Comparison of ethics
Ethics is a philosophy of life and became a part of business world - Comparison of ethics introduction. The complexity and critical needs of health care industry are more prone to medical errors, which costs lives, not just the dollars unlike other industries. The quality of care is measured by ethical factors related with Medical industry. However ethics go beyond quality of care and include many other areas of health care industry. The role of Health care administration in the organization is to ensure the complete inside and outside customers. Practice of ethics is also a one of duty for the Health care Administrator. In this context the present paper aims to identify the position and practice of ethics in health care industry with other non health care industry. In doing so, the paper intends to gain insights of ethical practices of non health care industry and tries to recommend the best practices for health care industry, if found any gap with the industry. To observe the key issues of ethical practices in both the sectors, the paper considers the Information Security aspect of business Information from the sectors. For this the paper aims to compare the ethical practices mainly concentrating the primary areas of information Privacy and Security from health care and E-commerce sectors. Every responsible activity in any organized sector of human endeavor requires some form of regulation. Whether it is written or unwritten, legally documented or morally documented, and so the study also tries to observe the ethical practices against the Industry specific ethical standards and legal policies.
More Essay Examples on Ethics Rubric
The Paper explores ethical responsibility from and managerial perspectives in Health care and Non Health care industry. Its focus includes means of ethics and their application to the industry sectors under study in the U.S context.
The paper tries to identify the regulations of ethical practices laid for health care and e-commerce industries, types of protective mechanisms principles and laws that affect the operational decisions of industry service provides and managers which impact the development of industry specific markets.
What is ethics?
Ethics can be defined as, learning of what is right or wrong, and then doing the right thing. Generally ethics are aimed at the employees of organizations whose management experienced trouble once (Taylor)
Types of ethics
There are varieties of practices observed in the business world, like business ethics, corporate ethics, industrial ethics, Biotechnology & Health Care Ethics, Global Ethics, Government Ethics, Environmental ethics, Consumer ethics, professional ethics, technology ethics, Clinical ethics, etc.,
Business ethics expects to maintain good and healthy relations between the stakeholders of the business like, partners, corporate associates, employees, consumers, competitions, society etc., The business ethics mainly concentrate on four areas. Those are the relationship between business and consumers, relationship between employers and employees, nature and value of special forms of business organization and nature and value of financial markets. More often, though, business ethics is a matter of dealing with dilemmas that have no clear indication of what is right or wrong (Madsen and Shafritz). “Business ethics is never going to be successfully regulated. There are bad people who are always going to want to do bad things,” says Martin L. Taylor, vice president of organizational services for the Institute for Global Ethics. The business ethics mainly deal with professional practices that an organization should consider to do and should not consider to do. Lowering quality of product to balance the productivity costs, without intimating to the buyer is a non ethical issue in business.
Ethics in education:
The ethics in education is to maintain ethical standards in the learning and teaching administration process. The ethics inspire the teaching professionals to uphold dignity of their profession and help to promote the public trust and confidence in the teaching profession. The Ethical Standards in the education industry are,
Care: Every student’s well being and Positive learning are the primary objectives of care for every employee and activity of education process.. The ethical standards of care are compassion, acceptance, interest and insight for developing students’ potential.
Respect: The fundamental ethical standard to respect is trust and impartiality. The members of teaching profession should give respect fro spiritual and cultural values, social justice, confidentiality, freedom, environment and democracy
Trust: The ethical standard of trust represents openness and honesty. The trust influences the relationship of teacher with students, parents and with the public
Integrity: The ethical standard of Integrity represents Honesty, reliability i.e. integrity of their commitments and responsibilities in their profession.
Clinical ethics: The clinical ethics related to the ethical standards of doctors and pharmaceutical industries are different from Health care industry ethics. Both of these industries will work together in encouraging the effective and responsible use of existing drugs in treatment and care, monitoring of their use, and innovative research. Doctors are interested primarily in patient care and scientific advancement of medical practices, where as pharmaceutical industry is interested primarily in commercial outcomes, keeping the patient care as primary objective.
What are Professional Ethics?
Professional ethics are the ethics to maintain the conduct and behavior of professionals in the work places. The ethics are mainly observed in the professions like research, teaching, legal, medical, nursing, IT, administrative, etc. Usually organizations embed rules and codes of Conduct and Codes of Practices into their employment policy documents to maintain ethical practices.
The code is adopted by group of people, so that the members in that group should be obedient to those rules and restrictions that apply fort he benefit of a higher goal. But there is difference in the profession like information system and controlled professions such as medicine and law. In the later professions, the loss of membership means the loss of right practice their profession.
A code of professional conduct will achieve the five objectives that professional codes of ethics are supposed to achieve (Johnson and Snapper, 1985):
Inspiration: to inspire members of the profession to act more ethically
Sensitivity: to encourage the members to be sensitive to the moral aspects of their jobs
Discipline: to enforce certain rules of the profession on its members to achieve integrity
Advice: to provide advice in cases of moral complexity and ethical dilemma
Awareness: to alert employers and clients as to what they can expect of the member when performing his or her job.
Issues of ethics in Health care vs E-commerce industry: The health care industry faces ethical problem in maintaining and protecting health related information. These include privacy, security, confidentiality, disclosure or issue of consent related to policies and practices of health care providers, health plans, privacy rights for patients, disclosure limits, flow of protected health information for treatment, payment and health care operations etc., the ethics in health care industry are aimed to get trust on health care system.
The health information of patient should be disclosed only to the individual patient or to the Secretary of the Department of Health and Human Services for use in oversight investigations.
The ethical practices include – non disclosure of patient records, psychotherapy notes without obtaining a patient’s authorization, except in specific cases. The doctor should not send medical records of a patient to another doctor without consent of patient. A patient cannot be listed in a hospital’s directory and patient information should not share with their family without the consent of patient and health care industry should not share information of patient’s directory with the public. Health care industry should not use the medical records of patient for marketing purpose.
Whereas in e-commerce industry, sharing or exchange of online consumer details with third party is treated as most popular unethical issues. Basically, the ethical difficulties associated with e-commerce revolve around issues of privacy and identity both with reference to the human subject involved in the transaction, and transaction non-refutability Baum, et al., as cited in Aljeo Jose G et al.,
What is Protected or Personal Data?
While dealing with the information security, certain data is treated as personal data.
The personal information in the E-commerce industry includes consumer’s personal details like name, address, Identification details, buying details, products purchased and the future interests, social security numbers etc., along with the critical information like consumer’s credit card and debit card numbers, checking account numbers,.
The health-related data in health care industry consists of details regarding illnesses of individual and condition of individual, treatments for diagnosed illnesses such as prescription of drugs, medical procedures and treatments administered from health care providers at hospitals. The protected health information is the information recorded relating to the past, present or future physical or mental health of an individual. This information can be used for the provision of treatment or payment from the health care of the individual.
Health information includes information for staying well, preventing and managing disease, and making other decisions related to health and health care, including the information about health products and health services in the form of data, text, audio, and/or video.
Health products include medical devices, drugs, and other goods used to diagnose and treat illnesses or injuries or to maintain health. Health services include specific, management of medical records; personal medical care or advice; communication between health care providers and/or patients and health plans or insurers, or health care facilities regarding treatment decisions, claims, billing for services, etc.; and other services provided to support health care.
