SlideShare a Scribd company logo

CHAPTER 15HRIS Privacy and Security1.docx

Download as DOCX, PDF
K
keturahhazelhurst

CHAPTER 15 HRIS Privacy and Security 1 WHY PRIVACY IS CRITICALLY IMPORTANT An HRIS includes a great deal of confidential data about employees, such as Social Security numbers, medical data, bank account data, salaries, domestic partner benefits, employment test scores, and performance evaluations. It is critical for organizations to understand and pay close attention to what employee data is collected, stored, manipulated, used, and distributed—when, why, and by whom. Organizations also need to carefully consider the internal and external threats to these data and develop strong information security plans and procedures to protect these data and comply with legislative mandates. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 2 WHY PRIVACY IS CRITICALLY IMPORTANT However, starting in the 1990s, as computer networks became more common, threats to information security became more involved due to the presence of enterprise-wide systems. There is a growing concern about the extent to which these systems permit users (both inside and outside of the organization) to access a wide array of personal information about employees. As a result, employees may perceive that if these data are accessed by others, the information contained in their employment files may embarrass them or result in negative outcomes (e.g., denial of promotion or challenging job assignment). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 3 WHY PRIVACY IS CRITICALLY IMPORTANT Recent research suggests that this concern may be well founded. For example, one report indicated that over 500 million organizational records have been breached since 2005, and there has been a rise in the theft of employment data (Privacy Rights Clearinghouse, 2010). In view of the growing concern about identity theft and the security of employment information in HRIS, a number of states (e.g., AK, CA, FL, HI, IL, LA, MO, NY, SC, WA) passed privacy laws requiring organizations to adopt reasonable security practices to prevent unauthorized access to personal data (Privacy Protections in State Constitutions, 2012). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 4 WHY PRIVACY IS CRITICALLY IMPORTANT Despite these new laws, results of surveys revealed that 43% of businesses stated that they did not put any new security solutions in place to prevent the inadvertent release or access to employee data, and almost half did not change any internal policies to ensure that data were secure. The cost of these data breaches can be large. For example, the average cost of a data breach has increased to almost $7 million per firm. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 5 WHY PRIVACY IS CRITICALLY IMPORTANT Software vendors, such as Oracle, are aware of the potential for security breaches and offer multiple security models (e.g., Standard HRIS Security and ...

