COIT20263 Information Security Management: NTN Legal & Ethical Issues

Verified

Added on 2023/06/07

AI Summary

This document presents a discussion of legal and ethical considerations within the context of information security management at NTN, likely in response to a course assignment (COIT20263). It covers legal issues related to mishandling patient information, ethical standards for the Information Security Division staff, and security measures to prevent unethical data handling. The discussion includes topics such as medical malpractice risks, potential for medical errors, unauthorized data access, and practical tips for healthcare leadership. It further delves into ethics, including utilitarian, rights, equity, and virtue approaches, coupled with unethical behaviors like ignorance, accident, and intent. Security measures, components of IT, and international standards such as HIPAA and the U.S. Copyright Law are also addressed. The document concludes with a list of references.

1
STUDENT’S NAME
COURSE
INSTITUTION
DATE

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
Table of Contents
A) Legal issues related to mishandling of information of patients by the mobile
teams of NTN............................................................................................................................3
B. Ethics in Information Security of the Staff of information Security Division of MTN
....................................................................................................................................................4
C) Security measures to help employees from handling information unethically.............6
D (i) Components of Information Technology.......................................................................7
(ii) International Standards of information technology....................................................8

3
A) Legal issues related to mishandling of information of patients by the mobile teams of
NTN
According to Gastin (1994) patient’s information or medical record should be kept in private
and confidential between the patient and the medical practitioner. However legal issues may
arise upon mishandling of a patient’s medical history.
 The risks of medical malpractice claims.
Doctors and nursing students are at risk of medical malpractice during the adoption of a
patient’s medical records. Risk of error increases during the “implementation schism,” or
during the transition from a familiar system to a new one. Electronic medical records can
either help or hurt the doctors and nursing student’s case against malpractice claims
(Schwartz, 2013).
• Likelihood of medical errors.
Too much reliance on an electronic medical record can result in small mistakes that
eventually lead to medical errors. Computers are applicable today in most of the organization.
Medical facilities sometimes experience data loss or low network connection. The servers
which contain patient’s records become difficult to access; these would force a doctor to treat
patients without any medical history. Furthermore, doctors may give a wrong dosage by a
mistake which would lead to drug abuse by patients (Hayward & Hofer, 2001).
• Risk by medical students
Nursing students have no experience; they might administer a wrong drug to patients leading
to persistent illness or even deaths in some severe cases.

4
• Theft and unauthorized access to medical facilities.
Health information faces the risk of theft and unauthorized access which poses major legal
risks. In the US, the government has discovered HIPAA and HITECH violations as an ample
avenue to recover funds and bring money back into a financially-addled government (Bansal
& Gefen, 2010)
• Practical tips for healthcare leaders.
Hospital administrations need to devote more strategy to ensure doctors and nursing students
are well informed concerning compliance and legal risks. This begins with the training
process which is not easy for the doctors and nursing students given their traditional modus
operandi. The hospital needs to develop specific programs to ensure the doctors and nursing
students don’t risk legality out of ignorance (Leatt & Porter, 2003).
B. Ethics in Information Security of the Staff of information Security Division of MTN
Ethics are the rules we should live by or having a good understanding of what is appropriate
behavior, the following are ethics related to MTN
Ethical Standards.
• Utilitarian approach- A functional activity that connects outcomes to decisions.
• Rights Approach- good practice which best secures rights for people affected by the
occurrence.
• Equity Approach- These are activities which have certain rules which respect every single
person similarly.
• Virtue approach- Moral activities ought to be predictable with perfect ethics, for example,
trustworthiness, bravery, empathy, liberality, resistance, love and so forth.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5
Unethical behaviors
There are three categories of unethical behavior in the organization:
• Ignorance- lack of information.
• Accident- travelling to and fro the main facility is not safe
• Intent- To have a purpose.
Ways which deterrence may occur:
• Fear of consequence.
• The chances of being found.
Probability of penalty facing the consequences.
Organizational Obligation and the need for counsel.
• Liability- it refers to being responsible for something.
• Liability may prompt compensation or installation.
• Association builds risk when it declines taking appropriate actions to guarantee moral
conduct.
• Conducting due ingenuity to all staff
• Long-arm purview.
Managing Examination in the Organization.
• Internal examinations for PC morals are frequently finished utilizing advanced crime
scene investigation.
• There must be considerable confirmation to make a move.

