Comparison on ethical standards of securing business information between healthcare and non healthcare industries

Comparison on ethical standards of securing business information between healthcare and non healthcare industries.

ABSTRACT.
The essence of the work is to analyze the essential difference between the ethical standard between the health care sector when compared to the other non health care sector like the commercial, technological, commercial and other sectors. It discusses ethical regulations, legislations and the extent of the administration of these rules in those sectors. It posits that the health care sector maintains a high standard ethical practice, especially in the medical, pharmaceutical and a few paramedical fields.
It distinguishes as well as defines clearly the concept of ethics and law and how they are legislated in a few selected establishments.
A deep insight was thrown to illuminate on the contentious disclosure law as a strong ethical question in the health care industry. Equally, the issue of consent and privacy rules was also dealt with in a manner that is detailed. Not only that, the paper explained how information can be protected from physical and electronic abuse.
A lucid comparison of the health care and the non health care ethics in securing information was analyzed. They are equally contrasted.
Far reaching recommendations by way of suggesting for the extension of the high quality ethical standard in the major health sector to other branches like the paramedical. Not only that, the recent development in electronics assessment and dissemination of business information need to be regulated and legislated. Finally, there is need for simplification of all ethical legislating and regulating information to be made available to everybody who so desires.
INTRODUCTION.
The complexity and strategic importance of the entire healthcare industry has made it possible for them to take the forefront in setting earlier high standard in ethics in securing business information in the healthcare sector. Being a special sector, it requires extreme careful effort and knowledge in management of its operation when compared with ethical management in other non health care industries.
On the contrary, adherence to ethics in securing business information in the non health care field of activities are largely backward and poor. Such issues as privacy concern, information data security, confidentiality, consistent trustworthiness, had not been enshrines as much in the non health care sector. They are still worlds apart.
Every industrial ethics demands establishment and implementation of labor laws, ethics that will guide even its finances, management, training and other best practice that must be complied with as far as the profession is concerned. Whereas, the commercial, technological and other industrial sector are ethically governed by corporate regulations and social responsibilities, the health care sector, which deals with the more serious issues of providing medication for human and veterinary sciences requires more serious and stringent ethical standard compliance.
This paper will attempt to examine by way of comparison, the ethical standards set in securing business information in the two industries mentioned above. It will take into account the major differences in ethical practice between the two sectors. It will examine the theories supporting the various ethical standards, and also analyze the different opinions shared. At the end, it will compare and contrast a critical view of the similarities and differences in both sectors.
Every responsible activity in any organized sector of human endeavor requires some form of regulation. Whether is it written or unwritten, legally documented or morally documented, and so the two areas under consideration identified above is not an exception. In consonance with observing high degree of high ethical standard in matters of securing business information in matters of health care administration, the healthcare industries had built an impressive degree of legislative documentation to guide its operation effectively. We believe it is because they understand the fact that their responsibility of being in charge of human life, handling sick people, treating ailments and interacting with sensitive issues involving human life and well being that made their ethical standard to be so advanced. They understand the vital role securing information will play in making people develop trust and confidence in the health care and medical practitioners.
As stated above, we shall be carrying out a comparison on the two areas. To start, we shall first try to be detailed in understanding what ethics and law are, and how they relate to the topic under consideration. This will enable us know how to base our judgments in the comparison. We shall also attempt to distinguish the difference between ethics and law; give a definition and point out the relationship between them. Is ethics regulated? What are the codes of ethics, and what are those potential conflicts that are likely to arise? We shall find out about all these.
Also, we shall discuss the major differences between the ethical standards within the health care and non health care industries. We shall explore the similarities they share, as well as the dissimilarities or their areas of contrast.

In addition, we shall be taking a detailed look into the code of practice in both field’s areas and see where there is smoothness and lacuna in their practical applicability in our everyday life. At the end we shall give our recommendation on possible areas of improvement by way of giving recommendations.
WHAT THEN IS ETHICS?
To have a fair assessment of ethical standard of any field of interest, it is important to understand what ethics is all about. That is what informs these background analyses.
There is a strong closeness that exists between law and ethics. If a close look is not taken they will almost mean the same thing, yet they differ. In many ways, law and ethics overlap and what is perceived as unethical could also be illegal. In other situations, they do not overlap. In some cases, what is perceived as unethical is still legal, and in others, what is illegal is perceived as ethical. These looks like a confusing logic, but they make sense. A behavior or character may be looked upon as ethical to one person or group but might not be perceived as ethical by another. Further complicating this dichotomy of behavior, laws may have been legislated, effectively stating the government’s position, and presumably the community, profession or majority opinion, on the behavior. As a result, in today’s different business environment, one must consider that in actual fact, law and ethics are not necessarily the same thing.
DEFINITION OF LAW AND ETHICS
As quoted in Legal Information Institute, (1999). Law can be defined as a consistent set of universal rules that are widely published, generally accepted, and usually enforced. These rules describe the ways in which people are required to act in their relationships with others in a society. They are requirements to act in a given way, not just expectations or suggestions to act in that way. Since the government establishes law, the government can use police powers to enforce laws. The following chart defines the terms in the definition of law above.
• Consistent: If two requirements contradict each other, both cannot be termed a law, because people cannot obey both.
• Universal: The requirements must be applicable to every one with similar characteristics facing the same set of circumstances.
• Published: The requirements have to be published, in written form, so that they are accessible to everyone within the society.
• Accepted: The requirements have to be generally obeyed.
• Enforced: Members of society must be compelled to obey the law if they do not choose to do so voluntarily.
As noted by Anstead, S.M. (1999), The word ethics is derived from the Greek word ethos (character), and from the Latin word mores (customs). Both combine to define how individuals choose to interact with one another. In philosophy, ethics defines what is good for the individual and for society and establishes the nature of duties that people owe themselves and one another. Take note of the following items, they are common features of ethics:
• Ethics involves learning what is right and wrong, and then doing the right thing.
• Most ethical decisions have extended consequences.
• Most ethical decisions have multiple alternatives.
• Most ethical decisions have mixed outcomes.
• Most ethical decisions have uncertain consequences.
• Most ethical decisions have personal implications.
It is equally essential to note that there is also a dis-similarity between ethics and morality. Morality refers both to the standards of behavior by which individuals are judged, and to the standards of behavior by which people in general are judged in their relationships with others. Ethics, on the other hand, encompasses the system of beliefs that supports a particular view of morality. Anstead, (1999)
The Relation Between Law and Ethics
Ethical values and legal principles are usually closely related, but ethical obligations typically exceed legal duties. In some cases, the law mandates ethical conduct. Examples of the application of law or policy to ethics include employment law, federal regulations, and codes of ethics.
Although law most times embodies ethical principles, law and ethics are far from co-extensive. The law does not prohibit many acts that would be widely condemned as unethical. And the contrary is true as well. The law also disallows acts that some groups would see as ethical. For example lying or betraying the confidence of a friend is not illegal, but most people would consider it unacceptable and as such, unethical. Yet, speeding is illegal, but many people do not have an ethical conflict with exceeding the speed limit. Law is not just codifying ethical norms, it goes much more than that.
The following illustration by McNamara, C. (1999), depicts the relationship between law and ethics.
Establishing a set of ethical guidelines for detecting, resolving, and forestalling ethical breaches often prevents a company from getting into subsequent legal conflicts. Having demonstrated a more positive approach to the problem may also ensure that punishment for legal violations will be less severe. Federal sentencing guidelines passed in 1991 permit judges to reduce fines and jail time for executives proportionate to the ethical measures a company has taken.
The Legislation of Ethics.
The code of conducts which everyone had identified and agreed that is good to observe must be written down in a document, and be revered as a guiding principle. It then becomes a law. In many fields, especially the non health care sectors, there is no form of legislation or regulation of ethical standards. By virtue of being an adult or belonging to that environment doing that particular business, the good ethics regarding securing information or any other matter, but the reality is that this ethics are never written down. People know them by heart and obey them as they will.