Education
1 of 24
CHAPTER 15 HRIS Privacy and Security 1 WHY PRIVACY IS CRITICALLY IMPORTANT An HRIS includes a great deal of confidential data about employees, such as Social Security numbers, medical data, bank account data, salaries, domestic partner benefits, employment test scores, and performance evaluations. It is critical for organizations to understand and pay close attention to what employee data is collected, stored, manipulated, used, and distributed—when, why, and by whom. Organizations also need to carefully consider the internal and external threats to these data and develop strong information security plans and procedures to protect these data and comply with legislative mandates. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 2
WHY PRIVACY IS CRITICALLY IMPORTANT However, starting in the 1990s, as computer networks became more common, threats to information security became more involved due to the presence of enterprise-wide systems. There is a growing concern about the extent to which these systems permit users (both inside and outside of the organization) to access a wide array of personal information about employees. As a result, employees may perceive that if these data are accessed by others, the information contained in their employment files may embarrass them or result in negative outcomes (e.g., denial of promotion or challenging job assignment). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 3 WHY PRIVACY IS CRITICALLY IMPORTANT Recent research suggests that this concern may be well founded. For example, one report indicated that over 500 million organizational records have been breached since 2005, and there
has been a rise in the theft of employment data (Privacy Rights Clearinghouse, 2010). In view of the growing concern about identity theft and the security of employment information in HRIS, a number of states (e.g., AK, CA, FL, HI, IL, LA, MO, NY, SC, WA) passed privacy laws requiring organizations to adopt reasonable security practices to prevent unauthorized access to personal data (Privacy Protections in State Constitutions, 2012). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 4 WHY PRIVACY IS CRITICALLY IMPORTANT Despite these new laws, results of surveys revealed that 43% of businesses stated that they did not put any new security solutions in place to prevent the inadvertent release or access to employee data, and almost half did not change any internal policies to ensure that data were secure. The cost of these data breaches can be large. For example, the average cost of a data breach has increased to almost $7 million per firm. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 5
WHY PRIVACY IS CRITICALLY IMPORTANT Software vendors, such as Oracle, are aware of the potential for security breaches and offer multiple security models (e.g., Standard HRIS Security and Security Groups Enabled Security) that enable an administrator to set up HRIS security specifically for an organization. This means that the software allows companies to determine the kind of data access and responsibility each employee has. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 6 EMPLOYEE PRIVACY ISSUES The U.S. Fair Labor Standards Act of 1938 requires employers to maintain basic information on all employees including Social Security number, address, gender, occupation, pay, and hours worked. However, the increased use of HRIS to store these data has prompted concerns about the degree to which these systems have the potential to invade personal privacy. Information privacy has been defined as the “degree to which
individuals have control over the collection, storage, access, and release of personal data.” Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 7 EMPLOYEE PRIVACY ISSUES Unauthorized access to information Unauthorized Disclosure of Information The unauthorized disclosure of data accuracy problems Stigmatization problems Use of data in social network websites Lack of privacy protection policies Despite the widespread use of HRIS and growing concerns about the (a) unauthorized access, (b) unauthorized release, (c) data accuracy, and (d) use of data to stigmatize employees, many companies have not established fair information management policies to control the use and release of employee information. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 8
COMPONENTS OF INFORMATION SECURITY The McCumber Cube provides a graphical representation of the architectural approach widely used information security. It examines not only the characteristics of the information to be protected but also the context of the information state. The cube allows an analyst to identify the information flows within an HRIS, view it for important security-relevant factors, and then map the findings to the cube. The cube has three dimensions. If extrapolated, the three dimensions of each axis become a 3 x 3 x 3 cube with 27 cells representing areas that must be addressed to secure a modern-day information system. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 9 COMPONENTS OF INFORMATION SECURITY Desired Information Goals – Ensure that data is kept confidential, has not been manipulated, and is available to those who are authorized to access it Countermeasures – Identify mechanisms that can be used to protect data
State of Information – Identify the state in which data is currently residing Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 10 THE MACUMBER CUBE Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 11 SECURITY THREATS: SOURCES Human error Disgruntled employees and ex-employees Other “internal” attackers External hackers Natural disasters
Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 12 SECURITY THREATS: TYPES Misuse of computer systems Extortion Theft Computer-based fraud Cyber-terrorism Phishing Denial-of-service (DoS) Software Threats Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 13 SECURITY THREATS: TYPES A computer virus is a type of malware that works by inserting a