Health services also include bulletin boards, chat rooms, list serves, and other online venues where the participants use media for the exchange of health information
Personally identifiable health-related data, including the incident of childbirth should not be used to contact those consumers for marketing purposes. Also this should not be used without the opportunity to request not to be so contacted and without giving consumers a clear notice of the marketer’s intended uses of the data
This personal data is treated to protect privacy in terms of online marketing. This data should be treated sensitively to the protect the consumer privacy, and should not be disclosed or displayed to the third party. The information should not be sold out or exchanged without the proper consent of the consumer. The information should be used for the purpose it is meant and collected for only. Usage of such information for the purpose other than intimated cause will be treated as unethical practice in the e-commerce industry.
Such information should not be transferred, rented, sold, or exchanged. Also it should not be publicly displayed to be accessible by others to protect the confidential nature of the information. The information should be kept confidential to avoid the misuse by any of the employee or outsider.
Source of Such key Information: In E-commerce industry, such primary data is collected through the online transaction process, when the consumer keys in the personal and financial details in the order forms. Also another mode of submitting such details is through filling up the online survey forms.
Whereas in health care industry, the sensitive data of protected health information is collected through the patient records from the admission forms, lab reports, case reports, Electronic health records, delivery and discharge sheets etc., ,
Further processing of key information:
In e-commerce sector, the data collected can be used to segment the customers in the following ways,
Geographical segmentation: Customer details will be grouped based on variables such as region or country, neighborhood, density or city size.
Demographic segmentation: The customers will be grouped according to the variables such as age, gender, education, family life cycle, occupation, and income.
Psychographic segmentation: The customers will be grouped according to the variables such as lifestyle, social class, personality, and personal interests.
Behavioral segmentation: This segmentation will be done according to the variables such as user rates, user status, attitudes toward the product and the company.
In Health care industry the data is segmented according to the treatment the patient is receiving or according to the consulted physician
When PHI can be used: According to HIPPA privacy rule, the individual medical reports and information can be disclosed and exchanged for the purposes of treatment, payment or other health care operations.
For Treatment: Protected Health Information can be utilized for further medical treatment and other services like diagnostics as a benefit to the patient Ex: Allowing the patient records or laboratory records to be viewed by the physicians to assist in patient treatment and for follow-up care.
For Payment: The Health industry can use and disclose Protected Health Information to get paid for the medical services and supplies which they provide and also to acquire the health insurance
For Research: Protected Health Information can be disclosed for research purpose where effective treatment to patient can be offered through. However these research projects must go through a special process that protects the confidentiality of the Protected Health Information.
For Judicial Proceedings: The health care industry may disclose Protected Health Information to a third party if they are ordered to do so by a court or if they receive a search warrant.
For the study, the literature search is considered to eliminate the possibility of needless duplication of the outcome of the study. The study found that there is no evidence for the comparative analysis of ethical practices is done with health care and e-commerce. Hence the study started analyzing the ethical practices in both the industries to make a recommendation to the health care professionals.
The study found that literature review saves considerable time by building on what is already known as well as using tested methodology, including instruments.
The study progresses by assessing the merit of previous studies: their soundness, relevance, design quality, and findings and conclusions.
The literature search, especially in the findings and recommendations of others, often provides more and more persuasive justification for research on the problem. Previous researchers often identify gaps or areas where more research is needed.
Besides enlarging the knowledge about the topic, the method allows to gain and demonstrate skills in areas like,
Information seeking: the ability to scan the literature efficiently, using manual or computerized methods, to identify a set of useful articles and books, and
Critical appraisal: the ability to apply principles of analysis to identify unbiased and valid studies.
The Literature is collected from Journal articles, books, Government reports, Theses, Internet articles and online magazines. Each of the sources has its own contribution for the information to the paper. Journal articles were used for their up-to-date and concise information. Books were reviewed to have a basic ground theory and to collect facts on the ethical practices. Government and corporate reports were observed to know the relevant policies and legal frameworks for the ethical practices of the industries considered for the study. Theses and research papers were reviewed to understand and compare the knowledge gained in the similar field by authors and scholars. Internet articles and online Magazines were studied to review the application areas of the study in the recent times to gather different opinions and illustrations.
Importance of Personal Information
The importance of personal information to an individual is best defined by Mason (1986) as cited in Myra Sitchon, “Information is the means through which the mind expands and increases its capacity to achieve its goals, often as the result of an input form another mind. Thus, information forms the intellectual capital from which human beings craft their lives and secure dignity.”
When this information is lost without compensation as it occurs with information gathering practices by commercial ventures, an individual may assume that this action is a threat to their human dignity Mason (1986) as cited in Myra Sitchon. In addition, citizens are threatened when they are denied access to their personal information.
The information must deal with threats to human dignity. The ethical issues involved are many and varied, Ethical issues are helpful to focus on privacy, Accuracy, property, Accessibility (PAPA)
Privacy: The privacy issue deals with what information about information of ones, what information can reveal to others under what conditions and what should not reveal and should keep strictly confidential.
Accessibility: The accessibility means about the conditions and safe guards of information which person or an organization has a right or opportunity to obtain.
Information security is the key aspect in maintaining the trust for the organization in dealing with business relationships of organizations has to maintain confirm the trust in dealing For this to achieve, organization will adopt the policies and practices of information security. The protection of individual’s personal information is an ethical practice of organizations. So organizations usually implement training programs, and employ protective safeguards and scientific measures to support the information security policies.
The consumers should also be informed about these policies, procedures and practices to maintain the level of trust and ethical standards.
Data security and associated risk:
Data is stored and maintained for the following purposes:
• store financial information such as accounts and tax details
• have a customer database
• record business information and contact details
• keep employee information such as payroll and personnel files
• communicate via email access the internet.
A significant number of risks are associated with information storage, and this is especially true with that done on a computer. Most of the damages that such risks may have on one’s business are non-negligible. When a company loses its data, regardless of the method of loss (fire, theft, and error), the recollection and re-processing of such information represents major losses in the area of time and money. Delays may be caused through the loss of projects in progress. It may even have much worse consequences, as the reputation of the business may have depended on the confidentiality of the data, which may now have been compromised. Those unethical persons who fabricate viruses may even affect a company’s system so badly that it compromises its ability to do business entirely through its destabilizing effect on company’s system
Issues relating to Information security
For any organization the aspects of information security will be same irrespective of the type of operations it carries. Hence Health care industry and the E-commerce industry will have the same Information security challenges in protecting their business information. The Information security systems are designed so that information and transactions carried out via the system are kept private and confidential. It is impossible to achieve privacy in an organization without proper security system.
Security refers to the fact that information is stored and transmitted exactly as the system owner originally intended KPMG (2001) as cited in Aljeo Jose G. et al.,
The breach of Information security is practiced in the form of “Hacking,” cracking” and “page jacking” which are jointly categorized as attacks on a system’s security.
Hacking jeopardizes the confidentiality and integrity of business relations by making the information non available at the time of need. Hacking is an unethical practice in Information field is generally categorized in three types: theft of confidential information, theft of services, and sabotage of the information network.
Theft of information from confidential files: Unauthorized retrieval of secured and stored information by the unknown or known persons from government records and corporate records comes under such category. Stealing of credit card details, “Intellectual property” in the form of trade secrets and the copyrighted information by breach of security rules is observed in such instances.
Theft of services: Denial of Services is the prime motto behind such unethical practices. Hackers make an invasion into computer networks to crack keys and PINs of ATM cards. Intrusion into network services through virus programs and worms to cause slow down in the services. The purpose of such unethical practice is to cause the inconvenience in accessing the organizations data networks and there by to shred the confidence levels of the customers using the information.
