Introduction
Information security by definition is safety of an entity’s information against illegal access. Information security standard is a policy statement that spells out how a particular organization is supposed to secure its information. This is a benchmark to ensure adequate security achievement and best security practices adoption (Goodman & Straub, 2008). This piece of research is a case study on U.S Department of Health & Human Services (HHS) information security standard. The case identifies, compares and contrasts the information security standards of this organization to that of the Government of Australia health standards.
Similarities and Differences
According to the HHS department, the information security standards development and documentation exist in standards specific to various sections of practice. In case of loss of personally identifiable information, the standard directs immediate reporting to counter any inconveniencing results. Information system security and privacy provides for strong passwords renewable periodically and entrusted to a few individuals bound by institutional code of ethics. In case of machine-readable privacy, the standard directs that personal privacy practices must be in line with HHS public website requirement. Therefore, a user remains guided by customized standardized approach to ensure there is no breach. During private information access, the impact on privacy of the affected persons remains vital.
Assessment follows and upon comprehensive conclusion, necessary action against the offenders concludes the exercise. A breach response team for personally identifiable information investigates and recommends necessary action in cases of breach of personally identifiable information. The actions are not limited and include identifying, managing, and responding to suspected or confirmed breaches of personally identifiable information. With the rise in cyber crimes, the HHS information security faces danger of hacking and threats by viruses. Very powerful antivirus and spam detectors provide the necessary protection against these malicious acts. In case of remote access, users remain strictly guided. The user guide comprises of an established procedure including submission of personal details. This ensures that individuals accessing information are genuine. The need to implement all the standards gave rise to signing of a memorandum of implementation in the HHS system.
The HHS information standards compared to the Australian government health information standards in a number of ways. In both entities, users ought to obtain authorization with user names and passwords. The users of information have an obligation to uphold the privacy of the information and not share it with unauthorized users (cited in Stamp 2011)
Similarly, the policy for machine readability in the HHS system exists in the Australian system spelt by the Australian electronic health records interoperability. In both cases, the systems require that there is a standard way of access of the information. For common use and homogeneity, it is important to standardize the information keyed. The systems employ automation to store information in similar forms from any input machine. In addition, there are centralized servers and archives for the information.
Provisions for personally identifiable information exist in both systems. Details of the standards are clear on handling personal identifiable information. The standards indicate that personal information remains confidential and protected from unauthorized users. In case of breach, there is a standard legislation to arrest the situation to maintain privacy of personal information.
However, the U.S system and Australian system are different in a number of ways. The former system details every aspect presented in the system in form of legal provisions with dire consequences in case of non-compliance. The latter is more of an integral system with several combined standards spelt out in one clause. The implementation in Australian system relies on moral obligation with little legislation on the matter. The Australian system provides general standards while the U.S HHS has detailed information on every standard represented in policies.
The U.S system incorporates a policy for prevention, detection, removal, and reporting of malicious software contrary to the Australian system. This policy standard assumes that there are threats to the information and takes preventive measures to ensure that the system is safe for use. With the rise in cyber crime, safety of information remains blurred prompting preventive and detection measures.
In addition, the U.S system puts in place a standard that guides security for remote access to information. Under this important standard, remote access remains strictly guided to monitor access and prevent unauthorized usage of this vital information.
A privacy impact assessment is a standard in the U.S system and is a benchmark for all departments to conduct privacy impact assessment. The Australian System has unique standards as well.
Conclusion
Health concept representation is a standard developed for consistent, clear representation and collection of health information. The messaging and communication standard in the Australian system provides for data exchange within the healthcare environment. It provides for patient administration messaging, prescription messaging, diagnostic messaging, and collaborative care.
The case highlighted the U.S Department of Health Services information standards. Included in the case is a comparison approach providing insights to similarities and differences. Clearly, the U.S system is more detailed and comprehensive.
References
Goodman, E. & Straub, W. (2008). Information Security: Policy, process and practices. New York: ME Sharpe.
Government of Australia health standards (2012). Web.
Health & Human Services information security standards. (2012). Web.
Stamp, M. (2011) Information security :Principles and practice. New Jersey: John Wiley & Sons.