Information Sensitivity and Protection Policies of Different Organizations Essay Sample

Information Sensitivity and Protection Policies of Different Organizations Pages Download
Pages: Word count: Rewriting Possibility: % ()

            The information generated by organizations always has certain levels of confidentiality depending on the risk and dangers involved upon disclosure of the data. It is therefore appropriate that information security policies are implemented within the organizations. Beth Israel Deaconess Medical Center (BIDMC), Mayo Foundation and Georgetown University Medical Centers have employed such security policies.

            The BIDMC policy encompasses all data available in their technology resources. Information on this organization is mainly for research and related literature that can help further the development of projects and professionalism of its employees. Security is tight concerning outsiders who are not part of the organization. However, within the BIDMC, information is almost available to everyone. This can be perceived with their no expectation to privacy policy wherein the employees should not assume that the information they upload into the system is private rather, the uploaded information can be available to everyone (BIMDC Policy).

            On the other hand, the Mayo Foundation policy involves not only information for research in general but also patients’ information. The foundation is strict in implementation of the policies involving the medical records of patients. Violations are strictly reprimanded by termination of employment and criminal persecution (Mayo Policy). Unlike the BIDMC policy, the foundation’s policy is very specific and meticulous. Even outgoing and incoming emails and viewed websites by the employees are monitored by the office in charge of information security (Mayo Policy).

            Meanwhile, the Georgetown Policy precisely comprises health information of patients. It does not include any research literature as the Mayo and BIDMC policies. The policy only limits the information protected to patients’ medical and other related data (Georgetown Policy). It also focuses on not only electronic but also other forms of information storage and transport such as oral and written forms. Because of this, the records are very confidential and not easily accessible to everyone. Levels of access are maintained and limited people can only view the information. Even this limited people need to acquire permits from the management before they avail of the information.

            All the organizations protect information that is vital to the transactions done by each. Therefore, protection and security are very significant. Nevertheless, each organization has a different set of information, which they protect. For example, BIDMC protects all sorts of information from general information to medical records that can be of help academically to its employees. Mayo on the other hand, protects patients’ information for use in transactions requiring medical benefits of the patients involved. Whereas, Georgetown only protects medical information of patients that are admitted to the medical center or are part of research projects of the medical center.

            In the three policies, however, emphasis is given on the unsafe characteristics of e-mail. Each organization discourages the use of email for information dissemination especially of very confidential information. In the BIDMC and Mayo policies where information storage facilities are mostly electronic, management recognizes the need for passwords that are not prone to hacking. Nonetheless, the BIDMC policy prohibits the use of encryption within the system in line with their no expectation of privacy policy while Mayo foundation encourages encryption. Georgetown policy is significantly different from the two policies since it particularly handles medical records. These medical records are only accessible if the persons asking for permission are involved in the treatment of patients. Another difference between the three policies is the bestowal of responsibility for the protection of information. BIDMC only has a chief information officer; Mayo has a group of people collectively known as the Foundation Information Security Subcommittee while Georgetown only has a Privacy Official responsible for the transport and security of information from the organization.


Beth Israel Deaconess Medical Center. (2007). Beth Israel Deaconess Medical Technology Resources Policy.Retrieved May 11, 2008, from

Georgetown University Medical Center. (2003, April 12). Georgetown University Protection of Health Information Policies and Procedures Manual. Retrieved May 11, 2008, from and

Mayo Foundation. (2002, September 9). Mayo Foundation Information Security Policies and Standards. Retrieved May 11, 2008, from

Search For The related topics

  • policy
  • protection
  • Olivia from Bla Bla Writing

    Hi there, would you like to get such a paper? How about receiving a customized one? Check it out

    Haven't found the Essay You Want?
    For Only $13.90/page