Numerous laws have been enacted to protect employees against what society perceives as unethical behavior in the workplace. These laws are administered by the United States Department of Labor. Generally, these laws reflect the ethical standards of the majority of society. An example is the Americans With Disabilities Act of 1990 (ADA). According to the ADA (1990)
“No covered entity shall discriminate against a qualified individual with a disability because of the disability of such individual with regard to job application procedures, the hiring, advancement, or discharge of employees, employee compensation, job training, and other terms, conditions, and privileges of employment.”
Most people would not dispute the fact that it would be unethical to deny employment or promotion to a disabled applicant, solely on the basis of that disability, especially when that disability would not affect their work performance. In this issue under consideration, a business man who had been taken into confidence and have a business partner confide in him will not have any sense of obligation to keep such information away from others. This is because there is no legislation that compels him to do that. On the contrary, the medical profession for example is under obligation to keep everything his patient told him in confidence in secret. He is reacting to the legislated and codified ethics that guides his profession.
Ethics Regulations for Employees of Establishments.
Executive branch employees are subject to statutes and regulations commonly referred to as “ethics” standards. Through these statutes, the government has established legally enforceable rules on ethical behavior. The two basic sources of these standards are the criminal conflict of interest statutes and the administrative standards of ethical conduct.
• Chapter 11 of Title 18, United States Code is an example of a Criminal Conflict of Interest Statute. The conflict of interest statutes prohibit a Federal employee from engaging in certain types of activities that would place the employee’s own personal interests above the Federal Government’s interests. The essence of securing business information is to protect the interest of both parties. That is the principal and the partner, the doctor and his patient. The interest of the entire field of profession is better served if they learn to keep information told them in secret without divulging them.
The Code of Federal Regulations Part 2635 is an example of Administrative Standards of Ethical Conduct Regulation. The standards of conduct regulation establish principles of ethical conduct for employees within the executive branch. The regulation not only identifies the principles but also provides easy to understand examples of how the principles apply. The standards of conduct cover such topics as:
• gifts from outside sources
• gifts between employees
• conflicting financial interests
• impartiality in performing official duties
• seeking other employment
• misuse of position
• outside activities
Codes of Ethics
Private Companies, organizations, associations and professional bodies frequently establish their own Codes of Ethics. These may be formally written or understood. Although the government does not enforce these Codes, they are enforced internally. Violation of the Codes alone can, in some instances, be grounds for termination. The following tables show examples of such Codes from The Jet Propulsion Laboratory Ethics Program, (1999)
The Jet Propulsion Laboratory Ethics Program:
I will conduct all business dealings with fairness, honesty and integrity.
I will protect all information and resources available to me from loss, theft, and misuse.
I will avoid even the appearance of conflict of interest or any other impropriety.
I will treat my fellow employees fairly and with dignity and respect.
I will help create and sustain an atmosphere conducive to the spirit of this code.
AMA Principles of Medical Ethics are as follows”
A physician shall be dedicated to providing competent medical service with compassion and respect for human dignity.
A physician shall deal honestly with patients and colleagues, and strive to expose those physicians deficient in character or competence, or who engage in fraud or deception.
A physician shall respect the law and recognize a responsibility to seek changes in those requirements which are contrary to the best interests of the patient.
A physician shall respect the rights of patients, of colleagues, and of other health professionals, and shall safeguard patient confidences within the constraints of the law.
A physician shall continue to study, apply, and advance scientific knowledge, make relevant information available to patients, colleagues, and the public, obtain consultation, and use the talents of other health professionals when indicated.
A physician shall, in provision of appropriate patient care, except in emergencies, be free to choose whom to serve, with whom to associate, and the environment in which to provide medical services.
A physician shall recognize a responsibility to participate in activities contributing to an improved community.
Potential Conflicts
Some activities and beliefs may be legal, but not perceived as ethical. Marriott Corporation maintains very comprehensive ethics standards to which their employees must abide. Their Corporate Dress Code is an example. Several years ago, the orientation program at Marriott Corporate Headquarters included a presentation on what was and was not considered acceptable appearance in the company. Some requirements included:
• Women could not wear skirts any shorter than 4 inches above the knee.
• Women could show no bare leg. Either long pants or hose were required at all times.
• Women’s shoulders could not be exposed.
• Men’s hair could not reach their collar, except for religious reasons.
• Men could not wear earrings.
Although these rules were part of company policy, there is nothing illegal about any one of these items. However, in the Marriott Corporate culture, each was considered unethical.
Another example is the manufacturing practices of Nike, (1998), one of the largest manufacturers of athletics sportswear in the world. Nike produces the majority of its goods in South East Asia. Despite the profits of the Nike organization, its foreign workers are paid substandard wages and work long hours in appalling conditions. In 1996, the entry-level wage at one of these factories was $2.20 a day. Labor groups estimate that a livable wage in Indonesia is about $4.25 a day. Compare this with the pay of one of Nike’s celebrity promoters, Michael Jordan, who gets $20 million a year to promote Nike sneakers. Jordan’s compensation alone is more than the annual income of 20,000 workers who make Nike shoes.
Nike’s manufacturing practices are not illegal. There is nothing that says a company cannot take its manufacturing operations outside the United States. And as long as the company is meeting the minimum wage standards of the host country, there is nothing illegal about paying low wages. However, most Americans would look at these practices as unethical, especially considering the profits of Nike and their spending on celebrity promoters.
On the other hand, there are some behaviors which are illegal, but widely perceived as ethical. One example is taking office supplies from the company supply cabinet for personal use. Legally, this is considered theft, but many people see no moral or ethical problem and do it anyway.
Another example is buying a copyrighted software program and installing it on multiple computers. Technically, this violates Federal copyright laws. Yet, the piracy of software is widespread, even in corporations that consider themselves ethical.
Federal copyright law protects software from the moment of its creation. This is stated in the Copyright Act, Title 17 of the US Code. The Act gives the owner of the copyright “the exclusive rights” to “reproduce the copyrighted work” and “to distribute copies … of the copyrighted work”. It also states that “anyone who violates any of the exclusive rights of the copyright owner … is an infringer of the copyright”, and sets forth several penalties for violation of a copyright. Those who purchase a license for a copy of software do not have the right to make additional copies without the permission of the copyright owner, except to:
• copy the software onto a single computer, or
• make another copy for archival purposes
Although many people would write off the impact of software piracy in order to justify their belief that it is ethical, an annual study on global software piracy shows that the impact is great. The study estimates that, of the 615 million new business software applications installed worldwide during 1998, 231 million, or 38%, were pirated. They estimate that this resulted in an $11 billion loss to software companies.
We may be right to conclude that, there is a solid relationship between law and ethics, and this relationship is important in management. Managers must evaluate not only what is legal, but what they, their employees, and society consider ethical as well. It is necessary here to that companies must also consider what behaviors, attitudes and manners their customers will and will not accept.
The news is full of stories regarding the ethical issues with which companies are being confronted, such as the practices of Nike, as outlined above. No company wants to be forced to defend itself over ethical issues involving wages, the environment, working issues, or human relations. Managers play a vital role in a company’s legal and ethical performance. It is in part their responsibility to ensure that their employees are abiding by Federal, State, and Local laws, as well as any ethical codes established at the company. But most importantly, the managers must provide a positive example to their employees of proper behavior in light of laws and ethical codes.
Certainly, policies and procedures will never be developed to satisfy everyone, but the establishment of Codes of Ethics will at least provide a framework for ethical behavior, and allow customers to evaluate the type of company with whom they are doing business. With this knowledge, employees and customers must decide whether or not they are willing and able to conform to these Codes, as well as to the laws that have been enacted. Managers cannot simply limit their decisions to following the law. They must also consider the ethics of their employees and customers.
