cost $50,000, III) additional charges applicable repeat violation.

5. Use-of-Technology Policies

i. Comparing and contrasting the use-of-technology policies:

ii. Acceptable Aspects for the Organization:To meet the need of the organization the policies that can be adopted is the SANS policies. This policy will help in building the authority stricter and can have more experienced people conducting in the events. The policy prohibits irresponsible activities around the organization. This will protect the reputation of the healthcare organization and the IT network will be more secure from data breaches and hacking.

6. Research on Codes of Ethics

i. Comparing and contrasting IT-specific codes:

 

ii. Adaptable Codes of Ethics for the Organization:Organization the policies that can be adopted is the SANS Codes of ethics. And not compromising in data classification policies, data protection standards, social media and reputation of the organization.

Conclusion

To conclude this report, the risk management of the given organization ‘ABC Healthcare cannot be compromised, hence usage of policies is much required. The network system of the administration can be maximized by use of IT ethical codes that can be accepted by the organization at any time. Securing the information of its employee and patients, who are investing their trust on this organization. SANS policies and Codes are acceptable. The main purpose is to understand the Cyber Laws and Ethics related to the organization in addition to the acceptable use of technology policies.

References

Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective plan. Biomedical instrumentation & technology, 48(s1), 26-30.

Coteanu, C. (2017). Cyber consumer law and unfair trading practices. Routledge.

Dewey, J. (2016). Ethics. Read Books Ltd.

Eichensehr, K. E. (2014). The cyber-law of nations. Geo. LJ, 103, 317.

Executive, A., & Assessment, E. I. (2015). Acceptable Use of E-Communications and Devices Policy. Policy, 1, 1.

Faden, R. R., Kass, N. E., Goodman, S. N., Pronovost, P., Tunis, S., & Beauchamp, T. L. (2013). An ethics framework for a learning health care system: a departure from traditional research ethics and clinical ethics. Hastings Center Report, 43(s1).

Frumkin, H. (Ed.). (2016). Environmental health: from global to local. John Wiley & Sons.

Miller, R. (2017). Developing a Security Program for Private Business (Doctoral dissertation).

Parsons, P. J. (2016). Ethics in public relations: A guide to best practice. Kogan Page Publishers.

Schenker, Y., Arnold, R. M., & London, A. J. (2014). The ethics of advertising for health care services. The American Journal of Bioethics, 14(3), 34-43.