Issues relating to privacy: While browsing on the internet many websites install cookies on the hard drives of user computers to track the browsing details of the users. With such details they collect many user profiles and sell the information further to online promotional campaigns. This is purely an unauthorized collection of information and is treated as unethical practice. This is violating the privacy rules in information field. Privacy is defined as protection of the collection, storage, processing, dissemination and destruction of personal information (KPMG (2001) as cited in Alejo José G. Sison
Ethics & Privacy
Sometimes, people may act deliberately to defy the written and unwritten codes of ethics within their line of work in the organizations. This may be done through deviant means, such as sophisticated electronic devices that facilitate the bugging or taping conversations that were never meant to be recorded. It appears that such actions occur more in the business world than in the health world. It is not, for example, common to hear of health workers engaging in such extreme activities in order to gain access to information of a delicate and private nature. However, one does hear of other forms of ethical breaches in the health sector and the pharmaceutical industry. Some scientists may also attempt to misrepresent the results of clinical trials for similar reasons. Such actions are unethical as they may eventually prove harmful to the public at large (Bassett, et al., 1992; Girotra, Terwiesch & Ulrich, 2006).
Privacy in the context of Health care Industry
Consent, Authorization and Privacy
The issue of consent-According to the Privacy Rule, workers and establishments in the healthcare sector, such as physicians, hospitals and clinics must receive consent from patients or other clients before compromising or turning over to a third party information concerning that person’s state of health. Such permission must be given in written form prior to the disclosure and before any form of treatment or other operation can be performed (Sage, 2000). Currently, it is the practice of healthcare providers to “obtain a patient’s consent for disclosure of information to insurance companies or for other purposes” (DHHS, 2001, p. 4). This is done for reasons having to do with ethics and professionalism. The Rule itself has as its foundation these said practices, and they are eventually expanded for the purpose of having a uniform system by which workers in health care can systematically gain consent for the procedures necessary to ensure the proper treatment of patients. (DHHS, 2001; Hsinchun et al., 2005).
• It is necessary for patients to give consent prior to being treated by health care provider that offers direct treatment to that patient. Such a health care provider may utilize or share protected health information (PHI) only for purposes of TPO. Exceptions to this standard are given subsequently.
• When an emergency arises (such as in the event of life-threatening accidents or communication barriers), it is possible for health care workers to use and disclose information concerning a patient without first having obtained his/her consent.
This is especially true in the health care sector, where laws require that workers treat patients that come into their care.
• Certain members of the health care community whose have very minimal contact with patients, such as persons who work in laboratories, may use or disclose information concerning those patients without first obtaining their consent. Other organizations within the health care sector, such as health insurance agencies and clearinghouses also have the privilege of using or divulging patients’ information without gaining consent. These agencies do have the option of getting this consent if they wish to do so—but it is left to their discretion.
– Health care providers have the right to refuse treatment to any patient who fails to grant permission for disclosing their protected health information.
– It is not necessary for such consent to be obtained by more than one provider at any given time.
– There is no real need for the document that gives consent to be an in-depth one. Such permissions may be given in very general language. The language must, however, be plain enough to be easily understood. It must also contain all that is necessary to make it clear to the patient that any information that is provided might be shared and that he/she does have the right to refuse, impose restrictions, and to peruse the privacy statement of the organization. The consent may be brief document in written from with general terms. Any such statement must then be signed and dated by either the patient himself or the patient’s proxy (McNamara, 1999).
– Individuals have the right to revoke statement of consent except when the health care provider has already acted in response to the consent.
– Restrictions may be imposed upon the permissions for disclosures and uses of protected information. The provider is not obligated to agree to these restrictions, but must abide by those to which it does agree.
– Patients must be privy to the privacy codes of the entity to which he/she gives permission to use or disclose information—and such access to the privacy code must occur before signing consent forms (McNamara, 1999).
According to the Department of Health and Human Services (DHHS), any consent from that is signed by a patient must be kept by the health care provide (or other entity) for a period of six years following its last effective date. The forms may be retained in paper form, electronically, or otherwise—this is left to the discretion of the provider.
Further provisions for privacy and consent have been issued, which stipulate that if a covered entity obtains consent and also receives an authorization to disclose PHI for TPO, the covered entity may disclose information only in accordance with the more restrictive document, unless the covered entity resolves the conflict with the individual.
“Consent” versus “Authorization”
“Consent” is the name given to any document that accords to health care personnel the permission regarding the usage and disclosure of delicate information regarding a patient. This permission is granted solely to the particular health personnel (Sage, 2000). It is not necessary that the consent form be specific about the type of information that will be used included in the disclosure (Sage, 2000). It is generally only the “direct treatment provider” that has the legal right to obtain consent from the patient, and such a person should be “one that treats a patient directly, rather than based on the orders of another provider, and/or provides health care services or test results directly to patients.
An authorization differs in that it offers requests for permissions to patients in a fashion more tailored to suit them and their health needs. This offers permissions to use specific portions of a patient’s PHI for detailed and specific purposes. Such purposes are usually for things that are unrelated to the TPO or for disclosure to be done with a specified third party. Authorizations expire, while consent forms are more open concerning the time-frame in which information might be used or disclosed. Further stipulations include the fact that “covered entities may not condition treatment or coverage on the individual providing an authorization” and that it “states the purpose for which the information may be used or disclosed” (DHHS, 2001, p. 6).
Understanding privacy rules in the healthcare sector:
It is highly necessary to have a deeper understanding of what privacy rule entails as a basis for sustaining quality ethical standard especially for someone working in the healthcare sector. In the healthcare industry, privacy is a more delicate issue than other sectors and its workings are very intricate. The background information released from the Office for Civil Rights, (DHHS, 2001; OCR, n.d.) indicates the intricacy of the Privacy Rule, which became effective on April 14, 2001. The Privacy Rule, according to the Department of Health and Human Services, “provides the first comprehensive federal protection for the privacy of health information” (DHHS, 2001, p. 1). The different departments within the health care sector have all joined in support of the aims advocated by this rule to protect the privacy of the patient. However, these departments also understand how necessary it is that privacy not interferes with the treatment of patients (DHHS, 2001; OCR, n.d.).
The delicacy of the privacy problem becomes even more apparent for other reasons. Though privacy consents and authorizations are generally granted to primary care providers, health care clearing houses and health insurers, it is usually the case that such entities require the aid of yet other entities (such as contractors) in order to provide the best care possible to the patient. To make allowance for the possibility of divulging PHI to such associates, conditions and stipulations are included in the privacy rule for ensuring that the provider obtain
satisfactory assurances that the business associate will use the information only for the purposes for which they were engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with the covered entity’s duties to provide individuals with access to health information about them and a history of certain disclosures.
Therefore, personal health information can only be shared with contractors and associates when such information is necessary for the providers to do their jobs accurately and thoroughly. To facilitate the usefulness of this regulation to the health care officer as well as the individual in securing information in compliance to the ethical requirements, most health care providers must know that they are covered by the new rule and therefore must comply with the new requirements.
Analysts have wondered whether these requirements for consent have not presented barriers to the proper treatment of patients, as this often necessitates open consultation with other specialists and health care providers. However, the stipulations of the consent requirements should not hinders such comprehensive treatment, as those providers who had at one time treated the patient would have also been required to obtain such consent. Furthermore, since necessary consultations with other health personnel are considered part of the “treatment of an individual, it is considered within consensual boundaries to engage in such consultation. Such actions are therefore considered ethical.
The ethical practices in the commercial, technological and other industrial sectors are governed by corporate regulations and social responsibilities. The issues of these sectors differ from those of the health care sector, which deals with the more serious issues of providing medication for human and veterinary sciences, and as such, requires more serious and stringent ethical standard compliance (Hsinchun et al., 2005).