copy of itself onto a computer or device (e.g. smartphone) and then becoming part of another program. It can attach itself to files without the user’s knowledge and duplicate itself by executing infected files. When successful, a virus can alter data, erase or damage data, create a nuisance, or inflict other damage. Worms are in some ways similar to viruses since they can replicate themselves. However, unlike viruses that require the spreading of an infected file, worms such as Code Red, Slammer, and MyDoom can spread by themselves without attaching to files. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 14 SECURITY THREATS: TYPES Spyware is software installed on an unknowing user’s computer that gathers information about the user’s activities on the Web (keystrokes, websites visited, et cetera) and transmits it to third parties such as advertisers or attackers. Problems associated with spyware include potential privacy invasion, appropriation of personal information, and interference with the user’s computer operation. Blended Threats: These threats propagate both as viruses and worms. They can also post themselves on websites for people to download unwittingly. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018.
15 SECURITY THREATS: TYPES Trojan is another type of malware that usually hides inside e- mail attachments or files and infects a user’s computer when attachments are opened or programs are executed. Trojans are named after the Trojan horse of Greek mythology in that they appear to be something positive but are, in reality, doing something malicious. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Instead, they must be opened on a computer by a user. Some Trojans can work as spyware while others can display a login or install screen and collect personal data such as usernames and passwords, or other forms of identification, such as bank account or credit card numbers. They can also copy files, delete files, uninstall applications using remote access programs on the computers, and format disks without alerting the victim. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 16
SECURITY THREATS: SOFTWARE AS A THREAT A computer virus is a type of malware that works by inserting a copy of itself onto a computer or device (e.g. smartphone) and then becoming part of another program. It can attach itself to files without the user’s knowledge and duplicate itself by executing infected files. Worms such as Code Red, Slammer, and MyDoom can spread by themselves without attaching to files. Spyware is software installed on an unknowing user’s computer that gathers information about the user’s activities on the Web (keystrokes, websites visited, et cetera) and transmits it to third parties such as advertisers or attackers. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 17 SECURITY THREATS: SOFTWARE AS A THREAT Blended Threats: These threats propagate both as viruses and worms. They can also post themselves on websites for people to download unwittingly. Trojan is another type of malware that usually hides inside e- mail attachments or files and infects a user’s computer when attachments are opened or programs are executed.
Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 18 INFORMATION POLICY AND MANAGEMENT Fair information management policies To date, there has been legislation restricting the collection, storage, use, and dissemination of employee information in the public sector (e.g., Privacy Act of 1974), but there is no comprehensive federal legislation on employee information privacy in private-sector organizations. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 19 INFORMATION POLICY AND MANAGEMENT However, one state, California, has recently passed a law that protects the privacy of employee records in private-sector
organizations (Privacy Protection in State Constitutions, 2012 In addition, multinational organizations should also consider the privacy practices in the countries in which they operate. The challenge for organizations is that every country takes a different perspective on protecting employee information privacy, and your organization will need to be familiar with all the applicable laws in each country in which you operate. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 20 PROTECTING EMPLOYEE PRIVACY “There are few laws governing the storage, use, and dissemination of information in HRIS. Organizations may decrease the degree to which employees perceive that HRIS invades their privacy by establishing fair information management policies and practices.” Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 21
EFFECTIVE INFORMATION SECURITY PRACTICES Follow established security standards such as ISO/IEC 27000 series. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 22 EFFECTIVE INFORMATION SECURITY PRACTICES Several best practices include these: Adopt a comprehensive information security and privacy policy. Store sensitive personal data in secure HRIS, and provide appropriate encryption. Dispose of documents properly or restore persistent storage equipment. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 23
EFFECTIVE INFORMATION SECURITY PRACTICES Build document destruction capabilities into the office infrastructure. Implement and continuously update technical (firewalls, antivirus, antispyware, etc.) and nontechnical (security education, training, and awareness) measures. Conduct privacy “walk-throughs,” and make spot checks on proper information handling. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 24 Collaborative Documentation (CD) Completing All or most of the documentation with the individual during the time of the service Benefits of CD Efficient
Allows our clients to know what is in their charts Clarify information Include client perspectives Clients will become more engaged and involved in their treatment Specific treatment outcomes can be discussed Change in treatment plan can be addressed more quickly (emphasis on collaboration) CD and Clinical Practice Collaborative Documentation integrates documentation into clinical practice Documentation becomes useful to the interests and values of practitioners Documentation becomes timely (real time) Client participation will improve Focus on treatment goals/objectives Intake Process with CD Non clinical staff collect the non-clinical information (demographics) Completing all Information- gathering collectively Allowing clients to view the computer screen Pointing to the computer screen and alternating between listening and summarizing Depending on client presentation, some parts of the assessment may be completed post session (e.g., mental status exam).
