ICT351 Assignment: Ethical Issues in Client Database Analysis Report

Verified

Added on 2023/06/04

AI Summary

This report analyzes ethical issues surrounding client databases in the ICT industry, using a case study involving a state department's rehabilitation program. The analysis utilizes the 'Doing Ethics Technique' to identify key issues like privacy breaches, confidentiality concerns, and security vulnerabilities stemming from unauthorized data access. The report highlights how an employee's actions, such as extracting and storing sensitive client information at home, create significant risks. It then examines the situation from the perspective of an ICT professional, applying the Australian Computer Society (ACS) Code of Ethics to evaluate the employee's conduct. The discussion covers the importance of data security, access controls, and ethical responsibilities. The report provides recommendations for addressing these ethical challenges, including implementing robust security measures, providing thorough training on data handling, and enforcing strict adherence to privacy policies to protect client information and maintain trust.

AN ASSESSMENT OF ETHICAL ISSUES RELATING TO THE CLIENT DATABASE
IN THE INFORMATION AND COMMUNICATION TECHNOLOGY INDUSTRY.
STUDENT NAME:
STUDENT ID:
DATE:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INTRODUCTION.
Ethics is a set of moral principles. It is a discipline dealing with what is good and bad
and with moral duty and obligation (webster, 2018). They form the basic beliefs and
standards that run an organizations and institutions. In this case, the ethical issues dictate how the
information about the patient should be handled.
This study uses Max’s situation as a case study for the analysis of ethical issues related to the
information and communication technology as means of keeping electronic records. Max works
in one of the state department working on rehabilitation of alcohol and drug addicts. The
information about the patients are stored in the main frame computer within the department.
Without proper authentication, Max is ordered to access the clients’ information in order to
update the medication record, but due to pressure for work to be done and shortage of manpower,
Max extracts the information, goes with it to his home and forgets about it. This presents the
great danger not only to the clients, but also to the institution at large if the data gets into
untrusted hands. Therefore, this work gives some proposals on some of the ways that can be
applied in handling and solving the challenges related to ICT ethical issues.
1. Situation analysis using Doing Ethics Technique.
The Doing Ethics Technique is one of the methods applied in examining any issues relating to
ethics in any situation. This technique approaches the issues at hand by taking note of what is
going on, the things which prove and confirm what ever is going on, the issues surrounding an
event in question, the parties involved in the event, there relationship with the event and how
they are affected by the event in question (Poissant, et al., 2008, p. 8). In addition, the technique
identifies the possible best ways that can be employed to resolve the issue based on the nature of
the challenge.

In the case study under analysis, there are several ICT- related ethical issues which come out.
The major issues include: Privacy and confidentiality and security breaches. These are discussed
in detail on how they occur, who the affect and how they can be handled by the concerned
personnel.
Based on the doing ethics technique of analysis, the question on what is going on is answered by
the unethical behaviour of Max accessing the clients’ information, carrying it home and leaving
it there. This is creating risk on the security of clients. The question on the facts is answered by
the fact that unauthorized data access by Max was made. There is no point that the patient has
been consulted to retrieve his information especially by the person who is not a physician, in this
case, Max. According to the ACS professional ethics and physician-patient relationship ethics
state that the information about the patient should be kept confidential as much as possible. In
this case, confidentiality was breached by Max who extracted data and left in his house which
could be accessed by any person who could use for his own benefits at the expense of the patient.
The issues in question are about the security, privacy and confidentiality of clients’ information.
The security, privacy and confidentiality of clients through exposure of their details which are
very sensitive is at stake. Security wise, Max copied the data into the CD which is not password
encrypted or otherwise it could be stolen or misplaced. The point of information security is
wanting as the information is not totally secure as seen that Max left the CD contain data in his
house where it can be accessed by anyone. Confidentiality on the department to secure the
clients’ data is not trustable as well. The parties affected include both the clients and the staff.
When the negative information about the client land into the hands of their enemies, it can be
used against them. Likewise, the trust to the rehabilitation department and its staff by the patients
will be totally lost. This will result into the facility losing its clients, destroying its reputation,