Privacy in the context of E-commerce
The ethical difficulties associated with e-commerce revolve around privacy and identity, both with reference to the human subject involved in the transaction and transaction non refutability (Baum 1998, p.65; Suprina 1997, pp.8–12; Joyanes, 1997, pp.277–281).
Linden, G., Smith, B. & York, J (as cited in Teemu Mutanen )The online e-store Amazon uses consumer data on cross-selling growth and the information about buying patterns is transformed into recommendations. Chris Anderson as cited in Teemu Mutanen argues that this combination of good-quality recommendations with huge inventory of items is a real business advantage. The advantage is gained only if the customer can be targeted with relevant recommendations, the variety of items is not sufficient. Hence E-commerce organizations tend to use the consumer data they have collected from their visitors through online transactions.
The consumers’ experiences on the Net concerning their privacy lists several themes
Beth Givens in his presentation, ‘Privacy Expectations in a High Tech World’ outlined the following themes on consumer experiences regarding privacy concerns:
The first theme is the invisibility of data capture.
A second theme is the potential ubiquitousness of data gathering, and the ability of data from several sources to be merged to create massive electronic dossiers on individuals.
A third theme is invasion. Web sites can capture and track visitors’ clickstream data by placing small text files called “cookies” onto their hard drives. Unless users are savvy enough to set their browsers to notify them about the pending placement of a cookie, it is done without the user’s consent, and it’s an invisible process.
A fourth theme is the fear of harm befalling Internet users – fear,
A fifth theme is confusion over their privacy rights.
The problem of privacy in e-commerce is concerned with the difficulty of securely
conveying the information required for online transactions, Suprina (1997) as cited in A.J.G. Sison.
Information technology and computer professionals began seriously considering the long-term effects of computer ethics in the late 1980s and early 1990s. They recognized the need to organize professionally through such bodies as the Association for Computing Machinery and the Institute of Electrical and Electronics Engineers to devise professional codes of conduct. However, the increasing proliferation of powerful computers in the hands of nonprofessionals widens the scope of potential problems.
Ambiguity on Privacy& Ethical information:
Ethical ideologists have confusing opinions most of the time, and such problems can actually undermine ethical practices (Budd, 2005). In one profession, an action which is not ethically sound may not even be considered an offence in law. In many cases, there is no clear demarcation as to what is ethically wrong and what is legally offensive.
These are some problems encountered by those who practice in the healthcare field, and there exists by no means a consensus on what should be done in such cases (AMA, 1994). For example, economic ethical theorists believe it is the right of every citizen of a country to access health and medical opportunities, irrespective of his financial status (Budd, 2005). What then happens in a place where health information and services are completely commercialized? Do you have the ethical obligation to stop someone who may be indulging in a habit that gives him pleasure and satisfaction, when such actions have serious health implications? When will it amount to interference to stop a smoker who may have health problem from such indulgence? Is it one’s responsibility to stop an alcoholic or gluttonous fellow who may ruin his health by such actions? Does he/she not have a right to eat whatever he likes, whether it might give cancer or damage his kidney? What moral or ethical right does a person have to force a seriously sick fellow who refuses to take medication, or a chronically ill person who may decide to kill himself to escape from the pain and agony?
Disclosure law in Health care:
It must be agreed that the health sector is one of the most delicate and even complicated sectors of the national economy, and that it requires handling with utmost care. It is intimately concerned with handling the most delicate areas of personal information, as it is involved in the documentation of health records, and the treatment and handling of all ailments suffered by persons within society. So, the management of healthcare data requires competence and very high standard of ethics (Agelus, 2004).
So here what must also inevitably be considered is the question of drafting laws and regulations to govern how this information can be secured in the best interest of the stakeholders (Morejon, 2006). Of importance is the question of what the ethical rules are, that govern security of these data and information. Also of importance is the protection of the rights of all concerned, and this is what shall be explored here.
(Sage 2000) has identified the fact of the extreme popularity of laws that require physicians, hospitals, and other health care organizations to give extensive disclosure privileges to patients and customers. He continues:
The main issue that is currently being faced in the health care sector with the laws concerning disclosure is that they are unfocussed. In the words of Sage (2000), they are “scattershot, reflecting short-term political compromises or the equities of individual lawsuits rather than a coherent understanding of the purposes served by mandatory disclosure and the conditions necessary to achieve desired effects.” So it is obvious that managing and securing business information is a whole lot of serious issues.
In spite of this fact, persons who advocate disclosure are usually quick to point toward such laws issued concerning federal securities as models for healthcare disclosure laws. However, Sage goes on to point out that “well-designed information requirements can serve therapeutic goals regarding openness, trust, and participation and can remind physicians and other health professionals of the tensions between their daily practice environment and their overarching ethical obligations” (Sage, 1999). Therefore, in order to design fitting ethical standards and regulations, the particular idiosyncrasies of the health care industry must be taken into consideration.
This will necessitate the prioritizing of such issues as education of the public and overall improvement of performance in as far as social issues may have a bearing on decisions made in health care. Furthermore, financial considerations should not have too great a bearing on the privacy and self-determination rights of citizens (Hsinchun et al., 2005). These are some of the basic issues that must be kept in mind in understanding the important role the health care sector is playing in securing and managing information.
Certain practices that may be acceptable in a health care setting are included below under the condition that measures are taken to keep to a minimum disclosures and other ways of exposing delicate information (Sage, 2000):
• Health care personnel are at liberty to coordinate actions orally for the service of patients when located at nursing stations within a hospital.
• Doctors, nurses, and others responsible for patients are allowed to converse about the condition of a patient currently under their care, whether on the phone, in the presence of the patient, with a provider, or with another (authorized) family member.
• Doctors and nurses are allowed to converse concerning test results from a laboratory. They may do so with the patient or just amongst themselves in an area for joint treatment.
• Health care personnel are also allowed to discuss the condition of a patient when involved in rounds dedicated to training when in an institution that facilitates the training of health care workers (Sage, 2000).
Also necessary are ethical measures that govern the language that might be used during the care of a patient. When talking in elevated tones becomes necessary in a less-than-private location, the language used should be carefully tailored and then reinforced as the proper method of oral communication among colleagues. In the same way, business men who may be discussing classified information may not be aware of the ability a person in another room has to hear the details of the conversation. Nothing forces this hearer to block his ears or otherwise ignore the delicate information being transmitted to him, and as a result he becomes privy to privileged information (Budd, 2005; Sage, 2000).
Methods of privacy protection
Information privacy is anticipated to be protected in 4 ways: (1) government protection through legislation, (2) Industrial self-regulation – private sector enforcement of regulated policies and practices, (3) Self-protection with the assistance of the corporate sector, and (4) Self-protection without any assistance.
Government protection through legislation
There is no single comprehensive federal law governing privacy rights of personal information in online and offline activities (Kelly and Rowland (2000) as cited in Myra Sitchon.
According to Erbschloe & Vacca (2001) as cited in Myra Sitchon, privacy laws vary widely without a single federal government privacy entity attempting to control or guide them. The Federal agency which is federal trade commission (FTC) is taking care of the privacy issues related with individual corporations by exercising regulatory powers. The comprehensive privacy notice from FTC indicates the practices of information gathering, what the information will be used for and how individuals could access and remove the data. Prince & Schmiitt as cited in Aljeo Jose G. ey al., suggests ethical and legal rules of behavior to individual organizations to protect privacy.