We have taken the pain to go through the above details to enable us to appreciate what and how ethics apply in other aspects of life. But in this study we are limited to the healthcare and non healthcare industries., focusing to their ethical standards in securing information.

THE STRATEGIC IMPORTANCE OF DISCLOSURE LAW AS A BASIC ETHICS IN HEALTHCARE INDUSTRY WITH SPECIFIC REFERENCE TO SECURING INFORMATION.
It must be agreed that the health sector is one delicate, and even complicated sector of a national life that requires utmost handling with care. It bothers on the life of the individuals, their health and well-beings, as well as even the animals in it. So, the management of it requires competence and very high standard of management level. Not only that, it is the sector that handles the human data as is concerned with documented records of health, ailment ailments, the treatment and handling of it. Both for the subjects and the animals.
So here the question of law and regulations to govern securing this information in the best interest of the stakeholders must inevitably be involved. What are the ethical rules governing security of these data and information, research and enquiries into them, while protecting the rights of all concerned is what we shall be exploring here.
According to Sage, W.M. (2000), Laws requiring health plans, hospitals, and physicians to disclose extensive information to their customers or the broader public have become extremely popular. The reason for this lies in politics, not policy: disclosure laws suggest a less intrusive role for government and greater reliance on individual choice and free markets than do other oversight mechanisms. This strikes a responsive chord in today’s anti-regulatory political climate. At a policy level, however, few health care disclosure laws have been carefully designed to achieve specific objectives.
An important manifestation of this process of regulatory diversification is the rising popularity of laws that require disclosure of information to patients and consumers. As Marshall, M.N., P.G. Shekelle, S. Leatherman, and R.H. Brook. (2000) explained, particularly in response to the growth of managed care, comprehensive information requirements have been added to enrollment oversight of insurance companies, HMOs, and ERISA plans; to regulation ensuring the quality and safety of hospitals and physicians; and to the law governing treatment decisions by patients.
The principal problem with current health care disclosure laws, however, is that they are scattershot, reflecting short-term political compromises or the equities of individual lawsuits rather than a coherent understanding of the purposes served by mandatory disclosure and the conditions necessary to achieve desired effects. So it is obvious that managing and securing business information is a whole lot of serious issues.
However, disclosure enthusiasts often point to the federal securities laws as a model, and suggest that Congress create for health care a regulatory agency similar to the Securities and Exchange Commission (SEC) or the Financial Accounting Standards Board (FASB). Indeed, securities regulation can shed light on the pros and cons of using information disclosure to guarantee accountability. But well-designed information requirements can serve therapeutic goals regarding openness, trust, and participation and can remind physicians and other health professionals of the tensions between their daily practice environment and their overarching ethical obligations.
The procedure is that government must work with health care providers to establish priorities for performance improvement, educate the public about social issues inherent in health care decisions, and refrain from allowing budgetary interests to intrude unduly on citizens’ rights to privacy and self-determination. These are some of the basic issues that must be put to mind in understanding the important role the health care sector is playing in securing and managing information.
There is also another dimension, the economic theory, which does not require every purchaser to be fully informed to yield overall efficiency. The SEC has had to accept the fact that the meaning of intricate corporate disclosure may elude unsophisticated recipients, especially as larger segments of the population purchase securities. It has become obvious that, the absence of a secondary market pricing mechanism in health care reduces the ability of a few sophisticated parties such as large employers or government purchasers to discipline the entire market (and those few have lesser incentives to achieve informational superiority.
In the words of Baird, D.G. Gertner R.H. and Picker R.C. (1994).
Still, overcoming the current degree of public ignorance is a weighty challenge for a disclosure regime. This is particularly true because the least educated users of health care often have the greatest health needs and are vulnerable both to risk-selection in insurance and to substandard provision of care¡¨.
The federal security laws establishing disclosure law, as pointed out by Sage, W.M. (1999), suggested four core reasons for its necessity, which are to:
• Facilitating market competition
• Monitoring agents and intermediaries
• Improving corporate governance
We have taken the time to explain what these disclosure law is as it is the basis upon which the job of a health care officer’s ability to comply to his ethical demands revolves. Again, it can serve varied and sophisticated purposes, but only if objectives are clearly articulated and laws carefully designed to achieve them. Dealing with the science of human and even veterinary without proper enabling regulatory laws will only lead to frustrations and conflicts. This is the foundation and understanding upon which this write-up will commence.
DIVERSITY IN ETHICAL STANDARD IN HEALTH CARE AND NON HEALTH CARE SECTORS.
Every sector in the health delivery field has governing ethics that regulates its operations. Be it optometry, anatomy, veterinary or the paramedic sectors. But the rule is basically the same. There are bodies that oversee and manage, as well as securing the interest, survival and maintenance of these ethical standards. In the same way, the non health care sector like the field of technology, law, business and commerce, sports, have their own ethical standards governing them.
Every one who operates in that field of life has a moral or compulsive obligation to play by the rule. Every such organized body is governed by sets of rules. It could be rules concerning finances, training, membership, qualification for certification, regulation of standards of practice. It could be as diverse as the scope of the organization is. The fact and reality to be noted here is that every member, and all those who desires to be responsibly associated with such a body must abide by the ethics of such profession in good conscience, and may even be willing to be sanctioned and disciplined when the need calls for it.
For example, lawyers believe that advertising their profession will have dire consequences. David, H. (2005). So it is expected that no lawyer will be so hungry for patronage as to put up an advert to improve his number of brief. That will be professionally wrong. There are instances where a violation of an ethical standard does not constitute a punishable offence, but will be a moral burden on such an individual. If it is agreed that lawyers must appear noble like a gentle cultured man, or even a deviant lawyer decide to go on publicity as to put up an advertisement in the papers or electronic media, there is no law that recommends prosecution. But his colleagues will look down on him, or at least view such actions with disdain.
On the other hand, a civil engineer who opts to carry out a shoddy job to a client may be free for a while. But if per adventure such a building collapses with time, he may be sought out and may face possible prosecution. However, the reality is that as the name is, ethical standards hardly have strong bite from the law enforcement agencies. The reason being that they are merely regulations and unwritten understandings.
On the other hand, most health sector fields are very strict in adherence and implementation of their ethics of practice. The reason is quite obvious. The health sector has very strong relationship with maintaining human life, human health, hygiene, animal life, environmental concern, etc. So laxity, negligence, deliberate omission and commission may lead to casualties and unintended sad consequences. So it could be conceded the ethics in the health care sector had a more stringent bite than the other counterpart. A doctor who violated his code of practice, or carries out action that is not inconformity with the rule of practice will stand the risk of being have his license withdrawn
In preface of his book, The Ethics of human resources, Budd, J.W. (2005), had this to say,
“In the business and economic spheres, many of the most pressing ethical issues involve the employment relationship, such as the rights of employees versus ER shareholders, employee privacy and monitoring, whistle blowing, pay equity, discrimination, employee safety, anti-union campaigns, and minimum labor standards. Since the field of human resources and industrial relations is ultimately about people and quality of life, there is a pressing need to develop applications of business ethics for the employment relationship in the context of research, practice, and teaching.”
In recent years, by following media coverage of many scandals of accounting and accountability, the public has gained a greater understanding of what can happen when businesses do not adhere to ethical practices. It is now time for the human resources and industrial relations communities to explore the application of ethics to the employment relationship and to discover the importance of treating employees, not just numbers, properly. This goes to show that the issue of observing ethics in profession is gradually taking a more serious dimension.
THE ISSUE OF CONSCENT.
The Privacy Rule establishes a federal requirement that most doctors, hospitals, or other health care providers obtain a patient’s written consent before using or disclosing the patient’s personal health information to carry out treatment, payment, or health care operations (TPO). (Sage 2000). Today, many health care providers, for professional or ethical reasons, routinely obtain a patient’s consent for disclosure of information to insurance companies or for other purposes. The Privacy Rule builds on these practices by establishing a uniform standard for certain health care providers to obtain their patients’ consent for uses and disclosures of health information about the patient to carry out TPO.
