Essay: PRIVATE SECTOR-PUBLIC SECTOR CYBER SECURITY ISSUES

Questions
1. Focusing on the goals of private businesses, and the goals of lawmakers for economic progress and economic security, select one example private-sector industry, describe the general business goals by using information on the web sites of one or two business within this industry, and explain why meta-data about customers and consumers is important to businesses within this industry. (here, meta-data means Big-Data collected about consumers to determine customer habits).
2. Describe some likely instances that demonstrate when the gathering of meta-data by businesses within this example industry may not be good for the customer. Use citations to support your arguments about how some action or result related to collection of meta-data may be harmful to customers.
3. What possible activities should lawmakers consider regulating to control the way that this example industry gathers and uses meta-data?
4. What are the goals of lawmakers in the public sector — or why should lawmakers think regulating these possible industry activities is useful?
5. What might happen to the goals of this industry, and to the public sector goals, as more new cyber security regulations are put in place for business compliance?
Introduction
This research work basically delves into whether policy makers and technology creators will create a secure, friendly and trusted privacy-rights infrastructure that will allow business innovation and monetization while at the same time ensuring that customers and consumers personal information is protected. There is evident need of applying security across all types of organizations and information systems. Despite this need, different priorities are realized across both private businesses and the public sector. Therefore, there is need to maintain a balance between the security implemented and the need of the organization to be successful. Government led initiatives, requiring certain requirements across organizations, are leading to a lot changes in many types of organizations both in the private agencies and the government agencies aimed at reducing the likelihood of any potential attacks. Various methods of improving data collection and the way the information is shared are discussed deeply in this research. The activities that the law makers find important to regulate collection of data are also evaluated. In addition to these, the goals of the law makers in the industry are evaluated. Finally, the effects of excessive application of cyber-security regulations both in the industry and the public goals sector are discussed.
Using health private-sector industry, description of the general business goals and why information about customers and consumers is important to businesses within this industry.
For the purpose of this particular research I will use the health sector to clearly demonstrate how proper security regulations can be maintained while at the same time ensuring that the patients’ information is protected and they are given the best services. The regulations are part of larger efforts to deliver care, cut-off costs and have a healthier community. This is achieved through improved payment to providers, improvement of service delivery and improvement of the way information is shared. Information about patients is practically very vital in this industry as depicted by the various ways in which that information can be used to ensure better service delivery and to determine the consumer trends in the health sector. The flow of this information is very crucial to achieving a healthy system that offers improved care, better spending and healthier people. One of the areas where information about the patients can be used productively is tracking data on patients’ visits so that doctors can tell whether the patients are following up with their healing procedure. Another example is where the data about the patient’s discharge information is availed to the relevant authorities for analysis and record keeping. Also data about patients that have referred from other facilities is of important to the physicians since they can request prior results from them. It is quite evident that physicians and doctors who use the right technology and good regulations are more likely to get necessary patient health data than those who did not use the relevant technology and security regulations. With the right technology and security regulations to collect the right patient health information, it is possible improve care for the patients by ensuring effective care coordination. Also, the implementation of a national query system can allow doctors and other medical attendants to review patient histories to be able to improve the treatment options.
Description of instances that demonstrate when the gathering of meta-data by businesses within the health industry may not be good for the customer. This includes some action or result related to collection of meta-data that may be harmful.
Despite the fact that collecting information about the patients is vital for effective care coordination, it can also be detrimental to the patients. This can occur whereby the collection of informational pertaining to the patients may not be appealing to the patients. This is especially when that information is not protected. First, the patients can be affected by health data breaches through cyber-attacks by malicious computer hackers. For instance, a review by HHs data found that 120 million people were affected by health breaches of more than 1,100 health data since the year 2009(‘iHealthBeat’,n.d.,para. 1). Such data breaches can bring about very disadvantageous outcomes to the concerned individuals since they can even have their personal monetary accounts hacked into. Secondly, many health-related web pages share user data with third parties thereby increasing the customer’s risk of getting an attack by malicious hackers. For example, a study by a university of Pennsylvania doctoral student found out that 70% 0f around 80,000 health-related web pages do not restrict third parties from accessing patients’ information on their conditions, treatments and the diseases they are suffering from(‘iHealthBeat’,n.d., para. 3). This raises the concern about the patient’s privacy and is clearly not appealing to the consumers. Also, increasing cases of sale of health data on black market is another case whereby collecting of the consumer data is not good for them. As an example, Security experts say that with the rising use of technology in the health sector, health sector organizations do not have in place the right cyber security techniques and strategies to keep off hackers from hacking their systems to steal valuable data. Interestingly, health data is being sold more on the black market and is fetching even higher prices than stolen card numbers (‘iHealthBeat’,n.d., para. 3 ). This kind of exposure is unappealing to the patients since it can clearly lead to adverse effects. Also, lawmakers are questioning public and private sector stakeholders about organizations that share consumer data with third-party companies (‘iHealthBeat’,n.d., para. 7 ). This compelled the law makers to question the credibility of the website terming it as vulnerable.
Possible activities that lawmakers should consider regulating to control the way that the health industry gathers and uses meta-data.
