The Challenges Of Protecting Personal Information Information Technology Essay

The Challenges Of Protecting Personal Information Information Technology EssayThe aim of this paper is to review the splendour of private cultivation, as well as known as sensitive info that atomic number 18 actually used virtually by any organisation in this twenty-first century. Personal study has become the biggest issue around the world, either processing or protect it. But, in this article, the focus is on the health care transcription which is the Electric Health Record carcass (EHR), it is a system use to record health information electronically. Having the legislation, rules and regulation in place, it is found that this system has fai guide to support protection on person-to-person information. As a liaison of fact, this system has managed to be exploited by unauthorised stack. The EHR system was non fully tried and true accordingly to meet the end-users requirement, but released to the health dish for use. The growth of data loss is increasingly common a mong the organisations in day to life and challenges in protecting individualized data have emerged. It is therefore essential that health care service establish a better security constitution to protect the personal data. This research paper depart explain the security issues need to be enforced in order to protect data from the vulnerabilities.1. INTRODUCTIONOne of the almost significant current discussions in legal and moral philosophy is the security of data. It has become a central issue for many organisations to achieve a boffo information system within defined scope, quality, time and cost constraints in order to protect privacy, confidentiality and security. Researchers like Olvingson et al. (2003) suggest that there have been drastic changes in the provision of health services since the introduction of computers approximately three decades ago and issues related to the protection of personal health information have conclusioned in two technical research and politica l debate.1 Thus, it can be justified that security of data is still the leading social movement of failure in software system development.The main issues spoken languageed in this paper are personal information, data protection and security. It has been divided into four move. The first one deals with the explanation of personal data, data protection and disclosure of data. The second part is to evaluate the risks and the impact on information system. The 3rd one is to present different approaches to counter these risks. The forth one is to provide a summary of findings that can be use as lessons in the future.The purpose of this paper is to review the latest years of research into these parts and critically evaluate and validate this case study.1.1 What is personal data?Personal data can be classified into three main categories these are contact, pen and behavioural information. It contains the detail information of a living person that is unique to each individual. In this s cenario, the personal data reveals the information of individuals health such(prenominal) as name, racial origin ,blood group, sex, DNA, contact details, next of kin, illnesses, treatment and General Practitioners detail. at that placefore, EHR system functions at its outgo to record and transmit this information throughout the health service organisations. But, the biggest challenge of this system is to protect the privacy of patients health information. The main question addressed in this paper is how to protect this sensitive data. According to Croll.P.R (2010), he discusses that the military posture of Privacy and security measures depend mostly on the policies adopted by the healthcare organisation.2 It can be argued that research shows that there is inadequate policies enforce by the government and the medical organisation to prevent further harm on personal data. It can just be suggested that future research should determine how to address these issues effectively and gene rate effective security policies in IS project development1.2 Data Protection work on is a legislation that has been established since 1984 and replaced in 1998, it is an Act to protect personal data. The principles of this Act are to make sure that data is accurate and correct. Information should be fairly and lawfully processed. Personal data should non be kept longer than necessary and processed for limited purposes. It should be adequate, relevant and up to date. The most important ones are non to reveal personal data in any manner and should be sterilise. Personal data should be processed in accordance with the data subjects rights. This Data Act also emphasizes on the accessibility of data, that is to say who is allowed to access to the data and down the stairs what conditions. Liability is crucial because it is about who is responsible if the data is abused. Haasa S. et al (2010), they argue that even if the providers policy states that data protection regulations and le gislation are met, patients can non control the EHR providers usage of their data. 3 Thus, it can be discussed that EHR system is not a single medical institution any longer and it is run by another(prenominal) enterprises who maintain the electronic records system where they have access to the personal data and able to disclose private information to other third parties. According to this article, the National Health Information Network (NHIN) and Health Insurance Portability and Accountability Act (HIPPA) cannot guarantee the security of health records because they are not sure people working within the medical organisation will abide by the rule.1.3 Disclosure of Data is the revelation of data it can be either wanted or unwanted disclosure. This heart and soul that one can either reveal the personal data to the authorised party or to the third party that could be unauthorised without any conditions. But, this paper focuses on the risks that are associated with the data that is disclosed inappropriately. Researchers have found that the in-house sabotage is the leading cause of manduction information to the third parties. It is the most common risk factor that has been identified by recent studies so far. An example of this potential risk of harvesting personal data for commercial purposes is the CAMM scam in Australia, 2003. It is a company promoting pharmaceutical activities and manages to upload the EHR system where they extract the personal data with some doctors approval. 4 Later, it was found that CAMM did not just use it for the pharmaceutical purposes, but also sold it to many insurance companies and to other organisations that wanted to buy the data. Hence, it can be argued that this can cause significant threats to patients privacy. Concerns have been raised by several bodies about the poor regulatory structures and policies implementing by the government in protecting personal data. The other associated risks are hackers, natural disaster, terro rism and viruses. According to the case study, the fact and figures shows that 99% were the staff that had the opportunity to target the system and 88% of the organisations had lost money between five hundred dollars to 10 millions of dollars.5 The most surprising fact is when staff leaves the organisation, they are the one who become the attackers of the company. Security breaches mostly when there is lack of access control which leads to information technology sabotage. Angus N (2005) argues that if it is for the benefit of the patient, information can be shared within the multidisciplinary team caring for the patient and does not apply to research, tenet or other unqualified members.6 Thus, it can be justified that information should only be disclosed appropriately and safely to the people required or authorised by the legislation and hence this will improve the security issues.2. Evaluation of the risks and impact on information systemsThis part of the discussion is about the military rank of the risks listed above and the impact on information systems in terms of storage, transport, access management and disclosure are as followsStorage -The idea of the freedom people working anywhere has in fact increase the ability to carry data on portable hard drives, laptops and USB sticks. Recent report has confirmed that data leakage have become very common among the organisations and has great impact on the relationship to customer due to the loss of laptops and USB. For example the case of the PA consulting who transferred the personal data of 84,000 prisoners in England and Wales to a memory sticks that gone missing. 