6
• Documenting, saving, recognizing, and removing proof.
• Digital legal sciences are utilized for two purposes identified with morals:
 To explore charges of advanced impropriety
 To perform a cause analysis of the problem
 When detectives find verdict, they must notify the concern department and to carry out
law enforcement
 Apply digital forensics techniques.
 Arrest those that are liable
C) Security measures to help employees from handling information unethically
Karabay, Elçi & Akpınar (2018) states the following ethical behaviors:
• Charging phone off the computers- most of the staff are used to charging their phones off
the machines which are not good. Charging of phones may transmit a virus to computers.
Some malware is contained in the devices, and may be automatically installed in the
machines.
• Cleaning computers- all staffs should ask the information security department before
making any program changes in the equipment such as program installation. Some programs
can cause a serious security risk. All downloads should be made only after the consultation
from the information security officer. Computer security settings should prohibit users
installation of any application by themselves (Hodge Gostin & Jacobson1999)
• Prohibit users from following links- staff might be tempted to follow unknown link or ads,
other links might be harmful to computers.
• Lock off computers when unattended- this would prevent spams or unrequired data from
entering the computers.

7
• Be careful with open Wi-Fi - staff should not connect to any available network apart from
those provided by the organization. When one connects to a public network data might be
exposed to all other users of data.
Use a secure password- choose a combination of lower case and upper case letters, include
numbers and makes sure that the password length is long. Change password regularly and
never used the same password for different accounts.
• Report any suspicious activity- if you sense any cause of concern, raise the alarm to the
security concern team.
• Update firewalls- update anti-virus regularly.
• Never email sensitive information - if you need to pass sensitive information use a secure
file transfer that encrypts the data.
• Scan computers regularly- start a malware scan every week, it’s a useful method of
ensuring the office computers are always save.
D (i) Components of Information Technology
• Confidentiality – confidentiality means concealing of information, confidentiality of
information assures that the information can only be seen by with people a right to access.
• Integrity - integrity implies the trustworthiness of information integrity involves data
integrity, for instance, the content of information and data source. Integrity in simple terms is
making sure that information is always intact and unaltered.
• Availability- it refers to the ability to utilize the information at any time.
• Authenticity- it relates to being real and trustful.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
• Accountability- accountability means functions of an entity may be traced separately to
that of an object.
(ii) International Standards of information technology
• Health Insurance and Portability and Accountability Act of 1996
The act tries to protect the privacy of health care. It enforces standards by regulating
electronic data transmission. The law requires any medical health facility to retain patients’
information and protect information (Edemekong & Haydel, 2018)
The HIPPA ensures control, accountability, and security of information among other policies.
• Financial Services modernization ACT of 1999
This act ensures all organization to submit non-public private information and unfolding how
clients can know that their knowledge remains intact (Conlon, 2018)
• U.S copyright Law- this help to protect the intellectual property, it includes information
that is published through electronic formats, it allows materials to be used only for
educational purposes but not for business (Riegner, 2018)
• Freedom of information Act of 1966 (FOLA) - according to this, act all federal agencies
must submit disclosed records of any person in writing when requested. This act is only
applicable by the federal agencies. It doesn’t create any right of accessing records formed by
courts, Congress, state or local agencies.
• Federal Privacy Act of 1974- it regulates how the government use information that
contains peoples private information, it was formed to ensure agencies guard the privacy of
persons.
• Digital Millennium Copyright Act (DMCA)- this has helped to reduce instances of
copyrights more so bypassing technological right protection measures

10
REFERENCES
Bansal, G. and Gefen, D., 2010. The impact of personal dispositions on information
sensitivity, privacy concern, and trust in disclosing health information online. Decision
support systems, 49(2), pp.138-150.
Conlon, P., 2018. Grandfathered into Commerce: Assessing the Federal Reserve's Proposed
Rules Limiting Physical Commodities Activities of Financial Holding Companies. NC
Banking Inst., 22, p.351.
Edemekong, P.F. and Haydel, M.J., 2018. Health Insurance Portability and Accountability
Act (HIPAA). In StatPearls [Internet]. StatPearls Publishing.
Gastin, L.O., 1994. Health information privacy. Cornell L. Rev., 80, p.451.
Hayward, R.A., and Hofer, T.P., 2001. Estimating hospital deaths due to medical errors:
preventability is in the eye of the reviewer. Jama, 286(4), pp.415-420.
Hodge Jr, J.G., Gostin, L.O. and Jacobson, P.D., 1999. Legal issues concerning electronic
health information: privacy, quality, and liability. Jama, 282(15), pp.1466-1471.
Karabay, M.E., Elçi, M. and Akpınar, Ö., 2018. Analysing the Effects of Unethical Culture
and Organizational Commitment on Employees’ and Managers’ Unethical Behaviours:
Evidence from Turkish Insurance Industry. In Regulations and Applications of Ethics in
Business Practice (pp. 77-95). Springer, Singapore.
Leatt, P. and Porter, J., 2003. Where are the health care leaders" the need for investment in
leadership development? HealthcarePapers, 4(1), pp.14-31.
Riegner, M., 2018. Access to Information as a Human Right and Constitutional Guarantee. A
Comparative Perspective. VRÜ Verfassung und Recht in Übersee, 50(4), pp.332-366.