Assignment: The confidentiality policy

NOW F OR AN ORIGINAL PAPER ASSIGNMENT:Assignment: The confidentiality policy

The three main areas of secure network information are (1) confidentiality , (2) availability, and (3) integrity . An organization must follow a well-defined policy to ensure that private health information remains appropriately confidential. The confidentiality policy should clearly define which data are confidential and how those data should be handled. Employees also need to understand the procedures for releasing confidential information outside the organization or to others within the organization and know which procedures to follow if confidential information is accidentally or intentionally released without authorization. In addition, the organization’s confidentiality policy should contain consideration for elements as basic as the placement of monitors so that information cannot be read by passersby. Shoulder surfing , or watching over someone’s back as that person is working, is still a major way that confidentiality is compromised.

Availability refers to network information being accessible when needed. This area of the policy tends to be much more technical in nature. An accessibility policy covers issues associated with protecting the key hardware elements of the computer network and the procedures to follow in case of a major electric outage or Internet outage. Food and drinks spilled onto keyboards of computer units, dropping or jarring hardware, and electrical surges or static charges are all examples of ways that the hardware elements of a computer network may be damaged. In the case of an electrical outage or a weather-related disaster, the network administrator must have clear plans for data backup, storage, and retrieval. There must also be clear procedures and alternative methods of ensuring that care delivery remains largely uninterrupted.

Another way organizations protect the availability of their networks is to institute an acceptable use policy. Elements covered in such policy could include which types of activities are acceptable on the corporate network. For example, are employees permitted to download music at work?