General Provisions.
• Patient consent is required before a covered health care provider that has a direct treatment relationship with the patient may use or disclose protected health information (PHI) for purposes of TPO. Exceptions to this standard are shown in the next bullet.
• Uses and disclosures for TPO may be permitted without prior consent in an emergency, when a provider is required by law to treat the individual, or when there are substantial communication barriers.
• Health care providers that have indirect treatment relationships with patients (such as laboratories that only interact with physicians and not patients), health plans, and health care clearinghouses may use and disclose PHI for purposes of TPO without obtaining a patient’s consent. The rule permits such entities to obtain consent, if they choose.
• If a patient refuses to consent to the use or disclosure of their PHI to carry out TPO, the health care provider may refuse to treat the patient.
• A patient’s written consent need only be obtained by a provider one time.
• The consent document may be brief and may be written in general terms. It must be written in plain language, inform the individual that information may be used and disclosed for TPO, state the patient’s rights to review the provider’s privacy notice, to request restrictions and to revoke consent, and be dated and signed by the individual (or his or her representative).
Individual Rights
• An individual may revoke consent in writing, except to the extent that the covered entity has taken action in reliance on the consent.
• An individual may request restrictions on uses or disclosures of health information for TPO. The covered entity need not agree to the restriction requested, but is bound by any restriction to which it agrees.
• An individual must be given a notice of the covered entity’s privacy practices and may review that notice prior to signing a consent.
Administrative Issues
• A covered entity must retain the signed consent for 6 years from the date it was last in effect. The Privacy Rule does not dictate the form in which these consents are to be retained by the covered entity.
• Certain integrated covered entities may obtain one joint consent for multiple entities.
• If a covered entity obtains consent and also receives an authorization to disclose PHI for TPO, the covered entity may disclose information only in accordance with the more restrictive document, unless the covered entity resolves the conflict with the individual.
• Transition provisions allow providers to rely on consents received prior to April 14, 2003 (the compliance date of the Privacy Rule for most covered entities), for uses and disclosures of health information obtained prior to that date. Source: McNamara (quoted above)
THE DIFFERENCE BETWEEN “CONCENT” AND “AUTHORIZATION” UNDER PRIVACY RULE.
A consent is a general document that gives health care providers, which have a direct treatment relationship with a patient, permission to use and disclose all PHI for TPO. It gives permission only to that provider, not to any other person. Health care providers may condition the provision of treatment on the individual providing this consent. One consent may cover all uses and disclosures for TPO by that provider, indefinitely.
A consent need not specify the particular information to be used or disclosed, nor the recipients of disclosed information. (Sage).
Only doctors or other health care providers with a direct treatment relationship with a patient are required to obtain consent. Generally, a “direct treatment provider” is one that treats a patient directly, rather than based on the orders of another provider, and/or provides health care services or test results directly to patients. Other health care providers, health plans, and health care clearinghouses may use or disclose information for TPO without consent, or may choose to obtain a consent.
An authorization is a more customized document that gives covered entities permission to use specified PHI for specified purposes, which are generally other than TPO, or to disclose PHI to a third party specified by the individual. Covered entities may not condition treatment or coverage on the individual providing an authorization. An authorization is more detailed and specific than a consent. It covers only the uses and disclosures and only the PHI stipulated in the authorization; it has an expiration date; and, in some cases, it also states the purpose for which the information may be used or disclosed.
An authorization is required for use and disclosure of PHI not otherwise allowed by the rule.
In general, this means an authorization is required for purposes that are not part of TPO and not described in § 164.510 (uses and disclosures that require an opportunity for the individual to agree or to object) or § 164.512 (uses and disclosures for which consent, authorization, or an opportunity to agree or to object is not required). Situations in which an authorization is required for TPO purposes are identified and discussed in the next question.
All covered entities, not just direct treatment providers, must obtain an authorization to use or disclose PHI for these purposes. For example, a covered entity would need an authorization from individuals to sell a patient mailing list, to disclose information to an employer for employment decisions, or to disclose information for eligibility for life insurance. A covered entity will never need to obtain both an individual’s consent and authorization for a single use or disclosure.
However, a provider may have to obtain consent and authorization from the same patient for different uses or disclosures. For example, an obstetrician may, under the consent obtained from the patient, send an appointment reminder to the patient, but would need authorization from the patient to send her name and address to a company marketing a diaper service.
UNDERSTANDING PRIVACY RULE IN MAINTAINING ETHICAL STANDARD IN SECURING INFORMATION IN THE HEALTHCARE SECTOR.
It is highly necessary to have a deeper understanding of what privacy rule entails as a basis for sustaining quality ethical standard especially for someone working in the healthcare sector. We shall take the lead from the background information released from the Office for Civil Rights, (.n.a.), The Privacy Rule became effective on April 14, 2001. The Privacy Rule provides the first comprehensive federal protection for the privacy of health information.
All segments of the health care industry have expressed their support for the objective of enhanced patient privacy in the health care system. At the same time, HHS and most parties agree that privacy protections must not interfere with a patient’s access to or the quality of health care delivery.
To have the background of this provision we shall make further clarification. By law, the Privacy Rule applies only to health plans, health care clearing houses, and certain health care providers. In today’s health care system, however, most health care providers and health plans do not carry out all of their health care activities and functions by themselves; they require assistance from a variety of contractors and other businesses.
In allowing providers and plans to give protected health information (PHI) to these “business associates,” the Privacy Rule conditions such disclosures on the provider or plan obtaining, typically by contract, satisfactory assurances that the business associate will use the information only for the purposes for which they were engaged by the covered entity, will safeguard the information from misuse, and will help the covered entity comply with the covered entity’s duties to provide individuals with access to health information about them and a history of certain disclosures, e.g., (If the business associate maintains the only copy of information, it must promise to cooperate with the covered entity to provide individuals access to information upon request). (Sage).
PHI may be disclosed to a business associate only to help the providers and plans carry out their health care functions – not for independent use by the business associate.
To comprehend the usefulness of this regulation to the health care officer as well as the individual in securing information in compliance to the ethical requirements, most health care providers must know that they are covered by the new rule therefore, must comply with the new requirements.
According to Sage, The Privacy Rule for the first time creates national standards to protect individuals’ medical records and other personal health information:
• It gives patients more control over their health information.
• It sets boundaries on the use and release of health records.
• It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information.
• It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients’ privacy rights.
• And it strikes a balance when public responsibility requires disclosure of some forms of data – for example, to protect public health.
For patients – it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used.
• It enables patients to find out how their information may be used and what disclosures of their information have been made.
• It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure.
• It gives patients the right to examine and obtain a copy of their own health records and request corrections.
The Office of Civil Rights gave further insights into the details:
General Provisions
• Patient consent is required before a covered health care provider that has a direct treatment relationship with the patient may use or disclose protected health information (PHI) for purposes of TPO. Exceptions to this standard are shown in the next bullet.
• Uses and disclosures for TPO may be permitted without prior consent in an emergency, when a provider is required by law to treat the individual, or when there are substantial communication barriers.
• Health care providers that have indirect treatment relationships with patients (such as laboratories that only interact with physicians and not patients), health plans, and health care clearinghouses may use and disclose PHI for purposes of TPO without obtaining a patient’s consent. The rule permits such entities to obtain consent, if they choose.
• If a patient refuses to consent to the use or disclosure of their PHI to carry out TPO, the health care provider may refuse to treat the patient.
• A patient’s written consent need only be obtained by a provider one time.
• The consent document may be brief and may be written in general terms. It must be written in plain language, inform the individual that information may be used and disclosed for TPO, state the patient’s rights to review the provider’s privacy notice, to request restrictions and to revoke consent, and be dated and signed by the individual (or his or her representative).
Individual Rights
• An individual may revoke consent in writing, except to the extent that the covered entity has taken action in reliance on the consent.