experiencing losses and even prosecution for breaching clients’ right to privacy. The ethical
issues arising in this case are on security, privacy and confidentiality. The information being
carried home by Max with no supervision paused a risk of information loss. Once the
information gets into the hands of third party, its privacy is destroyed. When personal
information of the client reaches the public, the confidence of the client on the service providers
shall cease. This has negative impacts on the client as well as to the service providers. The client
could be stigmatized by the information while the department could be prosecuted for violating
their clients’ rights. To resolve the issues at hand, several options can be put in place. This
include creating strong security on the information by using security codes, personnel and
computer softwares that will ensure security of data. The training of both information manager as
well as the physicians serving clients should be properly be done on how the information of the
client should be guarded. Training of involved parties on the information security is the most
important solution to the above challenges encountered on database security.
1.1 Privacy and confidentiality.
Privacy has been defined in different ways but have the same meaning, for example, it is defined
as “to be let alone” according to Samuel and Louis. It can also be defined as” the right of an
individual to keep information about themselves from being disclosed to others; the claim of
individuals to be let alone, from surveillance or interference from other individuals, organization
or the government” by Richard Rognehaugh. Every individual has right to privacy and
physician- patient relationship ethics require that any personal information about the patients
should only be released to other parties only with the patient’s permission or under law order
(Ones, 2018, p. 10). In special situations when the patient is not in a position of authenticating
the access of his or her information, his or her relatives should be sought for permission. If the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

relatives are not available, a legal representative such as a family or state advocate should be
sought for authentication. This is aimed at making sure that only the authorized individuals have
an access to the patients’ information as this will ensure protection of patient’s right of privacy as
well as maintaining high standards of confidentiality (National Academies of Sciences, 2015., p.
8). In the case at hand, Max accessed the clients’ information without the patients’ consent. The
person who gives access permission to Max is not supervising him in any way, there is no legal
representative of the clients and therefore, the right of privacy was breached by the department.
Nevertheless, the ethics demand that the accessor of information should have the pre-established
role-based privileges. Where an administrator identifies the person and determines the level of
information to be accessed by the person. In the case at hand, Max was not identified before but
he was just given an access urgently. This is evident in the way that he was working under
pressure to prepare report, which shows a higher level of unpreparedness Such careless access of
the highly confidential and sensitive information of thee clients which include criminal records
when careless handled and end up in the public will harm the reputation of the clients. The
clients will lose confidentiality to the department and the information will also present social
disadvantage to them. To ensure privacy and confidentiality of the information, the user should
be made aware of the way they should handle the information and consequences they can face in
any case they misuse thee information. He should be held responsible.in addition, access
privileges should be assigned to a specific user whom him only has an access to the information.
Besides, strong privacy and security policies securing patients information should be strictly
observed.

1.2. Security breaches.
Security violation endangers the client’s privacy once his or her information is at any situation
made available to other parties without his consent or legal approval. (Oliver, 2012, p. 3)The
information can be made available to unauthorized persons either intentionally or
unintentionally, knowingly or unknowingly (Rinehart-Thompson & Harman, 2010, p. 53). This
can happen in the case where the information is stored in mobile devices such and personal
laptops and phones which are not approved to be used by the information technology
department. Such devices can easily be stolen or hacked into and the information gets accessed
by the unauthorized individuals. This happened with Max who had access to the information,
copied it to his personal laptop and burned to the compact disc. He went ahead and went with the
information to his own home. This posed a great risk to the information. He could be attacked on
the way and the disc contained the information taken away by perpetrators. Also, there are higher
chances of the disc being taken by unknown person since after preparing the report, he forgot
about it. To remedy this, security measures should be observed. Such measures include using
cloud storage for mobile devices, password protection and content encryption. Data integrity
should be protected by including antivirus, intrusion and firewall softwares into the devices
containing information. There should be a routine auditing of information and tracking of
activities including the date and type of events done on daily basis to eradicate any cases of
forgetfulness.
2. Situation from the point of view of an ICT Professional using the ACS Code of Ethics.

The Australian Computer Society (ACS) is an association for information and communications
technology professionals which aims to advance professional excellence in information
technology and promotion of information and communications technology resource
development. ACS is among the worldwide associations working as a unit to professionalise and
standardize different disciplines. To achieve these, the members of ACS are required to uphold
and advance dignity, honour and effectiveness of professionalism. The member should be a good
citizen who places the public interests above his own, work towards promoting quality of his
clients, honest in the course of his duties and service to the public, competent enough to work
with intelligence while working towards development of his profession and that of others in the
ICT industry. Having considered the professional requirements according to the ACS, Max did
not meet the threshold. Having sacrificed his time to finish preparing the report, he showed some
sense of having the interests of community above his own interests, however, he failed when he
took the information out of the department’s vicinity which risked its security. In addition, Max
being given privileges to access the clients’ information shows that he was knowledgeable in
matters pertaining information and communication technology but he failed to contribute in the
development of carrier of his fellows within the department by not teaching them on how the
sensitive electronic information is supposed to be handled.
ACS operates under professional codes of ethics which follow the guidance of the International
Federation for Information Processing (IFIP) (Berleur, et. al, 2004). The major codes of ethics
are code of conduct and code of practice. The code of conduct governs how the person to whom
it applies conducts him or herself in an ethical manner (Berleur, 2004, p 11). The code of
practice for professionals governs how the person to whom it applies carries out his or her work
technically (Berleur, 2004, p 11). With the observance of the above conducts, the rules and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

