Information Technology Ethics

Cybersecurity battles complicated by laws, ethics

First they came for the video games, launching an attack in April that siphoned millions of users' personal information from Sony's PlayStation Network that shut it down for weeks.

Then they came for the banks in May, purging the names, account numbers and email addresses of 360,000 Citibank customers.

They came for the government organizations in June, attacking the U.S. Senate and the International Monetary Fund over the course of a single week.

The question is: Are hackers coming for your organization's system next? If they haven't already gained access, security experts say, there's no doubt they're trying.

"There's certainly a fair amount of consternation and fear," said Kevin Richards, president of the Information Systems Security Association International, headquartered in Portland, Ore. "This is something that's a very real economic issue, and organizations are struggling with that."

A recent study of security professionals by the Ponemon Institute in Michigan said 90 percent of professionals at large companies in the United States, Britain, France and Germany had seen at least one breach in the past year and that 59 percent had two or more, according to a New York Times report.

Eric Irvin, a Houston-based security analyst with Alert Logic Inc., says it's time to fight fire with fire when it comes to cyberattacks.

He theorizes that security experts are held back from catching the bad guys by ethical obligations imposed by security certification organizations such as ISSA, in addition to being bound by laws and their own moral reservations.

He presented his idea under the provocative title, "Nice Guys Finish Last -- Why Doing the Right Thing Sucks," at last month's BSidesPittsburgh computer security conference in Pittsburgh.

Richards defended the security association's six-point code of ethics, which tells professionals to comply with the law, conduct duties with diligence and honesty, promote current best practices, maintain confidentiality, avoid conflicts of interest and avoid intentionally damaging an individual or company's reputation.

"We would never say it's OK to break laws," he said. "That's talk of vigilantism, which has never worked in any construct. "

He added security experts should focus on containing the problem, collecting evidence and turning it over to law enforcement agents to push for prosecution.

Even if cybersecurity were as simple as hacking the hackers, Irvin noted that innocent bystanders would most likely take the hits because hackers use other people's systems to do their dirty work.

Primary Care and "Small e" Ethics | Health for life, Health ...

In teaching ethics I like to distinguish between “large E” and “small e” ethics. “Large E” situations involve relatively rare but highly dramatic clinical questions like whether to turn off the respirator for someone without a family or an advance directive. “Small e” situations involve everyday matters like returning telephone calls that often go under the radar and don’t get considered in ethics discussions.

Dr. Richard Baron’s important article “What’s Keeping Us So Busy in Primary Care? A Snapshot from One Practice” shows just how important small e ethics can be. Baron’s five physician “Greenhouse Internists” primary care practice used its electronic medical record to track their activities in 2008. Physicians averaged 18.1 visits per day, but also dealt with 23.7 telephone calls (80% handled directly), 16.8 email messages, 19.5 laboratory reports, 11.1 imagining reports, and 13.9 consultation reports. In addition to prescriptions written during appointments they averaged 12.1 further prescriptions as well.

A fee for service system pays only for direct patient contact. Greenhouse Internists derives 35% of its revenue through capitation, more than a typical small practice would. This has helped the practice invest in efficiency-heightening infrastructure, like its electronic record system and its website.

The U.S. health policy community has been wringing its hands for decades over the precipitous decline of primary care and the concomitant rise in (a) costs and (b) public dissatisfaction with the health system. There’s nothing mysterious about what we’re seeing. As is so often true, the enemy is ourselves. We structure medical education so that it creates huge debt for many students. We pay primary care physicians poorly, so indebted students don’t go into it. And between the relatively low income, which can only be offset by higher volume, and reduced numbers, which pressures primary care physicians to take on new patients, we run them ragged. It’s no surprise that patients feel rushed as well.

Baron’s article documents the magnitude of uncompensated activity that goes into primary care. As a clinician and as a patient, I’ve experienced how important these non face-to-face activities can be for the ethical quality of health care. I practiced primarily in a capitated system and was paid by salary (a system I favor), so I wasn’t financially penalized for providing indirect services. In the patient satisfaction surveys we regularly did I got feedback on just how much my patients valued my relative promptness and reliability in returning phone calls. And, patients who liked to use email were very grateful for my readiness to incorporate it into their care. And as a patient I’ve similarly appreciated being able to exchange email with my primary care physician.

Information technology ethics, cultural perspectives

Ethics in Information Technology

The ethics of information technology and business

Information technology ethics, an organizational issue

Ethics and information technology, a case-based approach to a health care system in transition