• An individual may request restrictions on uses or disclosures of health information for TPO. The covered entity need not agree to the restriction requested, but is bound by any restriction to which it agrees.
• An individual must be given a notice of the covered entity’s privacy practices and may review that notice prior to signing a consent.
Administrative Issues
• A covered entity must retain the signed consent for 6 years from the date it was last in effect. The Privacy Rule does not dictate the form in which these consents are to be retained by the covered entity.
• Certain integrated covered entities may obtain one joint consent for multiple entities.
• If a covered entity obtains consent and also receives an authorization to disclose PHI for TPO, the covered entity may disclose information only in accordance with the more restrictive document, unless the covered entity resolves the conflict with the individual.
• Transition provisions allow providers to rely on consents received prior to April 14, 2003 (the compliance date of the Privacy Rule for most covered entities), for uses and disclosures of health information obtained prior to that date.
Some people had also asked if consent requirements restricts the ability of providers to consult with other providers about a patients a patient’s condition? Such consent is not necessary, because, as the office explained, a provider with a direct treatment relationship with a patient would have to have initially obtained consent to use that patient’s health information for treatment purposes.
Consulting with another health care provider about the patient’s case falls within the definition of “treatment” and, therefore, is permissible. If the provider being consulted does not otherwise have a direct treatment relationship with the patient, that provider does not need to obtain the patient’s consent to engage in the consultation.
COMPARISMS BETWEEN THE ETHICS IN SECURING INFORMATION IN HEALTH CARE SECTOR AND BUSINESS, COMMERCIAL, AND TECHNOLOGICAL INDUSTRIES.
In comparison to the two sides, both have the same tenets. It is almost the same tenets of dos and don’ts. The virtues they connote are virtually the same. They carry the same message, import, and same moral burden.
Both have the same objectives. For example, the American Society for Quality Code of Ethics, as cited their journal QSO,(1993), has this very words, “To uphold and advance the honor and dignity of the profession and keeping with high standard of ethical conduct”. It laid great emphasis on honesty, integrity, impartiality, aid work for the society, use skills to advance human welfare.
It also emphasizes on laying good foundation and maintaining sound relationship with the public. Having good relationship with employers, clients, and not divulging secrets and things told in confidence by clients and former employee without their consent. The same concept goes for Ethics for Industrial Technology. In the analysis of Helsel, D.L. (2004). The same issues affects almost the same sets of profession and so the same line of thought applies to many of them. If you look at it, In line with the need to divulge secrets told to you in confidence by a client, same way a medical doctor must not reveal the details of ailments and predicaments narrated to him by a patient
All of them have to conform to same ethics of professionalism, only in the health sector, the checks and stakes are higher. But the same mode of trustworthiness, confidentiality, accountability, show and display of goodwill, and social obligation can be noticed. They both had to struggle through the same level of dilemma to either keep up with the so called ethics preached or betray it. Most ethical conducts and work regulations are better preached than practiced.
In what Roger, B. (2006) called corrupting health, he observed that
This is a problem not just in poor countries but all over the world. Roy Poses, a medical professor from Brown University, described conflicts of interest, ethical concerns and occasional fraud that exists in the healthcare sector had made stringent monitoring of ethical standard to be somewhat relaxed. Where punishment is expected to be applied, a compromise will be tolerated.
In contrast, it can be proved that adherence to the ethics in non medical profession- be it commerce, especially business, is mainly built upon self interest.
CONTRAST BETWEEN THE HEALTHCARE AND THE NON HEALTHCARE SECTOR.
As far as securing business information is concerned, the healthcare sector is far more standardized. The reason being the essential nature of the type of services they give. It mode of operation is seriously guided by rules, well documented codes and ethics, oaths that binds the person to compulsively abide by the tenets, it has enactments and the regulation is more or less a law clearly known to every staff and personnel. Almost in all cases, such rules are universal.
All over the world, it is known that it is unethical for medical doctors to reveal secrets of their patient’s ailments to others by way of gossiping. Veterinary medicine practitioners’ code of conduct is almost the same anywhere in the world. Ethics and standard in non health fields does not enjoy such universality.
The healthcare sector commands vital aspect of the national and human life that has to do with management of human life, health concerns, well-being, drug administration, animal health administration and management regulations, even the control of chemical products and the human use of it are under healthcare, so it requires the serious regulations and legal surveillance that governs the security of information.
The non healthcare sector obviously does not command such importance, so there is laxity in their governing ethics. It had no set standard of administration, except in few strategic core professional bodies who are highly concerned with high standard.
The criteria for qualification differs before certification can be awarded. Entrance into the non health field as a practitioner is open to all. (Except in some field like architecture, or other sectors that may involve risks to human or national safety). That is probably the reason why there is not much standard set in securing information. For example, becoming a business person is open to all. Even in most sectors that requires government certification or permission to qualify to participate, there is no serious attachment to observance of any set rule.
A motor driver has no ethical rule that may warrant anyone watching over him to adhere to. When he commits ethical offence, anyone looking may frown, but so long as he has not offended any state law, he can go his way without blinking. The healthcare field is clearly not so.
Though, it depends on the governments of the country and its pattern of administration, but in the healthcare sector, admission is not easy. To qualify as a pharmacist, veterinary doctor, nurse, etc, takes time and rigorous training, so they knows the strategic and delicate importance they occupy. This seemingly natural high standard of the profession makes them to take the ethics of the profession serious and to hold it sacred. Therefore ethical standard in securing information is not easily compromises. The moral stake of violating such ethical standards are quite high, and so the usually abide faithfully to them.
The ethics in other profession is not as sacred as that. It regulations may be there, but members of such profession does not see themselves bound to it. Their commitment to adhering has no checks from authorities as such. For example, who cares if a businessman decides to cheat a customer? Who cares if a trader is selling goods and articles that are cheap for a higher price to an unsuspecting customer? But a pharmacist who knowingly sells expired drug to any person has violated a regulation, and as such committed an offence.
On the other hand, the commercial, technological, mechanical, field mode of securing business information is organizes only if the regulatory body is organized. Mainly, it is based on understanding between the persons involved, the individual nature of the characters involved in the dealings.
Agreed, most governments had put some laws in place to guide every aspect of life and business, but what we are saying here is the observance, applicability, enforceability, popularity of such ethics. In most fields or profession, they had non, no clear leadership in the administration, for example, is there any ethical regulation governing those engineers repairing vehicles? Is there any known enforceable rules governing ethics in hotel services. We are not talking about government legal document, but ethical questions that may make a hotelier not to give away information regarding their lodgers to strangers.
Ethics in securing business information in non health care sectors are determined by interest, profit, goodwill and other such considerations of goodness. It is not a matter of compulsion as exists in the health profession. A business man is not bound to tell the truth when he is negotiating a deal with a client. When he is bargaining prices he can tell lies to convince his customers. A bank staff knows what is ethical, but may decide to flout it without any pinch of conscience. But a medical doctor cannot knowingly tell lies in a bid to deceive his patients? It is not done.
The healthcare sector is specialized, well structured in organization and so is relatively less broad. It is not a wide field per se. It is exhaustive, meaning that one can even name all the sector comprising the fields. On the other hand, the non health industries are quite limitless. It is very large and innumerable. It is quite easier to set a stringent ethical code in securing information for, say, all persons involved in veterinary medicine, pharmacists, traditional and orthodox medicine practitioners, all those involved in every paramedical fields. They are all known and organizing then to take a unified approach to obeying any code of conduct or ethics may not be difficult as such.
But look at the task of organizing everybody involved in a particular aspect of small scale industries in a country? Yes! The organization may be there, the body that oversees that organization may be existing, but the reality is that by virtue of the sheer size of members and actual number of people involved in that aspect of business, control is most difficult, almost impossible. The best they can get is a feeble control, and impunity in disregard of such governing rules. The non medical sector are too many for any government to be bothered about details of ethics, or any regulatory body to do anything meaningful.