Numerous privacy laws have been introduced into state and federal legislature and have been killed effectively by industries whose actions might have been constrained them, Kling (1995) as cited in Myra Sitchon.
However, the closest practice towards privacy legislation indirectly related to the Internet by the federal U.S. government thus far is an updated version of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Myra Sitchon). The Department of Health and Human Services introduced explicit rules, “if you manage, store, or move any personal medical information, you must ensure the privacy and security of that data, or face possible jail time” Hinde (2001) as cited in Myra Sitchon.
Industrial self regulation
Another form of privacy protection is the self-regulation through industry privacy codes
to implement and regulate statutory privacy rules, Gellman (1997) as cited in Myra Sitchon. These Policies are developed with the goal of initiating fair guidelines to assist the corporate sector by information industry groups, Gindin (1997) as cited in Myra Sitchon. The “seal of approval” is one such standard maintained by Online Privacy Alliance created in June 1998 in U.S to develop comprehensive privacy policies for Web merchants.
Privacy Enhancing Technologies (PET) is an encryption procedure offered to the civilians who use the services of the organization. Some organizations also use cookie managers to erase the traces of the privacy information. Freedman as cited in Aljeo Jose G. ey al., also supports this measure in using protocols or software applications like passwords, PINs and cryptography.
Though PETs offer a personal information protection for a consumer, “hackers” can use far more technologies available than PETs that are able to collect, store, manipulate, and retrieve data, Kling (1995) as cited in Myra Sitchon. In addition, PETs do not affect companies in their offline practices of information gatherings in contrast to government legislation policies that can protect against these practices, Givens (2000) as cited in Myra Sitchon. Stewart as cited in Aljeo Jose G. ey al., calls for building firewalls into computers and information system to protect the physical structure or configuration of computer network as a measure of privacy protection.
Self-protection without any assistance
Self-protection mechanism can be described with the online users when they decide on the choices provided for them without any assistance. When individuals chooses not reply to “Spam” e-mail even to request removal from a mailing list since replies indicate to a company that individual’s e-mail account is active and marketable (Navrette, 1998). Such measures protect privacy information by providing steps that may prevent the transmission of personal information to business and criminals. In this protective mechanism, individuals remain in control of their own personal information without the assistance of other groups.
Role of Health Care Administrator
Health care industry is also a business industry including management and administrative responsibilities. The managers of health care industry are called as health care administrators who take responsibilities for planning, direction, coordination, and supervision and the delivery of health care. Unlike the administrators in other industries, health care managers include specialists and generalists. Generalists manage or help manage an entire facility or system, while specialists are in charge of specific clinical departments or services.
Due to the rapid changing in the structure, technology adaptations, evolving integrated health care delivery systems, an increasingly complex regulatory environment, restructuring of work, and an increased focus on preventive care, the role of the health care administrator is also changing and modifying according to the situation. They are responsible to improve efficiency in health care facilities and the quality of the health care provided.
The health care administrators are responsible for the maintenance of patient records, health plans etc., along with the regular Information System managers. In order to maintain authentication and privacy of such key records, the Healthcare administrators should be flexible with the technology, requirements and the developments in and around the industry. The accurate and continuous maintenance of patient record database lies in the hands of health care administrator should maintain the patient record database accurately and completely. In addition, now a days as the health care data is also being shared with others for the purpose of research and compliance practices, the expertise and skill levels of health care administrators have become more crucial in maintaining privacy and ethical practices of the industry.
In this context the health care administrators are often called on to maintain and develop professional standards, procedures, and policies for their institutional activities. The expanding role of the health care administrator includes management of preventive medicine and health care programs, medical and vocational rehabilitation, community health and welfare etc. which needs good leadership and managerial skills along with sound knowledge of policy and protection regulations.
HI procedures to observe Ethical practices
Protecting the Privacy of Patients’ Health Information
Congress called on HHS to issue patient privacy protections as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA included provisions designed to encourage electronic transactions and also required new safeguards to protect the security and confidentiality of health information.
The final regulation covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions (e.g., enrollment, billing and eligibility verification) electronically.
Most health insurers, pharmacies, doctors and other health care providers were required to comply with these federal standards beginning April 14, 2003.
The new privacy regulations ensure a national floor of privacy protections for patients by limiting the ways that health plans, pharmacies, hospitals and other covered entities can use patients’ personal medical information. The regulations protect medical records and other individually identifiable health information, whether it is on paper, in computers or communicated orally. Key provisions of these new standards include:
Access To Medical Records. Patients generally should be able to see and obtain copies of their medical records and request corrections if they identify errors and mistakes. Health plans, doctors, hospitals, clinics, nursing homes and other covered entities generally should provide access these records within 30 days and may charge patients for the cost of copying and sending the records.
Notice of Privacy Practices. Covered health plans, doctors and other health care providers must provide a notice to their patients how they may use personal medical information and their rights under the new privacy regulation. Doctors, hospitals and other direct-care providers generally will provide the notice on the patient’s first visit following the April 14, 2003, compliance date and upon request. Patients generally will be asked to sign, initial or otherwise acknowledge that they received this notice. Health plans generally must mail the notice to their enrollees by April 14 and again if the notice changes significantly. Patients also may ask covered entities to restrict the use or disclosure of their information beyond the practices included in the notice, but the covered entities would not have to agree to the changes.
Limits on Use of Personal Medical Information. The privacy rule sets limits on how health plans and covered providers may use individually identifiable health information. To promote the best quality care for patients, the rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their patients. In other situations, though, personal health information generally may not be used for purposes not related to health care, and covered entities may use or share only the minimum amount of protected information needed for a particular purpose. In addition, patients would have to sign a specific authorization before a covered entity could release their medical information to a life insurer, a bank, a marketing firm or another outside business for purposes not related to their health care.
Prohibition on Marketing. The final privacy rule sets new restrictions and limits on the use of patient information for marketing purposes. Pharmacies, health plans and other covered entities must first obtain an individual’s specific authorization before disclosing their patient information for marketing. At the same time, the rule permits doctors and other covered entities to communicate freely with patients about treatment options and other health-related information, including disease-management programs.
Stronger State Laws. The new federal privacy standards do not affect state laws that provide additional privacy protections for patients. The confidentiality protections are cumulative; the privacy rule will set a national “floor” of privacy standards that protect all Americans, and any state law providing additional protections would continue to apply. When a state law requires a certain disclosure — such as reporting an infectious disease outbreak to the public health authorities — the federal privacy regulations would not preempt the state law.
Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and other covered entities take reasonable steps to ensure that their communications with the patient are confidential. For example, a patient could ask a doctor to call his or her office rather than home, and the doctor’s office should comply with that request if it can be reasonably accommodated.
Complaints. Consumers may file a formal complaint regarding the privacy practices of a covered health plan or provider. Such complaints can be made directly to the covered provider or health plan or to HHS’ Office for Civil Rights (OCR), which is charged with investigating complaints and enforcing the privacy regulation. Information about filing complaints should be included in each covered entity’s notice of privacy practices. Consumers can find out more information about filing a complaint at http://www.hhs.gov/ocr/hipaa/ or by calling (866) 627-7748.
HEALTH PLANS AND PROVIDERS
The privacy rule requires health plans, pharmacies, doctors and other covered entities to establish policies and procedures to protect the confidentiality of protected health information about their patients. These requirements are flexible and scalable to allow different covered entities to implement them as appropriate for their businesses or practices. Covered entities must provide all the protections for patients cited above, such as providing a notice of their privacy practices and limiting the use and disclosure of information as required under the rule. In addition, covered entities must take some additional steps to protect patient privacy:
Written Privacy Procedures. The rule requires covered entities to have written privacy procedures, including a description of staff that has access to protected information, how it will be used and when it may be disclosed. Covered entities generally must take steps to ensure that any business associates who have access to protected information agree to the same limitations on the use and disclosure of that information.