In the bid to control the way that the health sector gathers and uses metadata, the law makers can carry out the various activities. These activities will be aimed at improving data harmonization and exchange by ensuring patient engagement and innovative encounter models. Also the activities will ensure that the use of metadata pertaining to the patients is regulated and protected in such a manner that it is not use by the unauthorized individuals. These activities will also ensure that sharing of information is controlled and information falls only into the right hands. Firstly, the law makers should recommend development of systems that capture patient data. These can extend to the use of mobile devices to improve health information access and the way information is exchanged. By doing this, the information will be readily available to be shared easily when need arises. Also, patients will be able to disseminate information pertaining them conveniently at all times and from any location as long as they have the mobile devices. The law makers can also include patient identifiers to help standardize patient recognition in various health records which are distributed to various medical facilities. This will ensure that patients can be treated on multiple medical facilities successfully without necessarily transferring any information. Also, increasing the technological know-how among the patients can go a long way in helping improve data collection and exchange. This includes teaching the patients on how to use the electronic health records, patients’ portals and other IT tools. The law makers should also ensure standardized pricing and integration solutions from vendors, technology platforms capable of plug and play and also the use of federally mandated standards. This also extends to the use of a public application programming interface (API) to interconnect the record keeping systems through both push and pull. Also, it will entail finding an unambiguous intermediate level of data exchanged by the API. These and other activities will ensure that critical health information can be shared across medical practices and hospitals thereby reducing the patient’s risk.
The goals of lawmakers in the public sector and why lawmakers think regulating these possible industry activities is useful.
In carrying out these activities the law makers aim at ensuring the nation’s security including its electrical grid, financial networks and others critical infrastructure are well addressed. They aim at preventing the country from catastrophic cyber-attacks by strengthening the cyber defenses. They also aim at improving methods of data sharing to be more effective and secure. All these efforts are in the bid to ensure that customers and consumers information is well protected and that privacy is maintained and upheld. In addition, the law makers aim at making it possible institutions in a certain sector are able to carry out their transactions without necessarily fearing any external attacks. To achieve all this, they have to engage in a series of activities as described earlier.
Effects of addition of more cyber security regulations for business compliance to the goals of this industry, and to the public sector goals.
Although cyber security regulations are important to various industries for various reasons as discussed above, they can lead to reduced performance of the industry and the public sector as they strive to attain their goals. Some of these regulations could, for instance, hinder the ability of the children to take part in important and advantageous inter related activities aimed at benefiting them. This can happen whereby regulations can restrict websites from collecting information from children younger than 13. Other restrictions also extend to cover not only websites but also smartphones and mobile applications, games, ad networks and on-line plug-ins. This kind of restriction, for example, could lead to restriction of free-speech rights and also lead to heavy burdens on the websites’ audience while trying to prove their eligibility to access the sites. In overall, this will lead to lack of free expression and lack of innovation opportunities for children, older minors, and adults in online services
Conclusion
In conclusion, it is rather important to note need to balance between the cyber security regulations imposed on industries and the private sector and the need of the origination to be successful. Cyber security regulations put in place for business compliance should be applied to a certain extent to ensure that they do not become a hindrance to the success of the industry. The law makers should, therefore, ensure that they come with activities that will lead to the best data collection and usage strategies for increased access and efficiency to raise performance in the industry. In a nutshell, all the cyber security regulations should be aimed at preventing the nation at large from catastrophic cyber-attacks that can lead to huge loss for the economy.
References
Tech companies warn privacy rules will kill innovation. (n.d.). Retrieved March 27, 2015, from http://thehill.com/policy/technology/258853-tech-companies-warn-privacy-rules-will-kill-innovation
(n.d.). Retrieved March 27, 2015, from http://www.healthmgttech.com/news/all-news.php
Elon Pew Future of the Internet Survey: Security and Privacy by 2025, Anonymous Responses. (n.d.). Retrieved March 27, 2015, from http://www.elon.edu/e-web/imagining/surveys/2014_survey/2025_Internet_Security_Privacy_anon.xhtml
Privacy and Security – iHealthBeat. (n.d.). Retrieved March 27, 2015, from http://www.ihealthbeat.org/topics/privacy-and-security
Andreasson, K. (2012). Cybersecurity public sector threats and responses. Boca Raton, FL: CRC Press.
National security through technology: Technology, equipment and support for UK defence and security. (2012). London: Stationery Office.
120M Affected by Health Data Breaches Since 2009, More Expected – iHealthBeat. (n.d.). Retrieved March 27, 2015, from http://www.ihealthbeat.org/articles/2015/3/23/120m-affected-by-health-data-breaches-since-2009-more-expected
Many Health-Related Web Pages Share User Data With Third Parties – iHealthBeat. (n.d.). Retrieved March 27, 2015, from http://www.ihealthbeat.org/articles/2015/2/27/many-health-related-web-pages-share-user-data-with-third-parties
Security Experts: Health Data Increasingly Being Sold on Black Market – iHealthBeat. (n.d.). Retrieved March 27, 2015, from http://www.ihealthbeat.org/articles/2015/2/19/security-experts-health-data-increasingly-being-sold-on-black-market
HealthCare.gov Privacy Questions Raised at Congressional Hearing – iHealthBeat. (n.d.). Retrieved March 27, 2015, from http://www.ihealthbeat.org/articles/2015/1/28/healthcaregov-privacy-questions-raised-at-congressional-hearing