procedures regarding information protection and handling is achieved with ease since the way a
person handling the information has to behave at a given situation is well provided
(Ratanawongsa, et al., 2016, p. 176). For instance, an individual is not supposed to move out of
the safe with the private information unless otherwise under protection by the state.
3. Ethical solution to database management.
Health care documentations are created by any person who deals with patients and clients at any
level. When documentation is accurate, complete and secure, proper care of the clients can be
achieved easily. However, no person or process is perfect. There are various factors that
contribute in the creation of poor documentation which include compliance concerns, time
constraints and poor education. To come up with solution, several steps have to be taken. First,
poor documentation should bee define by establishing what contributes to poor documentation
information mismanagement, these can be incomplete documentation, poor or lack of facilities
for information documentation. Once the cause is known, it should be addressed in a proper way.
This includes educating the concerned personnel on how they are supposed to manage the
documents and devices having the information. They should be properly organized to allow easy
management and retrieval when required. The records should be timely prepared and updated to
prevent any constrains of the information managers. Stores should be organized and information
access should be controlled by laid down rules on who should access them, when, how and under
what circumstances should such information be accessed (Odom-Wesley, et al., 2009, p. 21).
Conclusion and recommendations.
Ethical Principles for Medical Research Involving Human Subjects places a responsibility upon
physicians and any person attending to the patients at any capacity to protect their rights to life,
health, integrity, dignity, privacy, right to self-determination, and confidentiality of personal

information in use for any purpose. Although the patients may give their consent their
information to be used, confidentiality should be held high as this essential for supporting
absolute trust and integrity between the patient and physician. Clients’ information
confidentiality creates their trust in service providers.
The major parties that are responsible in ensuring information confidentiality are service
providers to the clients either directly or indirectly. This consists of medical professionals and
the manager of the clients’ information, the IT manager. The medical practitioner acquires
firsthand information from the patient while the record manager may acquire as a firsthand from
the client or secondarily from the physician. In whatever the case, the professional ethics of both
medical practitioners and information and communication technology professionals are required
by all means to keep the information secure by all means.
To achieve the security and confidentiality of information, the professionals have to meet the laid
down moral values that will guide them in their work. Besides these, security measures have to
be made strong by making the devices containing any sensitive information inaccessible to any
unauthorized individuals. The information must be encrypted in a way that on a specific
individual is allowed to decrypt it. In addition, the computer devices in which the information is
stored in should be installed with softwares that prevent or notify any unauthorized access. These
include installing unto date antiviruses, antirootkits and strong firewalls. Also, the strict rules and
policies regarding the criteria of information access and use should be made clear to all the staff.
It should be made a general responsibility to guard the information. A schedule and timelines for
performing certain tasks should be made known in advance. There should be set periods and
timelines in which medication reports about the patients’ progress should be prepared. This will
help the responsible parties to plan their work and allocate enough time in advance to avoid

rushing up with the work in order to catch up with time. Rushing up with time will encourage
inaccuracy and poor-quality work. Most effective way of ensuring absolute security to the
information is dependent on the individual handling the information, only a person with high
integrity is to be entrusted.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Bibliography
National Academies of Sciences, 2015.. Engineering, and Medicine Committee on Diagnostic
Error in Health Care. Improving diagnosis in. Washington, DC: , National Academies Press;.
Odom-Wesley, B., Brown, D. & Meyers, C., 2009. Documentation of Medical.. Chicago:
American Health Information Management,.
Oliver, K., 2012. Australian Institute of Computer Ethics. Applying the ACS Code of Ethics,
Issue Ethics in computing, p. 3.
Ones, P., 2018. Permission-Based Marketing under Canada's New Privacy Laws.. Franchise
Law Journal, Volume 4, p. 10.
Poissant, L., Pereira, J. & Rose T., 2008. The impact of electronic health records on time
efficiency of physicians and nurses.. A systematic review., monday May, p. 16.
Ratanawongsa, N., Barton, J. & Esther. a., 2016. Association between clinician computer use
and communication.. JAMA .: Intern Med..
Rinehart-Thompson, L. & Harman, L., 2010. Privacy and confidentiality.. In: Jones & Bartlett,
eds. Ethical Challenges in the Management of Health Information. Sudbury: MA press, p. 53.
webster, M., 2018. The Merriam webster dictionary. ed 18 ed. Amazon: Amazon publishers.
Santhosh Patel,2013 “Virtual Information and Intellectual Freedom”. Authors press.
Menachemi N, Ford EW, Beitsch LM, Brooks RG, 2009. Incomplete HER adoption: Late
uptake of patient safety and cost control functions. Am J Med Qual, P.319-26.
Odom-Wesley B, Brown D, Meyers CL, 2009. Documentation of Medical Records. Chicago:
American Health Information Management Association. p. 21.