SECURING DATA INFORMATION FROM ABUSE.
Part of the ethical issues in securing business information in the non healthcare industries as well as the healthcare industries is the problem of protecting against viruses, hacking and fraud. Most of the information security concerns since the fast development of information technology has to do with protecting oneself and vital information from people who break into websites, spam and send virus deliberately to destroy stored information.
This development is serious that many have devised many ways to protect themselves, but most organizations still suffer loss of information as a result of this unethical practice. A simple virus sent to your box unsolicited can crash your entire computer system, or even the destruction of your mail box and every information stored in it.
We shall talk about why it’s important to protect your business against viruses, trojans, worms, email fraud and SPAM.
Described security measures such as anti-virus software, firewalls, email policies, password usage and data backup.
This is the advice that Morejon, M. (July 2006) gave, as well as his candid analysis of the situation. Instead, standards mainly focus on enforcing confidentiality. They provide general guidelines for companies to concentrate on access control issues, application configurations and code vulnerabilities.
Code reviews, which are usually performed by program team leaders and project managers manually, don’t take into account system-wide malicious code that can be introduced by in-house developers. And to put it bluntly, code written at the unit level is free to do whatever programmers want it to do.
For instance, there currently are no step-by-step code search procedures and guidelines to help managers identify backdoors. These vulnerabilities are found only when theft becomes too obvious or by chance during auditors’ code reviews.
Simple social engineering techniques used by in-house programmers are the dirty secret in the application security space, and everyone seems to be sleeping on it. Even the strictest security policies that can be implemented today don’t address this issue directly.
The root of the problem stems from the lack of substantive connection between application design and code. Even if code is thoroughly reviewed–during test phases or when applications are placed in maintenance cycles–there are no methodologies to help managers identify flaws.
This security vacuum can be fortuitous for solution providers looking to improve their application security solutions. Since there are no concrete testing methodologies that can prevent nefarious code from being introduced into production systems, solution providers can offer expert reviews during application testing. They also can build simple parsing tools and spider search techniques to look for telltale signs of wrongdoing.
That, at least, could be an initial step in helping many businesses tackle a largely overlooked security problem.

Why Data Security is Important.
As contained in Software use…(cited above), data security will be crucial to your business if you:
• store financial information such as accounts and tax details
• have a customer database
• record business information and contact details
• keep employee information such as payroll and personnel files
• communicate via email access the internet.
There are a variety of risks associated with storing information – especially on a computer, which can have a potentially damaging impact on your business. A loss of data whether through human error, fire, theft or other events will require additional effort in collecting and reproducing the information.
It can also have more serious consequences. Your sales, distribution and the reputation of your business could be directly affected. Projects in progress, such as new product designs, could be delayed as the work has to be redone. Losing data in a customer database means you can lose potential sales, and therefore revenue.
A computer virus can also damage your ability to do business as documents stored on computers may be affected and become unusable.
Risk assessment
Carrying out a risk assessment will identify what risks your business faces and what would happen if you lost valuable data or your systems failed.
You need to identify potential hazards to your data and systems. This includes looking at (Software):
• physical threats, e.g. an office fire, power cuts, malicious damage, theft
• human error, e.g. input error, mistaken processing of data, careless disposal of data
• threats from corporate espionage and malicious damage
You can then consider how you currently secure data and information systems and identify areas where you are vulnerable. Consider:
• who has access to what information
• who uses the internet, emails, data and how they do so
• whether access is restricted to those who need data for their work
• whether passwords are used and how they are kept
• what anti-virus software and firewalls you have in place to protect systems
• your level of staff training.
Once this is done, you can prioritize the data and systems most critical to your business and decide which require additional security safeguards.
It’s worthwhile drawing up a business continuity procedure so that your employees are able to continue working should the systems fail. You should review your risks and security safeguards regularly to allow for changes in your business’ circumstances or working methods.
Securing your data.
Losing a piece of computer equipment means losing the information stored on it. The best protection from information theft or misuse is a combination of informed staff, physical security and technical measures.
Introduce clear policies on computer access, security and control and communicate them to your staff.
Physical and technical safeguards include (Software)
• protect your premises with alarm systems or security guards
• don’t keep computers in public view
• restrict access to those needing it for business purposes
• ensure you have up-to-date anti-virus software
• use encryption for sensitive data
• use anti-hacking software
• protect your network from hackers with a firewall
• install an uninterruptible power supply.
Mobile computers.
As recommended in the same document, if your employees work off-site or travel they may use laptops or hand-held computers. Others may work on a computer at home. Computers used for business should be subject to the same security measures that you have adopted in the office. Regularly remind staff working outside of the office of your policies.
Mobile computers are at greater risk of loss through theft or damage than desktop computers. To avoid losing important data, users of mobile computers should:
• regularly back up information onto separate disks
• activate password protection
• keep them secure – don’t leave them visible e.g. in a car
• protect them from damage – transport them in padded cases
Home computers.
If workers use home computers to handle business data you must consider:
• who else has access to the computer – such as family members
• what other programs the computer runs – such as games that might corrupt data
• whether the home computer is physically secure
• whether it has virus protection
• whether the information is backed up
• if you can be sure that any relevant business data will be deleted from the computer if an employee leaves.
Particular care should be taken if you’re working with sensitive data. In this case, you should consider lending the employee a separate laptop, protected with anti-virus software.
Disaster recovery and back-ups.
The extensive use of computer systems makes business operations vulnerable to major problems ranging from the accidental loss of data to deliberate sabotage. Storage systems, whether computer or paper-based, can be at risk of theft or physical damage through a fire or flood.
If computer systems are out of action due to any of these reasons, you may face problems in paying staff, complying with data protection law, taking customer orders, or having deliveries cancelled because you have not paid your suppliers.
Back-ups allow you to continue trading even if data has been lost. You will need to make copies of important data so that you can access it in the event of a loss.
Best practice for backing-up data includes:
• giving one person the main responsibility for backing-up, and designating a second to cover for absence
• using a different disk to back-up each day of the week and have a schedule for rotating the disks
• keeping back-ups off-site, away from the main business premises such as in a bank box
• securing the back-ups.
You should consider training your staff in business continuity methods and having policies on IT and data security.
Data security policies.
The document further advised that, it’s a good idea to develop policies that take account of common risks to your data. This will allow staff to understand and adopt appropriate security measures and help create a security conscious culture. These policies do not need to be complicated but should provide a reference point for all staff.
An IT security policy should cover both external threats such as viruses and internal threats such as the theft of data.
Your policy might include:
• secure login identification for using IT systems
• logical access controls – limiting access to information and restricting access to the level needed for each job
• confidentiality rules for customer and business information
• plans for business continuity management
You also need a clear policy on what you consider to be acceptable staff use of the Internet and email as these are usually the means by which viruses get into systems.
In the views of Alberts, C. & Dorofee, A, (d. n.a.)
Many people seem to be looking for a silver bullet when it comes to information security. They often hope that buying the latest tool or piece of technology will solve their problems. Few organizations stop to evaluate what they are actually trying to protect (and why) from an organizational perspective before selecting solutions. In our work in the field of information security, we have found that security issues tend to be complex and are rarely solved simply by applying a piece of technology.
Most security issues are firmly rooted in one or more organizational and business issues. Before implementing security solutions, you should consider characterizing the true nature of the underlying problems by evaluating your security needs and risks in the context of your business.
Considering the varieties and limitations of current security evaluation methods, it is easy to become confused when trying to select an appropriate method for evaluating your information security risks. Most of the current methods are “bottom-up”: they start with the computing infrastructure and focus on the technological vulnerabilities without considering the risks to the organization’s mission and business objectives. A better alternative is to look at the organization itself and identify what needs to be protected, determine why it is at risk, and develop solutions requiring both technology- and practice-based solutions.