7 This was a total disaster in terms of money loss and identity frauds. There is increasing concern of obtain on line because of security which is the major perception whether to buy or not to on line. Recent developments in victimization credit cards have heightened the need for better security policy to protect personal bank details from hacke rs. Transport -The crucial thing is when electronic data is carrying insecurely in public domain and from one domain to another. That has an inverse impact on information systems such as people will lose confidence in using the system. Economically speaking, the risks to organisations have grown immensely where consumers and businesses suffer from loss of availability, integrity and confidentiality. If any of these is loss either unintentionally or deliberately, this will affect the organisations productivity, popularity and much more. According to this case study, the health service system is more networked and that lead to an increase of intrusion and malware. The statistic research shows that health care companies in United States had an average of 13,400 attacks per day at the end of 2009, according to the Secure Works where some of these attacks are hacking credit card and others are automated attacks from malware which infect computers via networks and USB sticks. 8 In UK, la te 2009, there were three London Hospitals that were forced to shut down their computer networks due to the infected malware known as Mytob. 9 It can be argued that has an adverse impact on NHS because 4,700 computers were infected and it took about two weeks to eliminate the virus which was cost-effective and data loss.10 These attacks can also result in wrong diagnosis of patients and even cause death if the patients information have been erased or mislead by the malicious attack. Access Management is about the authentication process which deals with the authorization of user sID and password to have access to the data. Concerns have been raised by several bodies about the poor password management. This means that passwordword is not changed regularly and has the same default fixed password which in turn makes the system vulnerable to most attacks. In fact, this scenario states that the user do not need to have administrator access to do serious damage to the health records. McSh erry (2004) suggests that with the growing effectiveness of data retrieval engines and data mining techniques, personal data has become vulnerable to unauthorised people. 11 It can be argued that data kept electronically makes it easier to exploit by data thieves and other intruders. Disclosure this explains to whom information should be disclosed to, that is to say who is liable to receive this information and on what conditions. The employees have a recognize role to play regarding this because whether they are liable under the Data Protection Act, company rules and regulation or not. But in most cases as mentioned above, it is found that mostly the staff that breaches the contract while traffic with personal information.3. Controls and countermeasuresPresentation of different approaches will be discussed in this part of the paper to counter these risks listed above. Recent developments in the field of security issues have led to a renewed interest in encryption. Encryption is the process of converting information into codes. It is in the form of computer programs software used to secure data. That is to say, a sender enters his / her personal data, it is first get encrypted and then decrypted before it reach to the receiver. It is one of the best solutions to all of these potential threats. Encryption is distinguished to protect communications and secure data effectively and safely, thus it can be justified that encryption should be enforced by the organisations internally and externally. This also applies on mobile devices, such as mobile phones and laptops where data are stored. Good and effective password management policy should be utilise at workplace. As a matter fact, authentication is the key factor of security issues, thus it is important to have strong methods, for example change password regularly and change the default. Staff should not bypass password in any manner. Education and training regarding data protection should be continuously adh ered to employees. Public key infrastructure should be implemented as it provides a means to generate, administer and revoke digital certificate. It works similar to personal IDs, public key provides authentication where as the private key provides confidentiality. Therefore, encryption should be critically put in force when data is transmitted from one place to another, for passwords to limit unauthorised access and while storing data in databases and files. Firewall and other anti -virus software are also countermeasures that are needed to deploy by organisation to protect, detect and remove virus infection. However, a major problem with this kind of practical lotion is organisation often focus on security issues and forget the safety issues when it comes to the rules and regulations, thus medical system should accentuate on safety measures. Standards need to be followed to enable security protection. It is important that information is disclosed appropriately and safely to the required people on conditions. about other measures that need to be considered are check has to be made with Internet Service Provider whether personal details are protected and shopping online should take place only through secure server which is https and not http. It is important to delete the browsing details after the transactions are end and that helps protecting the online privacy. The most important one is for staff to abide by the rules and regulation in the organisation to successfully protect the personal data. However, Guarda P and Zannone N (2009), they suggest that it is difficult for an organisation to assure data subjects about the correct execution of data processing. 12 It can thus be argued that data processing is a very delicate activity which need better assurance policy. According to the case study, an automated security testing tool was used in OpenEMR application and discovered about 400 vulnerabilities. Implementation bugs are code-level security problems . 13. It was found that EHRs did not manage to keep up with discretion of patients records. An SQL injection attack was performed in OpenEMR and enabled to log in as the Front Office user without administravives authorization. Using this technique, it is established that any table in the database could be exploited, but the Proprietary Med application was safe. A Cross-site scripting attack is when malicious script is entered into the webpage. It was also successful and managed to exploit six in each application. It can thus be justified that the best way to test web application is to have the cross-site script applied correctly. Cookies- are small text files contain information such as username, flummox page, user preferences and contents of a shopping cart, they are use to analyse the user and support junk mail.