TERM PAPER Essay Example | Topics and Well Written Essays - 6000 words

TERM PAPER - Essay Example Yet in an information security survey of 4,255 information technology and information security managers, forty one percent of respondents said they do not have formal security policies (Anthes, 1998). When asked to identify potential threats to their security, the respondents were almost twice as likely to identify hackers over employees as the threat. However, from the literature, it appears that when comparing outside hacking to insider intruding, the greatest threat to computer security comes from the latter (Salierno, 2000; Anthes, 1998; Davis, 1997; Ernst & Young Survey, 1995; Fillon, 1990; Jelcich, 1987). Given that the literature seems to indicate employees pose the greatest threat to information security in general, this leads more specifically to questions about the security of medical records at hospitals. The objective of this study is to gain a better understanding of the impact of information security policy and its effect on the number and seriousness of computer abuse incidents that involve the security of personal medical information maintained at hospitals. In addition, further research may be needed to convince other organizations that information security policy is a vital ingredient in the formula for maintaining a competitive advantage (Schneider and Therkalsen, 1990). The proliferation of electronic patient records (EPR) within the health care information infrastructure presents significant benefits for healthcare providers and their patients, but also creates challenges for those healthcare providers. The benefits include enhanced patient autonomy, improved clinical treatment, advances in health research, and public health surveillance The challenge to providers due to this proliferation is the creation of legal challenges in three interrelated areas: privacy of identifiable health information, reliability and quality of health care, and tort based liability (Hodge, et. al., 1999). Our medical records contain some very mundane information about us such as our height, weight, color of hair and eyes, blood type, and our bouts with colds and other illnesses. However, our medical records also contain information on our fertility, emotions, psychiatric makeup, sexual behavior, substance abuse, and genetic predisposition to disease. Access co this information must be controlled because it is information that could potentially be used to the detriment of the patient (Rindfleisch, 1997). Just as corporations protect their proprietary information, patient health records must be