The common information security themes are prioritization of information security and privacy, appropriate and uniform use of telecommunication and computer resources, user’s duty of utilizing information and data in an ethical, responsible, legal and professional manner, and disciplinary measures taken in case one violates any policy on security and privacy of information. These themes are common in all organizations because of their universal applicability and regulation of information to minimize breach of security and enhance privacy to the users.
In addition, managing of the privacy and security of information system assists in protecting organization or individual’s copyrighted materials. Another important theme is that the organizations that own the information system have the right of accessing and monitoring them without giving prior notice to the users (Waller & Alcantara, 1998).
Difference in information security and privacy policies
The focus of Mayo foundation policies is different from those of Beth Israel Deaconess Medical center ( BIDMC) and Georgetown University Medical Centers in a number of ways. Mayo’s access to information is team based where users with common access requirements or job are grouped together and so their access to information is restricted to their group whereas in BIDMC and Georgetown University Medical Centers, information is accessed individually and there is no categorization of people who access it as long as one is a user of the organization’s information system. Mayo’s information can only be accessed on the need to know basis whereas in BIDMC, information can be accessed by any user as long as it caters for the interest of the organization (Hinegardner, 2003).
The most important key information security principles and elements
The most important key information security principles and elements are privacy, management and organization measures, physical and computer security measures, and punitive measures for policy violations (Hinegardner, 2003).
Privacy
This is a very important principle in maintaining information security in any organization. Classified or confidential information such as details about patient’s HIV/AIDS status should be well guarded and kept confidential to protect the privacy of the patient or other users. In addition, privacy ensures that important information about the organization does not leak to its competitors or other people whose interest may not be in line with organization’s goals (Nutten & Mansueti, 2004).
Physical and computer security measures
Physical security is essential in ensuring that devices that store essential information are not vandalized. Physical security measures involve use of CCTV and strong locks and doors. Computer security is important as contemporary business environment is based on computer information system. Since computer system develops constantly, an organization needs to have experts who are updated on new information and system changes to ensure maximum security of computer data in a dynamic information technology environment (Nutten & Mansueti,2004).
Management and organization measures
Promoting information security depends on the measures that the organization and management takes in creating awareness and building a culture of security within the organization. There should be accountability on the steps taken to ensure that the security measures adopted are not out of date or flawed. There should be a strong coordination between different departments and information and technology department to develop security measures that are well understood and accepted in all departments within the organization (Waller & Alcantara, 1998).
Penalty for violation of policies
Rules and regulation related to use of information and technology apparatus within the organization should be followed by the users. Penalty should be imposed for violations of these rules in order to enhance discipline in information use and deter any indiscipline such as leakage of confidential information to outsiders (Hinegardner, 2003).
References
Hinegardner, S. (2003). Data Storage for Manageing the Health Enterprise and Achieving Business Continuity. Journal of Health Information Management, 17 (2), 32-36.
Nutten, S & Mansueti, C. (2004). An IT Contingency Plan to Meet HIPAA Security Standards. Journal of AHIMA, 75 (2), 30-38.
Waller, A & Alcantara, O. (1998). Ownership of Health Information in the Information Age. Journal of AHIMA, 69 (3), 28-38.