The Challenges Of Protecting Personal Information Information Technology Essay

The Challenges Of Protecting ain nurture Information engineering science EssayThe aim of this paper is to review the importance of person-to-person info, in every case known as sensitive tuition that ar actually employ virtually by any transcription in this 21st century. Personal entropy has wrench the biggest issue around the world, both processing or protecting it. But, in this article, the focus is on the wellness c are administration which is the Electric Health Record strategy (EHR), it is a dust employ to record health nurture electronically. Having the legislation, rules and regulation in place, it is found that this system has failed to provide protection on own(prenominal) information. As a count of fact, this system has managed to be exploited by self-appointed throng. The EHR system was non fully tested accordingly to meet the end- practicers requirement, hardly released to the health return for use. The growth of data loss is increasingly com mon among the organisations in sidereal day to life and challenges in protecting ain data get to emerged. It is indeed essential that health care service establish a ruin certification form _or_ system of government to protect the individualized data. This research paper go out explain the certification issues fill to be en agonistic in fix to protect data from the vulnerabilities.1. INTRODUCTIONOne of the or so signifi washstandt menses discussions in legal and moral philosophy is the security of data. It has engender a central issue for many organisations to achieve a successful information system within defined scope, quality, time and cost constraints in pronounce to protect privacy, confidentiality and security. Researchers like Olvingson et al. (2003) suggest that in that respect ware been drastic changes in the provision of health services since the introduction of computers closely three decades ag peerless and issues related to the protection of personal health information have resulted in both technical research and political debate.1 Thus, it can be justify that security of data is still the leading engender of failure in parcel system development.The main issues addressed in this paper are personal information, data protection and security. It has been divided into four go bads. The first one deals with the explanation of personal data, data protection and disclosure of data. The second position is to value the lucks and the impact on information system. The 3rd one is to testify different approaches to counter these risks. The forth one is to provide a thick of findings that can be use as lessons in the future.The purpose of this paper is to review the latest years of research into these parts and critically evaluate and validate this case study.1.1 What is personal data?Personal data can be classified into three main categories these are contact, profile and behavioral information. It contains the detail information of a living person that is unique to to each one individual. In this scenario, the personal data reveals the information of individuals health much(prenominal) as name, racial origin ,blood group, sex, DNA, contact details, next of kin, illnesses, treatment and General Practitioners detail. in that respectfore, EHR system functions at its dress hat to record and transmit this information throughout the health service organisations. But, the biggest challenge of this system is to protect the privacy of patients health information. The main question addressed in this paper is how to protect this sensitive data. jibe to Croll.P.R (2010), he discusses that the tellingness of Privacy and security measures depend mostly on the policies adopted by the healthcare organisation.2 It can be reason outd that research shows that there is inadequate policies enforce by the presidential term and the medical organisation to preclude further harm on personal data. It can just be suggested that future research should determine how to address these issues effectively and generate effective security policies in IS project development1.2 Data Protection forge is a legislation that has been established since 1984 and replaced in 1998, it is an telephone number to protect personal data. The principles of this displace are to make sure that data is accurate and correct. Information should be fairly and lawfully processed. Personal data should non be kept longer than necessary and processed for limited purposes. It should be adequate, applic fitted and up to date. The most important ones are not to reveal personal data in any manner and should be secure. Personal data should be processed in accordance with the data subjects rights. This Data Act in any case emphasizes on the accessibility of data, that is to say who is allowed to access to the data and nether what conditions. Liability is all-important(a) because it is roughly who is responsible if the data is ab employ . Haasa S. et al (2010), they argue that even if the providers policy states that data protection regulations and legislation are met, patients cannot contain the EHR providers usage of their data. 3 Thus, it can be discussed that EHR system is not a adept medical institution any more than and it is run by separate enterprises who handle the electronic records system where they have access to the personal data and able to disclose private information to other third parties. According to this article, the national Health Information Network (NHIN) and Health Insurance Portability and Accountability Act (HIPPA) cannot guarantee the security of health records because they are not sure batch working within the medical organisation give project by the rule.1.3 Disclosure of Data is the revelation of data it can be both wanted or unwanted disclosure. This means that one can either reveal the personal data to the authorised party or to the third party that could be unauthorised wi thout any conditions. But, this paper focuses on the risks that are associated with the data that is break inappropriately. Researchers have found that the in-house sabotage is the leading cause of sharing information to the third parties. It is the most common risk ingredient that has been identified by recent studies so far. An example of this potential risk of harvesting personal data for commercial purposes is the CAMM scam in Australia, 2003. It is a company promoting pharmaceutical activities and manages to upload the EHR system where they extract the personal data with some doctors approval. 4 Later, it was found that CAMM did not just use it for the pharmaceutical purposes, but also sold it to many insurance companies and to other organisations that wanted to demoralise the data. Hence, it can be argued that this can cause significant threats to patients privacy. Concerns have been elevated by several bodies about the poor regulatory structures and policies implementing by the government in protecting personal data. The other associated risks are hackers, natural disaster, act of terrorism and viruses. According to the case study, the fact and figures shows that 99% were the staff that had the opportunity to stigma the system and 88% of the organisations had lost money between 500 dollars to 10 millions of dollars.5 The most surprising fact is when staff leaves the organisation, they are the one who become the attackers of the company. Security breaches mostly when there is lack of access control which leads to information technology sabotage. Angus N (2005) argues that if it is for the benefit of the patient, information can be shared within the multidisciplinary team caring for the patient and does not habituate to research, teaching or other unqualified members.6 Thus, it can be reassert that information should only be disclosed appropriately and safely to the people required or authorised by the legislation and hence this will improve the s ecurity issues.2. Evaluation of the risks and impact on information systemsThis part of the discussion is about the evaluation of the risks listed above and the impact on information systems in terms of storage, transport, access management and disclosure are as followsStorage -The idea of the freedom people working anywhere has in fact increase the ability to carry data on takeout hard drives, laptops and USB sticks. Recent report has confirmed that data leakage have become very common among the organisations and has great impact on the family to customer due to the loss of laptops and USB. For example the case of the PA consulting who transferred the personal data of 84,000 prisoners in England and Wales to a memory sticks that gone missing. 