Information Technology Structure ABC Healthcare is a new startup

Information Technology Structure

            ABC
Healthcare is a new startup company that employ’s 50 people. The office has an
open seating system. Human Resources, Billing, Health Records, and Scheduling
departments are all within close proximity. There is video monitoring
throughout the office, the employees have not been properly notified of the new
system.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Currently, there is only one network
administrator who does not have much experience outside of a basic desktop
support technician. The network was setup by various vendors. There is only one
server for the entire company. This server contains copies of patient’s health
records, patient billing, company financials, and forms. All credentials for
programs and workstations are default user names and passwords. These
credentials have also been shared amongst the employees. There are no policies
in place for employee access to workstations or network. An access point has
been set up that provides clients and employees access to the network. Some
employees use the wireless capabilities on their laptops. Staff have also been
known to bring in personal laptops into the office and connect to the wireless
network. Finally, there is no monitoring of employee network use. This has led
to employees using company laptops and network for personal use.

Cyberlaws and Ethics Regulations

            The
current practices of ABC Healthcare violate several cyberlaws and ethics
regulations. These laws are in place to protect individuals and the information
that has been trusted to third parties. The Gramm-Leach-Bliley Act or Financial
Modernization Act of 1999, is a “United
States federal law that requires financial institutions to explain how they
share and protect their customers’ private information.” (Lord, pg. 1) Those who follow this law are bound
to communicate to all customers how sensitive data is shared. Customers should
also be made aware that they can deny the sharing of the sensitive data to
third parties. This data should also be given proper protections with a written
security plan, enforced by the company. ABC is in violation of each of the
required parts of the law. There are no explanations as to why personal data
and information has gone without protections. There is also no secure security
plan as a backup if there was something to happen to the data. (Lord, pg. 1)

            The company
has a Billing department within their office. “The
Payment Card Industry Data Security Standard (PCI DSS) is a set of security
standards designed to ensure that ALL companies that accept, process, store or
transmit credit card information maintain a secure environment.”
(Compliance Guide, pg.1) ABC does not operate within these parameters as there
is an open office. In addition to this all data is stored on one server, there
are no backups or secondary secure locations that house the billing
information.

            Finally,
the biggest and most important law is the Health Insurance Portability and
Accountability Act (HIPAA) of 1996. Since ABC Healthcare is a healthcare
business, these kinds of regulations should be followed complicity. HIPAA was
created to help improve the health care system in the United States. There are
two title sections of the law, the second (Title II) apply in this case. Title
II refers to administrative simplification. Important parts include the
provisions for security and privacy of all health data. Second, it sets
specific standards for how this data is transmitted. Lastly, its requires
unique identifiers for those who are providers. (ASHA, pg.1) Overall, HIPAA
requires all providers and companies in the healthcare industry along with their
third-party associates to develop and implement procedures that maintain the
security of health information. It is important to note that there are multiple
ways that this information can be exchanged: paper, orally, and electronically.
ABC exposes all this health information in each of the three ways that are
mentioned. There are also no procedures in place to even protect or backup the
information.

Ethical Violations

            Within
the company there are countless unethical behaviors. There are no clear rules,
regulations, or procedures to protect company and personal information. These
behaviors are of personal and professional nature. Personal violations begin
with the way employees use company technologies. They can connect personal
laptops to the company’s network without any monitoring. Finally, personal
email accounts and account information are being accessed via the network. These
violations put all personal employee information at risk along with the entire
networks security.

            As far
as professional violations are concerned, these are the most critical to the company’s
success. First off there are no guidelines or policies in place to protect the
personal health information of customers. There are also no policies in place
that prohibit personal use of company equipment including the network. No
backups are made of the server that contains all ABC Healthcare’s data. This
alone create countless problems if the server were to crash, all could be lost
and unable to be recovered because there is no failsafe. Lastly, there are
hidden surveillance cameras around the office. These had been installed without
the proper disclosure to employees.

Potential Impact of behaviors

            There
are many possible consequences because of the violations that ABC Healthcare is
committing. Since the network has been left unprotected there is the risk of
hackers gaining access to all the private information on the companies only
server. The unauthorized access to this information would open the company up
to various lawsuits. Patrons of the company are guaranteed their privacy and
protection. Moving forward with stolen information, this can be sold to
countless people. Private medical records and personal information would be
sold to the highest bidder. Once the information is out in the open, there is
no recollecting and saving it.

In addition, all accounts
associated with the company have generic credentials. These credentials are
easily found on the internet or passed around by word of mouth. If unauthorized
users were to gain access, the entire company would be exposed. This would
cause countless problems and would surely put ABC out of business.

Finally, there is the
threat of breaches occurring from inside the company. There are no guidelines
or protections in place. Company data can be stolen by any number of employees.
There are no separate user accounts with specified access. Basically, all
credentials are shared within all departments. The personal use of company
equipment also opens the company up to more threats. Employees can fall victim
to phishing scams which seek to gain credentials to systems.