A comprehensive information security risk evaluation approach
• Incorporates assets, threats, and vulnerabilities
• Enables decision makers to develop relative priorities based on what is important to the organization
• Incorporates organizational issues related to how people use the computing infrastructure to meet the business objectives of the organization
• Incorporates technological issues related to the configuration of the computing infrastructure
• Should be a flexible method that can be uniquely tailored to each organization.
One way to create a context-sensitive evaluation approach is to define a basic set of requirements for the evaluation and then develop a series, or family, of methods that meet those requirements. Each method within the approach could be targeted to a unique operational environment or situation. We conceived the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVESM) project to define a systematic, organization wide approach to evaluating information security risks comprising multiple methods consistent with the approach. (Albert). We also designed the approach to be self-directed, enabling people to learn about security issues and improve their organization’s security posture without unnecessary reliance on outside experts and vendors.
An evaluation by itself only provides a direction for an organization’s information security activities. Meaningful improvement will not occur unless the organization follows through by implementing the results of the evaluation and managing its information security risks. OCTAVE is an important first step in approaching information security risk management.
This is what John Olsten observed recently in a conversation, (March 27, 2007). Healthcare organizations can offer their patients an unprecedented array of treatment options, with more being developed all the time. Electronic communication is one of the many advancements that make healthcare delivery even better. But with that advance comes the added challenge of protecting patient privacy and ensuring that messages bearing patient information are not misdirected or misused.
DIFFICULTIES IN THE MANAGEMENT OF SECURING BUSINESS INFORMATION IN BOTH HEALTHCARE AND NON HEALTHCARE INDUSTRIES.
1. There are too many schools of thought, theorists, ideologists, philosophers and thinkers who have divergent ideas, views and opinion regarding interpreting what practically constitutes an ethics that must be enforced, or held against the moral, right or otherwise of any person. Ethical ideologists have confusing opinions most of the times, and such problems can actually undermine ethical practices. For example, economic ethical theorists believe it is the right of every citizen of a country to access health and medical opportunities, irrespective of his financial status.
What then happens in a place where health information and services are completely commercialized? Do you have the ethical obligation to stop someone who may be indulging in a habit that gives him pleasure and satisfaction, when such actions have serious health implications? When will it amount to interference to stop a smoker who may have health problem from such indulgence, can you stop an alcoholic or gluttonous fellow who may ruin his health by such actions? He has a right to eat whatever he like whether it might give cancer or damage his kidney. What moral or ethical right do you have to stop a seriously sick fellow who refuses to take medication, or a permanently sick person who may decide to kill himself to escape from the pain and agony? These are some problems encountered by those in the field practicing.
2. Also, the overlapping in the concepts, interpretations and definitions of what ethics are and its closeness with what constitutes a law had not helped matters. In one profession, an action which is ethically right may not be an offence in law. In many cases, there is no clear demarcation as to what is ethically wrong and what legally non offensive is. These interpretative conflicts had posed problems many times. What is acceptable in one place, sector, nation, among a people, a group of people may be unacceptable elsewhere. Even within the same profession in different nations. The difference in the values in many cultures and environments makes different standards to exist. This is not good at all.
3. Securing ethical information may said to have attained a higher level in the healthcare industries, but much still need to be done. The standard is higher in the medical field, but the health sector is beyond the field of medicine. You have those in traditional healthcare sector, who may not know anything about regulations of securing information. They may be ignorant of lots of professional ethics, and do things in a substandard manner. Same goes with those involved in the management of animal health. There may be total lack of coherence on the existence of ethical rules there. It is in recent times when we begin to witness the activities of animal right activists that it occurred to us that most of the things we took for granted can mean a cruelty to animal, and so ethically wrong.
4. In many non healthcare sectors there is complete lack of regulation or existence of any type of administrative control. There is no existing document itemizing what constitute ethics to be adhered to. In such a case, expecting ethical standard in securing information will be very difficult to determine. The reason for this is because of its size. Since entrance is an all comers affairs, control will be most difficult to achieve. However, we shall admit that most non healthcare fields are not important enough for anybody to bother about what anyone does with information emanating from or transferring to anyone. People do not care much about ethical standards in some professions, probably because it is considered unimportant.
5. There are so much conflicts and limitations in the actual practice of observing some level of ethical standards in securing information in some aspect. For example, can a doctor report a HIV/AIDS positive patient who is deliberately having unprotected sex with unsuspecting partners? At what age can a child right to have privacy to his health record come to bear. How do you stop her parents from having access to his health records? If it is ethically wrong for a law enforcement agent to arrest a diplomat, what happens when a diplomat appears in a crowd drunk with a loaded gun?
The point being made is there are difficulties in determining the boundaries, and limitations in certain ethical provisions. There is a problem of where to draw lines between unavoidable limitations to privacy rules. For example, privacy rule is not intended to prohibit providers from talking to each other and to their patients. Provisions of this rule requiring covered entities to implement reasonable safeguards that reflect their particular circumstances and exempting treatment disclosures from certain requirements are intended to ensure that providers’ primary consideration is the appropriate treatment of their patients. We also understand that overheard communications are unavoidable. For example, in a busy emergency room, it may be necessary for providers to speak loudly in order to ensure appropriate treatment.
The Privacy Rule is not intended to prevent this appropriate behavior. We would consider the following practices to be permissible, if reasonable precautions are taken to minimize the chance of inadvertent disclosures to others who may be nearby (such as using lowered voices, talking apart) (Sage):
• Health care staff may orally coordinate services at hospital nursing stations.
• Nurses or other health care professionals may discuss a patient’s condition over the phone with the patient, a provider, or a family member.
• A health care professional may discuss lab test results with a patient or other provider in a joint treatment area.
• Health care professionals may discuss a patient’s condition during training rounds in an academic or training institution.
We will propose regulatory language to reinforce and clarify that these and similar oral communications (such as calling out patient names in a waiting room) are permissible.
Same way, business men who may be discussing some classified information may not know someone is across the other office eaves dropping on his conversations. Nothing forces him to block his ears, and so he will be privy to privileged secret information.
Some unintended reactions and actions may come up to produce actions that may be tagged betrayal of code of ethics, whereas, it is unintended. For example, some crocked businessmen may be out to bug or tape information from their arch competitors, by using sophisticated electronic devices. But the healthcare field does not often experience such desperate violation of privacy rules. It is not common to see health workers using strictly prohibited private rooms for consultations, sound proof rooms, encryption of wireless, information intercept able radio communication using scanners, or taping telephone line. But in business, such devious tendencies are part of the game in places where real competition exist.
RECOMMENDATIONS.
Sustaining quality ethical standards of securing business information both in healthcare and non health care industries deserves every seriousness it can receive from all concerned. It is sad that it is only in the medical, pharmaceutical, and a few other sectors that this aspect of administration is taken vary serious. This paper had praised the healthcare sector because of the serious manner it had held the concept of ethical standard in securing information. It has gone far in terms of regulation, legislation and to a reasonable extent administration.
We recommend that the same seriousness and care be extended to every aspect of the healthcare sector. Especially the traditional healthcare and other paramedical sector which in many nations are not well organized at the moment. They need to be well acquainted with major issues in managing privacy and security of healthcare information used to mine data. They need to know how to review their fundamentals, components and principles as well as relevant laws and regulations. There are so many technicality issues in privacy assurance and they need to learn that. The task of avoiding pitfalls in data mining of individually identifiable information may require some knowledge, and they need to know this.
The above recommendation should be extended to every of the healthcare sector. As enunciated by There is every need to update their awareness as ethics in information security, privacy appliance issues, integrity, confidentiality and human subject protection are ever evolving. They need refreshing updated information at intervals.
We totally support the call made by Roberto, J. R. when he observed that,
There are many inadequacies concerning national and international controls and legislation, especially regarding the issue of jurisdiction; and urgent need for an internationally accepted policy framework that addresses basic rights and responsibilities of users and providers. Freedom of access to information and expression and the protection of users’ data security and privacy are especially critical topics. Decisions and initiatives related to cyberspace law and ethics issues in health and healthcare must necessarily involve experts from a variety of knowledge domains involving civil and criminal law, medical ethics (bioethics), computing ethics, medical computing, and legal medicine.