Employee Training and Privacy Officer. Covered entities must train their employees in their privacy procedures and must designate an individual to be responsible for ensuring the procedures are followed. If covered entities learn an employee failed to follow these procedures, they must take appropriate disciplinary action.
Public Responsibilities. In limited circumstances, the final rule permits — but does not require –covered entities to continue certain existing disclosures of health information for specific public responsibilities. These permitted disclosures include: emergency circumstances; identification of the body of a deceased person, or the cause of death; public health needs; research that involves limited data or has been independently approved by an Institutional Review Board or privacy board; oversight of the health care system; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security. The privacy rule generally establishes new safeguards and limits on these disclosures. Where no other law requires disclosures in these situations, covered entities may continue to use their professional judgment to decide whether to make such disclosures based on their own policies and ethical principles.
Equivalent Requirements For Government. The provisions of the final rule generally apply equally to private sector and public sector covered entities. For example, private hospitals and government-run hospitals covered by the rule have to comply with the full range of requirements.
IS procedures for E-commerce Ethics
The Privacy Rights is unique among privacy advocacy groups in that direct interaction with consumers. take what we learn from consumers, analyze it, look for trends and danger points, and feed that information back to legislators, regulators, government officials, industry representatives, other consumer advocates, and people like you interested in policy issues.
LEGAL ENVIRONMENT OF PRIVACY PROTECTION
The United States has taken a sectoral approach to privacy, enacting laws that apply to specific industries and practices. Examples are:
the Fair Credit Reporting Act of 1970 ,the Privacy Act of 1974
the Cable Communications Policy Act of 1984
the Electronic Communications Privacy Act of 1986,
the Video Privacy Protection Act of 1988
the Telephone Consumer Protection Act of 1991
the Drivers Privacy Protection Act of 1994
and more recently, the Children’s Online Privacy Protection Act of 1998.
We have no federal law protecting the confidentiality of medical records, although the Department of Health and Human Services has been mandated by a federal law to develop regulations for electronic records. These are currently under review and are quite controversial.
The Fair Credit Reporting Act of 1970 comes the closest to a robust privacy protection law. It enables individuals to have access to their own data profile. They have a right to learn who has accessed their files. And there are restrictions on who can obtain credit reports. Yet this law, too, is limited.
A more recent example of a robust privacy law is the Children’s Online Protection Act of 1998.
Patchwork approach to U.S. privacy protection:
A further result of the patchwork approach to U.S. privacy protection is that industry has now experienced a long history of having virtually free rein over the use of consumer data. The ability to capture and use information from individuals without getting their permission has become the norm.
Opt out has become the norm in the U.S. The direct marketing industry has used data for decades as the source of mailing lists and demographic information.
Here’s what DMA said to the Wall Street Journal about this law. It is “death to us… If you can’t use information about a person without permission, that generally means you’re not going to have a list of any great substance.” [Robert S. Greenberger, “Mass Marketers Say High Court Ruling Will Boost Costs, Mean More Junk Mail,” Wall Street Journal, January 18, 2000.]
A final result of the patchwork approach to privacy protection is a lack of trust in companies that collect their personal information. A 1998 Harris poll on consumer privacy found that:
Comparisons between the healthcare and the non healthcare sector
In comparison information securing in the health and non-health care sectors, on finds that both sectors have similar goals and tenets. The guidelines concerning the do’s and don’ts of practice are also very similar and the virtues they connote virtually the same. The visions statements for the securing of information within two sectors carry the same message, import, and same moral burden. Both have the same objectives. For example, the American Society for Quality Code of Ethics, as cited in their journal QSO, (1993), uses the words, “To uphold and advance the honor and dignity of the profession and keeping with high standard of ethical conduct.” This rendition of their code of ethics lays great emphasis on honesty, integrity, impartiality, charity, and the use of ones skills to advance human welfare. It also emphasizes on laying a good foundation and maintaining sound relationship with the public.
Ethical practices in Health care Industry: Health care industry is also related with medical ethics like human rights, the needs of patients, the responsibilities of doctor’s etc, However the Health care industry must observe the following ethical practices to maintain the trust of the stakeholders like doctors, patients and other health care professionals
Notice: When patient seeks treatment from the health care industry, health provider must give “Notice of Information Practices” that states privacy rights and explains the procedure of use and disclose of health information to patient.
Access: The patient has right to see, copy, and supplement their own medical records. Security: Health care providers, plans, and “information clearinghouses” that collect, share and store health information must have appropriate technical and administrative safeguards in place to protect the information.
Psychotherapy Notes: Mental health providers can refuse to disclose psychotherapy notes to health plans without obtaining a patient’s voluntary authorization.
Both the health care and non-health care sectors place high emphasis on having good relationships with employers and clients, and not divulging secrets and things told in confidence by clients and former employees without the consent of those concerned. This is exemplified in the ethics of the delicate non-health care sector of Industrial Technology. In an analysis done by Helsel (2004), it is surmised that the same issues affect almost the same sets of professions and so the same line of thought applies to many of them. If one considers ethics along the lines of the extent to which a lawyer or businessman might be expected to divulge secrets told to him/her in confidence by a client, in the same way a medical doctor must not reveal the details of ailments and predicaments narrated to him by a patient .
All of these professionals have to conform to similar ethics of professionalism; however, in the health sector, the checks and stakes are higher. But the same mode of trustworthiness, confidentiality, accountability, display of goodwill, and social obligation can (and should) be observed. In all sectors, professionals have to struggle with similar kinds of dilemmas to either keep up with the ethical standards, or otherwise to betray it. What is also true about in all areas of industry is that most ethical standards of conduct and work regulations are better preached than practiced (Helsel, 2004).
In what Roger (2006) calls “corrupting health,” he observes that this divide between theory and practice is a problem not just in poor countries but all over the world. Roy Poses, a medical professor from Brown University, has described ethical concerns and occasional fraud that exist in the healthcare sector and he these have made stringent monitoring of ethical standard to be somewhat relaxed. Where punishment is expected to be applied, a compromise will be tolerated. In contrast, it can be proved that adherence to the ethics in non medical profession—be it commerce, and especially business—is mainly built upon self interest.
In what ways disclosure of HI is ethical?
The use of personal information is ethical in the cases of following:
There is no need consumer consent for doctor to transfer medical reports of patient to another doctor for health operations like treatment.
The rule of privacy allows the hospitals to provide information directory to the public except the in the situation of patient specifically chosen that not to reveal the information.
If there is no objection to patient, the health care industry can disclose the directory of information “to members of clergy”.
Under the privacy rule, the health care industry may disclose the information to the family members or to relatives or to individual who involved in taking care of patient or for the payment related to the patient’s treatment.
The press can access the directory of information and health care industry can available the information for public unless the patient had opted that not to disclose the information to public.
Ethical practices in E-commerce industry:
In order to understand the ethical issues that arise in relation to e-commerce, it is
essential to fully appreciate its advantages and disadvantages compared to conventional commerce (Economist, 2000b as cited in A.J.G. Sison and J. Fontrodona.
Online Terms, Conditions, Policies and Laws
At the moment, most online privacy policies are produced by private businesses for individual companies. Governments are developing legislation to support and strengthen the privacy protection measures of many businesses. These initiatives are aimed at regulating the storage, use and disclosure by businesses of personal information.
