The information generated by organizations always has certain levels of confidentiality depending on the risk and dangers involved upon disclosure of the data. It is therefore appropriate that information security policies are implemented within the organizations. Beth Israel Deaconess Medical Center (BIDMC), Mayo Foundation and Georgetown University Medical Centers have employed such security policies.
On the other hand, the Mayo Foundation policy involves not only information for research in general but also patients’ information. The foundation is strict in implementation of the policies involving the medical records of patients. Violations are strictly reprimanded by termination of employment and criminal persecution (Mayo Policy). Unlike the BIDMC policy, the foundation’s policy is very specific and meticulous. Even outgoing and incoming emails and viewed websites by the employees are monitored by the office in charge of information security (Mayo Policy).
Meanwhile, the Georgetown Policy precisely comprises health information of patients. It does not include any research literature as the Mayo and BIDMC policies. The policy only limits the information protected to patients’ medical and other related data (Georgetown Policy). It also focuses on not only electronic but also other forms of information storage and transport such as oral and written forms. Because of this, the records are very confidential and not easily accessible to everyone. Levels of access are maintained and limited people can only view the information. Even this limited people need to acquire permits from the management before they avail of the information.
All the organizations protect information that is vital to the transactions done by each. Therefore, protection and security are very significant. Nevertheless, each organization has a different set of information, which they protect. For example, BIDMC protects all sorts of information from general information to medical records that can be of help academically to its employees. Mayo on the other hand, protects patients’ information for use in transactions requiring medical benefits of the patients involved. Whereas, Georgetown only protects medical information of patients that are admitted to the medical center or are part of research projects of the medical center.
Beth Israel Deaconess Medical Center. (2007). Beth Israel Deaconess Medical Technology Resources Policy.Retrieved May 11, 2008, from http://www.himss.org/content/files/CPRIToolkit/version6/v6%20pdf/D39a_Beth_Israel_Deaconess_Medical_Center_Technology_Resources_Policies.pdf.
Georgetown University Medical Center. (2003, April 12). Georgetown University Protection of Health Information Policies and Procedures Manual. Retrieved May 11, 2008, from http://www.himss.org/ASP/privacySecurityTree.asp?faid=78&tid=4 and http://www.georgetown.edu/policy/hipaa/privacy.html
Mayo Foundation. (2002, September 9). Mayo Foundation Information Security Policies and Standards. Retrieved May 11, 2008, from http://www.himss.org/content/files/CPRIToolkit/version6/v6%20pdf/D39e_Mayo_Foundation_Information_Security_Policies.pdf.