Given the sensitive nature of health care information, and the high degree of dependence of health professionals on reliable records, the issues of integrity, security, privacy, and confidentiality are of particular significance and must be clearly and effectively addressed by health and health-related organizations and professionals. Two factors make the matter a subject of preeminent significance: the intrinsically sensitive nature of patient data; and the growing use of network computing, particularly the Internet, for healthcare information processing. The growth of off-site processing and storage of electronic health records by application services providers (ASPs) adds a new dimension to those issues.
In addition, it is important for there to be a universal harmonization of every conflict that may arise by way of interpreting the very tenets of ethics. Legal and ethical meaning must be harmonized. There need not be different standards. Let there be an evolvement of documents that will spell out every ethical provision in a documented format. It may be backed up by legislation. Such a document will rise above every cultural or moral values and acceptance of ethical practices that are bad by some group of people. An ethical standard in securing information in Asia should be same in Africa as well as in Europe. This will go a long way to make things better, especially in securing business information.
Efforts should be made to impose some good measure of enforcement in observance of ethical standards in non health industries. At the moment, in a good number of sectors, it is either non existence, haphazardly organized, or better still known for courtesy sake and never observed. This is not good. A lot of profession in areas like those involve in sensitive business like arm deals, weapon sales, dangerous chemical manufacturing and sales, to mention but a few, are supposed to have a very strong process of legislated ethical culture that will moderate their activities. We recommend the immediate establishment of such body or regulations now. Not only that, it has been observed that only a few sectors in the non health industries have articulated ethical standards, and we recommend that all other sector should do same without further delay. What makes an industry thick is the rules that governs it. Any establishment that does not regard legislation in information securities may not go far successfully.
There is also some new developments in the area of electronic transactions which involve important regulatory and legal issues not yet fully addressed. Vigilance in the maintenance of legal and ethical standards in the advertising, promotion, and sale of medical products through the Internet is required. Those standards include: approval of products, devices, and drugs by regulatory agencies at the site where the purchaser resides; the determination where the transaction occurred – in the purchaser’s or the vendor’s jurisdiction; and which courts and law will govern any disputes.
Angelus, T. (2004) certainly have terms harmonization in mind when he suggested that, “We need to make explicit the ethical criteria of what constitutes harm and benefits, advantages and disadvantages, otherwise there is a great danger that we will be talking cross-purposes”. Such comment and observation is highly agreeable.
Finally, it is important to make every ethical documents legislating securing information to be more simple to understand. Most of the documents where it exists are so complex that it takes another level of intelligence to understand. It is a rule that should be obeyed, and it must be written in simple terms for anyone who desires to be able to read without much hassles. If this is done, it will go a long way to wipe off ignorance that exists presently. Such documents should be made publicly available to the general public for common good of mankind.
CONCLUSION.
With the continued advancement in knowledge, especially the information technology and the inroad it had made in the areas of healthcare services, the worlds had been experiencing new definitions in ethical frontiers. With electronic based internet diagnosis of a patient by a doctor in a different country and location, ethical information management boundaries are being broken and new ones are erected on constant basis,
We encourage both the healthcare sector and the non healthcare counterpart to advance and develop along too. The non healthcare industries should make effort to take the issue of ethics in securing business information very serious by immediately putting in motion all networks to set up every legal, or legislative mechanism that will both unify and create awareness and the need to get acquainted and abide by every such ethical standard. This is compulsory for every trade unions, professional bodies. Those who have not done this should take a cue from those who had.
There is every hope that things will improve. There are prospects of more beneficial advancement in observance of every such necessary ethics, as well as harmonizing and universalizing them so that the world will begin to experience some form of uniform compliance, and not set one level of standard in one area and another in other place

REFERENCE.
1. Agelus, T. (2004) Ethics and Priorities in Health Care . The Hungerian Perspective. (Article published in www.unituebingen.de/medizinethics/ethik/priorities/HU.PDF
2.Anstead M.S. (1999). Law Versus Ethics in Management. Maryland: Human Resource and Technology organization.
3. AMA, (1994) Principles of Medical Ethics; American Medical Association; Online, Available at http://www.ama-assn.org/aps/abtheama.htm#ethics;
4. Bird, D.G., R.H. Gertne, R, and R.C. Picker, R.C.(1994). Game Theory and the Law. Cambridge, Mass.: Harvard University Press.
5 Budd, J.W. (2005). The Ethics of Human Resources and Industrial Relation. ILR Press ISBN-13: 978-0913447901
6. David, H, (2005), Another Ridiculous Anti- Advertizing Case in Florida. Chicago. University of Chicago Press.
7. Don’t Do It, (1998) Nike Labour Abuses In S.E. Asia; Online; Available at http://www.gla.ac.uk/Acad/FacSoc/mres/www98/king/nike.htm;
Dhillion, J.B. (2002) Communication of the ACM, Technical Option: Information System Security Management in the New Millenium. Vol.43. Issues 7 pp 125-128 ISSN:0001-0782. NY: ACM Press.
8. Ethics: An Overview; Legal Information Institute; (1999) Online; Available at http://www.law.cornell.edu/topics/ethics.html;
9. Helsel, D.J. (2004) Journal of Industrial Technology. Vol. 20. N. 4. September-November.
10 Hsinchun, C., Sherrilynne S. F., Friedman C., and Hersh W,. (2005) Managing Information Security and Privacy in Healthcare Data Mining. US. Springer Publishers (Intro)
11. Jet Propulsion Laboratory Ethics Program; Online; Available at http://www.jpl.nasa.gov/JPL/ethics/ethictxt.htm; Last Update June 11, 1999
12. Marshall, M.N., P.G. Shekelle, S. Leatherman, and R.H. Brook. 2000. The Public Release of Performance Data: What Do We Expect to Gain? A Review of the Evidence. Journal of the American Medical Association 283(14):1866¡V74.
13. McNamara, Carter; Complete Guide to Ethics Management; Online; Available at http://www.mapnp.org/library/ethics/ethxgde.htm; 1999.
Morejon, M. (July 2006) Tech analysis: securing information from insiders. CRN 21 July 2006 10:04 AEST Security
14. Office for Civil Rights (n.a.) http://www.hhs.gov/ocr/hipaa/finalmaster.html
15. Relation of Law And Ethics; American Medical Association; Online; Available at http://ddonline.gsm.com/demo/consult/etlawama.htm; 1999.
16. Roberto, J.R. (2000). Ethical and Legal Issues in Interactive Health Communications: A call for International Cooperation. Journal of Medical Internet Research. Vol. 2. No.2.
17 Worldwide Business Software Piracy Losses Estimated At Nearly $11 Billion In 1998; Software & Information Industry Association; Online; Available at http://www.siia.net/news/releases/piracy/ipr98.htm; May 25, 1999.
18. Sage, W.M. (2000). Accountability through information: What the Health Industry can Learn from Security Regulation. Milbank Memorial Fund. (Unpublished manuscript. p2.
19. Sage, W.M. 1999a. Regulating through Information: Disclosure Laws and
American Health Care. Columbia Law Review99(7):1701¡V829.
20 Software Use and the Law; Software & Information Industry Association; Online; Available at http://www.spa.org/piracy/programs/sftuse.htm; 1999.
21. United States Office of Government Ethics (pamphlet); Online; (199). Available at http://www.usoge.gov/pubs/govethic.pdf; 1999.
21. http://www.business.vic.gov.au/BUSVIC/STANDARD/1001/PC_50333.html
22.http://journals.cambridge.org/action/displayAbstract;jsessionid=F30E8C06F46A03EAAC944E185789E25A.tomcat1?fromPage=online&aid=527976