Privacy legislation is designed to protect a person’s personal information. The privacy laws of their host country affect overseas companies. Every organisation should be very careful while applying terms and conditions for the electronic transaction for Internet users. Privacy and security policies not only reflect the organizations practice but also the rules and regulations for doing business with the company. Major issues regarding the legalization of electronic transactions include the following.
— Ensure proper online contracts.
— Record retention obligations.
— Original documentation, in terms of TAX and VAT requirements.
— Import/export regulations.
— Exchange control regulation.
— Foreign data protection law.
Protecting privacy in information systems
P3P – The Platform for Privacy Preferences. P3P is a standard for communicating privacy practices and comparing them to the preferences of individuals.
XACML – The Extensible Access Control Markup Language together with its Privacy Profile is a standard for expressing privacy policies in a machine-readable language which a software system can use to enforce the policy in enterprise IT systems.
EPAL – The Enterprise Privacy Authorization Language is very similar to XACML, but is not yet a standard.
Data privacy is not highly legislated or regulated in the U.S.. In the United States, access to private data is culturally acceptable in many cases, such as credit reports for employment or housing purposes. Although partial regulations exist, for instance the Children’s Online Privacy Protection Act and HIPAA, there is no all-encompassing law regulating the use of personal data. The culture of free speech in the U.S. may be a reason for the reluctance to trust the government to protect personal information. In the U.S. the first amendment protects free speech and in many instances privacy conflicts with this amendment. In many countries privacy has been used as a tool to suppress free speech.
Law for E-commerce:
“As of now, there is no comprehensive set of laws or regulations that exist for international electronic commerce,” says David D. Barr as cited in M Ali Nasir
Barr, David D as cited in M Ali Nasir expresses that it is difficult to establish uniform worldwide laws for e-commerce, but some building block legislation within individual countries is necessary
By applying laws and sketching boundaries around the borderless Internet do we negate the term “freedom of information”? How will legal structure affect international transactions on the Internet? Will it restrict the potential growth of the Internet prematurely?
Rapid changes in technology do not allow enforcement of specific laws in cyberspace. For now many organizations are promoting global coordination of legal structures Barr, David D as cited in M Ali Nasir.
The healthcare sector commands a very vital aspect of the nation’s well being, and this has to do with management of human life, health concerns, well-being, drug administration, animal health administration and management regulations. Even the control of chemical products and the human use of it are under healthcare, so it requires the serious regulations and legal surveillance that governs the security of information (AMA, 1994). On the contrary, the non healthcare sector obviously does not command such importance to human health and wellbeing, so there is room for laxity in their governing ethics. It has no set standard of administration, except in few strategic core professional bodies who are highly concerned with high standard (Sage, 1999, 2000).
As far as securing business information is concerned, the healthcare sector is far more standardized. The reason for this is comes down to the essential nature and type of services they give. Its mode of operation is seriously guided by rules, well documented codes and ethics, and oaths that bind the person to compulsively abide by the tenets. Almost in all cases, such rules are universal. All over the world, it is known that it is unethical for medical doctors to reveal secrets of their patient’s ailments to others by way of gossiping. Veterinary medicine practitioners’ code of conduct is almost the same anywhere in the world. Ethics and standards in non health fields do not enjoy such universality (Sage, 2000).
Comparison of Roles of administrators:
Differences exist in the criteria for qualification before certification can be awarded in the different sectors. Entrance into the non health field as a practitioner is open to virtually all. (This is true with the exception of some fields like engineering, or other sectors that may involve risks to human or national safety). That is probably the reason why there is not much standard set in securing information. For example, becoming a business person is open to all. Even in most sectors that requires government certification or permission to qualify to participate, there is no serious requirement for observance of any set rule. A motor driver, for instance, has no ethical rule that may warrant anyone watching over him to adhere to. When he commits ethical offence, anyone looking may frown, but so long as he has not offended any state law, he can go his way without blinking. The healthcare field is clearly not so (Sage, 1999, 2000).
In the healthcare sector, admission is not easy. To qualify as a physician, pharmacist, veterinary doctor, or nurse takes time and rigorous training. Such professionals, therefore, know the strategic and delicate importance of the position they occupy. This naturally high standard of the profession causes them to take the ethics of the profession seriously and to hold it sacred. Therefore, the ethical standards of securing information in this sector are not easily compromised. The moral stakes of violating such ethical standards are quite high, and so such professionals are expected to abide faithfully to them.
The ethics in other professions are not usually viewed in as sacred a light as that of health care. It regulations may exist, but members of such professions do not generally see themselves being as strictly bound to them as those professionals within the health care sector. Their commitment to adhering has fewer checks from authorities. For example, fewer people care if a businessman decides to cheat a customer, and fewer care if a trader sells goods and articles that are cheaply made for an exorbitant price to an unsuspecting customer. But a pharmacist who knowingly sells expired drugs to any person has violated a strict regulation, and as such has committed an offence (AMA, 1994; Sage, 1999, 2000).
On the other hand, in the commercial, technological, mechanical, fields, modes of securing business information is organized only if the regulatory body is organized. Mainly, it is based on understanding between the persons involved, the individual nature of the characters involved in the dealings. Most governments have put some laws in place to guide many aspects of life and business, but what is being considered here are the observance, applicability, enforceability, and popularity of such ethics. In most fields or professions, workers have no clear ethical leadership in the administration; for example, is there any ethical regulation governing those mechanics repairing vehicles? Are there any known enforceable rules governing ethics in hotel services? Governmental or other legal documents are not being referred to here, but ethical questions that may compel an hotelier to refrain from giving away information regarding their lodgers to strangers.
Ethics in securing business information in non health care sectors are determined by interest, profit, goodwill and other such considerations of goodness. It is not a matter of compulsion as exists in the health profession (AMA, 1994; Sage, 1999, 2000). A business man is not bound to tell the truth when he is negotiating a deal with a client. When he is bargaining prices he can tell lies to convince his customers. A bank staff knows what is ethical, but may decide to flout it without any pinch of conscience. A medical doctor, on the other hand, cannot knowingly tell lies in a bid to deceive his patients. This is not done.
The healthcare sector is specialized, well structured in organization and so is relatively less broad. It is not a wide field per se. It is exhaustive, meaning that one can name all the sectors comprising the fields. On the other hand, the non health industries are quite limitless. They are very large and innumerable. It is much easier to set a stringent ethical code in securing information for, say, all persons involved in veterinary medicine, pharmacists, traditional and orthodox medicine practitioners, and all those involved in every paramedical fields. However, consider the task of organizing everybody involved in a particular aspect of small scale industries in a country. Such a task is gargantuan because such businesses are usually difficult to detect, much less to regulate. The organization may be there on an individual business level, and the body that oversees that organization may exist, but the reality is that by virtue of the sheer size of members and actual number of people involved in that aspect of business, control is most difficult—almost impossible. The best authorities can do is achieve a feeble control, and such members enjoy impunity in disregard of such governing rules. The non medical sectors number too many for many governments to be bothered about details of ethics, or for any regulatory body to do anything meaningful.
The ethical securing of information may be said to have attained a higher level of sophistication in the healthcare industries, but much still needs to be done. The standard that exists is higher in the medical field than in non-medical fields, but the scope of the health sector extends far beyond the field of medicine. It extends to those in the non-traditional healthcare sector (such as alternative medicine, veterinary medicine, and clinical animal research), who may not know as much about the regulations of securing information. There may be total lack of coherence on the existence of ethical rules .