7 This was a impart disaster in terms of money loss and identity frauds. There is increasing concern of obtain on line because of security which is the study perception whether to buy or not to on line. Recent developments in use credit cards have heightened the need for better security policy to protect personal bank details from hackers. Transport -The crucial thing is when electronic data is carrying insecurely in public champaign and from one domain to another. That has an inverse impact on information systems such as people will lose confidence in using the system. Economically speaking, the risks to organisations have grown immensely where consumers and businesses suffer from loss of availability, virtue and confidentiality. If any of these is loss either accidentally or deliberately, this will furbish up the organisations productivity, popularity and much more. According to this case study, the health service system is more networked and that lead to an increase of intrusion and malware. The statistic research shows that health care companies in United States had an average of 13,four hundred attacks per day at the end of 2009, according to the obtain Works where some of these attacks are hacking credit card and others are alter attacks from malware which infect computers via networks and USB sticks. 8 In UK, late 2009, there were three London Hospitals that were forced to shut down their computer networks due to the infected malware known as Mytob. 9 It can be argued that has an adverse impact on NHS because 4,700 computers were infected and it took about two weeks to eliminate the virus which was cost-effective and data loss.10 These attacks can also result in wrong diagnosis of patients and even cause demolition if the patients information have been erased or mislead by the malicious attack. entranceway Management is about the au then(prenominal)tication process which deals with the authorization of user sID and give-and-take to have access to the data. Concerns have been raised by several bodies about the poor password management. This means that passwordword is not changed regularly and has the same slackness fixed password which in turn makes the system vulnerable to mo st attacks. In fact, this scenario states that the user do not need to have administrator access to do serious damage to the health records. McSherry (2004) suggests that with the growing potency of data retrieval engines and data mining techniques, personal data has become vulnerable to unauthorised people. 11 It can be argued that data kept electronically makes it easier to exploit by data thieves and other intruders. Disclosure this explains to whom information should be disclosed to, that is to say who is liable to receive this information and on what conditions. The employees have a key role to play regarding this because whether they are liable under the Data Protection Act, company rules and regulation or not. But in most cases as mentioned above, it is found that mostly the staff that breaches the contract duration dealing with personal information.3. Controls and countermeasuresPresentation of different approaches will be discussed in this part of the paper to counter t hese risks listed above. Recent developments in the field of security issues have led to a renewed interest in encryption. encoding is the process of converting information into codes. It is in the form of computer programs software used to secure data. That is to say, a sender enters his / her personal data, it is first get encrypted and then decrypted before it reach to the receiver. It is one of the best solutions to all of these potential threats. encryption is distinguished to protect communications and secure data effectively and safely, indeed it can be justified that encryption should be enforced by the organisations internally and externally. This also applies on mobile devices, such as mobile phones and laptops where data are stored. Good and effective password management policy should be implemented at workplace. As a matter fact, stylemark is the key factor of security issues, thus it is important to have watertight methods, for example change password regularly and change the default. Staff should not bypass password in any manner. Education and training regarding data protection should be continuously adhered to employees. Public key infrastructure should be implemented as it provides a means to generate, administer and revoke digital certificate. It works similar to personal IDs, public key provides authentication where as the private key provides confidentiality. Therefore, encryption should be critically put in force when data is transmitted from one place to another, for passwords to limit unauthorised access and while storing data in databases and files. Firewall and other anti -virus software are also countermeasures that are needed to deploy by organisation to protect, detect and remove virus infection. However, a major problem with this agreeable of application is organisation often focus on security issues and inhume the preventative issues when it comes to the rules and regulations, thus medical system should emphasise on safety measures. Standards need to be followed to enable security protection. It is important that information is disclosed appropriately and safely to the required people on conditions. Some other measures that need to be considered are check has to be made with profits Service Provider whether personal details are protected and shopping online should take place only through secure server which is https and not http. It is important to delete the browsing details after the transactions are completed and that helps protecting the online privacy. The most important one is for staff to abide by the rules and regulation in the organisation to successfully protect the personal data. However, Guarda P and Zannone N (2009), they suggest that it is difficult for an organisation to assure data subjects about the correct execution of data processing. 12 It can thus be argued that data processing is a very delicate activity which need better assurance policy. According to the case study, an automa ted security interrogation tool was used in OpenEMR application and discovered about 400 vulnerabilities. Implementation bugs are code-level security problems. 13. It was found that EHRs did not manage to documentation up with discretion of patients records. An SQL injection attack was performed in OpenEMR and enabled to log in as the Front Office user without administravives authorization. Using this technique, it is established that any table in the database could be exploited, but the Proprietary Med application was safe. A Cross-site scripting attack is when malicious script is entered into the webpage. It was also successful and managed to exploit six-spot in each application. It can thus be justified that the best way to test web application is to have the cross-site script apply correctly. Cookies- are small text files contain information such as username, start page, user preferences and contents of a shopping cart, they are use to analyse the user and support junk mail.