With the continued advancement in knowledge, especially in the area of information technology and the inroads it had made in the improvement of healthcare services, the world had been experiencing new frontiers with regard to the ethics of certain practices. With electronic-based and/or internet diagnosis of a patient by a doctor (who may reside in a different country or location) ethical information-management boundaries are being broken and new ones erected on constant basis,
What is encouraging is that steps are continually being taken so that both the healthcare sector and its non healthcare counterpart will advance and develop in the direction that technology is taking. The non healthcare industries should make every effort to take the issue of ethics in securing business information very seriously by immediately putting in motion the necessary machines or legal/legislative mechanisms. Such action may serve both to unify the level of ethics across sectors and create an elevated awareness with the non-health sectors about the need to get acquainted with and abide by all these ethical standards. The future goal is to make such an ethical program compulsory for all trade unions and other professional bodies.
Sustaining quality ethical standards of securing business information both in healthcare and non health care industries deserves to be seriously considered by all concerned. It is sad that it is only in the medical, pharmaceutical, and a few other sectors that this aspect of administration is taken vary serious. This paper had praised the healthcare sector because of the serious manner it had held the concept of ethical standard in securing information. It has gone far in terms of regulation, legislation and to a reasonable extent administration. There are prospects of more beneficial advancement following the observance of these ethical guidelines,
In order to accomplish this, it is recommended that the same seriousness and care achieved by the Privacy Rule in mainstream health care institutions be extended to every aspect of the healthcare sector. This should especially be done in the non-traditional healthcare and other paramedical sectors which in many nations are not well organized at the moment. Administrators and other professional need to be well acquainted with major issues in managing privacy and security of healthcare information used to mine data. They need to know how to review their fundamental components and principles as well as relevant laws and ethical codes. The task of avoiding pitfalls in data mining may require some specialized knowledge, and such knowledge must be sought and acquired by the relevant parties.
The above recommendation should be extended to every department of the healthcare sector. As articulated by Rodrigues (2000), there is every need to update the awareness of managers, owners, and employees concerning the ethics of information security. This involves the treatment of such issues as privacy, compliance, integrity, confidentiality and human subject protection, which are ever evolving and require that even specialists continually refreshing and updated their information on the subject.
The researcher, along with Rodrigues (2000), realizes that the rules and regulations that exist regarding privacy, consent, authorization and other areas of ethics are now inadequate in light of the types of challenges being faced in both health care and non-health care sectors. The freedom with which information can be accessed needs to be controlled in such a way that those who are entitled to it can readily receive it and those not entitled can be effectively prevented from appropriating it. As it regards the laws governing cyberspace both within and outside of the health care sector, experts in all fields must converse and make efforts to come to a consensus about what is feasible and practicable concerning security issues (such as computer data bases) that transcend on sector or another. Such persons should be experts in medical- or bioethics, criminal law, civil law, medical computing, as well as medical ethics/law.
Since the information dealt with in health care is so delicate and private, the public depends greatly for its privacy on the ethical actions of those who work in the health care industry. What also makes the situation so significant and so in need of the most stringent protection is the fact that such delicate information is being increasingly stored in computers and accessed even through the internet (Rodrigues, 2000). Furthermore, the rate at which storage of health care information is being migrated to off-site areas through the use of ASP’s or application service providers complicates the problem even further.
Yet, though the information handled by non-healthcare workers may not always be as delicate, the public still depends on such persons to keep certain types of information confidential through the implementation of and adherence to ethical practices. Such qualities as honor and integrity are therefore necessary in workers, regardless of their field of specialty. In addition, it is important that society foster a universal harmonization of the methods of interpreting the tenets of ethics with the health and non-healthcare sectors. Legal and ethical standards should aim to become more harmonized as there need not be different standards. Let documents evolve that will simply and comprehensively articulate the ethical provision in a detailed and accessible format. Such codes may be backed up by legislation and enforcement as the codes would be known (and, therefore, could be practiced) by all. Ultimately, when the problems with the uniformity of ethical guidelines have been worked out in individual countries, such ethical standards for securing information may be made uniform on a global scale. Therefore, the ethical guidelines for both health and non-healthcare sectors in Asia would be same as those in Africa as well as in Europe.
A great deal more effort will have to be placed in imposing a good measure of law enforcement to promote the observance of ethical standards in non health industries. At the moment, in a good number of sectors, ethical guidelines are either non existent, haphazardly organized, or merely in existence for courtesy sake and never observed. Where transactions are being performed electronically, technological strides are continually being made, and this has caused the creation of even more methods for breaching ethical standards. This makes it necessary that further legal codes be drafted and creates the need for even further regulatory measures to enforce such legal and ethical codes. Business owners, managers and health care stakeholders must continue to be committed to ethics, while the law and other regulatory bodies must continue to be vigilant about the necessity of ethical practices in both health and non-health care sectors.
Finally, it is important to increase the simplicity and ease of understanding the ethical documents governing the securing information. Most of the documents concerning ethical conduct are so complex or filled with jargon that it may take training in a certain legal areas to understand. Since such ethical principles are rules that must be obeyed by all, they must for that reason be written in simple terms for anyone who desires to be able to read without much difficulty.
According to Alberts and Dorofee (2002), many persons tend to seek out a foolproof solution to the problem of information security. It is this thought that fuels the continued market for new security software and technology. However, only a small percentage of organizations ever pause to consider precisely what it is that they aim to protect and also why and from what (or whom) these things need protection. Information security is a very complicated problem, and it is rare or even impossible for such problems to be solved merely by appropriating software or technology and applying it to the problem. The analysis of the problems within one’s organization is indispensable to the effective selection and application of any security measures, be it technological or otherwise (Alberts & Dorofee, 2002).
A method more protective of the business’s ethical standards would start with the areas of information security that would compromise those ethics and then focus on strengthening the technology in areas that would better protect those areas (Alberts & Dorofee, 2002).
One method of creating an approach to computing security that hopes to fulfill the ethical goals of organizations is by ensuring the sensitivity of the method to different contexts. To ensure this, it is necessary for the developer to “define a basic set of requirements for the evaluation and then develop a series, or family, of methods that meet those requirements” (Alberts & Dorofee, 2002, p. xxvi). The methods chosen for use in each approach could have the advantage of being tailored to fit individual business situations.
One such system, known as OCTAVE, has been developed by Christopher Alberts and Audrey Dorofee for the purpose of defining “a systematic, organization-wide approach to evaluating information security risks” (p. xxvi).. Electronic communication is one of the much such advancement that makes healthcare delivery even more efficient. However, with these advances also come several challenges that involve privacy protection (Hsinchun et al., 2005). Such pliable solutions as provided by OCTAVE may prove a breakthrough in enhancing the ethical practices of both healthcare and non-healthcare organizations.
Privacy protection strategies for E-commerce industry:
Consumer education. Consumer education can be conducted by programs like the Privacy Rights Clearinghouse, by government agencies like the Federal Trade Commission and the California Department of Consumer Affairs, and by the commercial web sites themselves. The existing web privacy policies are not adequate in consumer education.
Need for a “societal feedback mechanism” whereby individuals’ questions and complaints can be heard, analyzed, and ultimately acted upon.
Conduct privacy impact assessments on their products and services in the development stage.
Need for Congress to enact legislation that provides individuals with a baseline of privacy protection on the Net by codifying the fair information principles. The 1998 Harris poll on Internet privacy found that just over half of those surveyed “favor government passing laws to regulate how personal information can be collected and used on the Internet.”
M Ali Nasir, Legal Issues Involved in E-Commercehttp://www.acm.org/ubiquity/views/v4i49_nasir.html