Tips for Psychiatric Providers Start by asking ‘What do we want to result from our work over the next few months? How will we know we if we’re successful?’ Measurable or observable outcomes What can we do together to move towards your goal (e.g., how medication monitoring services will assist in the overall treatment goal) Changes in functioning, behaviors, symptoms, skills Additional Tips ‘I may be typing while you are answering some of my questions so that I am not missing any information shared with me.’ Alternating between listening, summarizing, and eye gaze will assist in building a therapeutic alliance. Completing the note during intervals (whatever works for the individual-some clients may need a brief break or a change in focus) More Tips! Allow the individual and family to see the note! Agree to Disagree Think of CD as written ‘wrap up’ versus paperwork Control documentation to enhance the clinical process Invite clients to share their values/perspectives Use formatted notes (thank you, HMS!)
Attitude is KEY-present CD as an invitation Office Setup Where is your desk in relation to where clients sit? How is your computer positioned? Are you facing clients ? Are you able to turn your screen so clients can see what you’re typing? Is your office conducive to CD? Office Setup Clinical Benefits Highly positive responses from individuals/families Improved recall and plan adherence Improved Engagement-reductions in NO SHOWS/CANCELLATIONS More time to see clients and meet the needs of the community
Data from 10 CMHCs 10 community mental health centers were randomly assigned to receive training in person-centered planning and collaborative documentation or provide treatment, as usual (N=17,000) Medication Adherence and Service Engagement were measured over 11 months RESULTS-Medication Adherence increased significantly in the experimental group (B=.022, p<.01) but showed no significant change in the control condition (B=.004, p=.25). Appointment no shows were also reduced in the experimental group. National Council Survey 1. On a Scale of 1 to 5, how helpful was it to have your provider review your note with you at the end of session? 81% stated it was either ‘Very helpful’ (51%) or ‘Helpful’ (30%) 9% stated it was ‘Neither Helpful’ or ‘Nor Not Helpful’ 1% stated it was ‘Not Helpful’ 5% stated it was ‘Very Unhelpful’ 4% had No Opinion/NA Involvement in Care 2. On a scale from 1 to 5, how involved did you feel in your care, compared to past experiences? (either with us or another
agency) 51% stated they felt ‘Very Involved’ 28% felt ‘Involved’ 14% felt ‘About the Same’ 1% felt ‘Not Involved’ 3% felt ‘Uninvolved’ 3% N/A or No Opinion Provider Approach 3. On a Scale of 1 to 5, how well do you think your provider did in introducing and using this new system? 68% reported ‘Very Good’ 25% reported ‘Good’ 4% stated ‘Average’ 0% reported ‘Poorly’ 1% reported ‘Very Poorly’ 2% had No Opinion/No Answer Continue with CD? 4. On a Scale of 1 to 3, in the future, would you want your provider to continue to review your note with you? 77% said YES! 11% were unsure 6% said NO 6% had No Answer/NA
Medication Adherence Outpatient Pilot Selected interested clinicians from 4 outpatient sites to go through a collaborative documentation training (webinar) and management provided ongoing support/guidance (N=242). Used the same 4 question survey from National Council 77% of clients reported it either ‘Very Helpful’ or ‘Helpful’ to have their provider review notes with them at the end of session (similar to national average) 80% of clients reported they felt either Very Involved or Involved (Likert Scale) in their care (similar to national data) Outpatient Data 88% of clients reported their provider did a ‘Very Good’ or ‘Good’ job with introducing the system 72% of clients reported they would want their provider to continue the CD method Overall, data from this pilot was similar to national average in terms of client responses/reactions to CD
Staff Reactions to CD 100% of the staff who were surveyed had implemented CD for one or more months 83% reported it was either ‘Very Easy’ or ‘Easy’ to learn collaborative documentation vs. 16% of staff who reported it was ‘Not Easy.’ 58% reported CD is helpful to the treatment process vs. 33% who reported it was ‘Neither Helpful nor Not Helpful.’ 50% reported clients were either ‘Very Involved’ or ‘Involved’ in the treatment process as a result of CD (77% of clients reported feeling involved in their care) 75% reported CD has been helpful with paperwork efficiency 50% reported better workplace satisfaction with the use of CD Research on Nonverbal Communication A study out of Northwestern evaluated eye gaze patterns between PCPs and patients while electronic health records are used 100 patient visits were observed and video-taped in 10 PCP offices Researchers wanted to assess eye contact as it relates to using electronic health record systems vs. paper charts Investigators interested in how EHR affects the quality of the patient/physician interaction Possible design guidelines indicated
Findings Given that nonverbal communication is being explored as an important aspect to treatment, eye contact, body language, posturing, and facial expressions are vital when using an EHR system This study found patients eyes go where the physicians eyes go (patients gazed at their doctor 50% of the visit vs. doctors gaze patterns towards patients, which was 47% of the visit) Physician initiated eye gaze was found to be an important driver of interactions between the patient/physician. Implementation Skepticism Concerns Healthy work/life balance? 4-6 weeks to transition fully into CD mode Addressing concerns as they arise Seeking guidance/support from management during the initial phase Questions? References Asan, O., Montague, E. (2014). Dynamic modeling of patient and physician eye gaze to understand the effects of electronic health records on doctor-patient communication and attention. International Journal Of Medical Informatics. Vol 83, 225-234.
Schmelter, B. (2013). Collaborative documentation gets you off the compliance treadmill. Retrieved from TheNationalCouncil.org. Stanhope, V., Ingolia, C., Schmelter, B., Marcus, S.C. (2013). Impact of person- centered planning and collaborative documentation on treatment adherence. Psychiatric Services, Vol 64, 1, 76-80.

Recommended

Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
CSCJournals
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
Keith Braswell
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET Journal
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
daniahendric
 

Recommended

Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
CSCJournals
 
Data Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network AnalysisData Leak Protection Using Text Mining and Social Network Analysis
Data Leak Protection Using Text Mining and Social Network Analysis
IJERD Editor
 
F5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker FinalF5 Hero Asset - Inside the head of a Hacker Final
F5 Hero Asset - Inside the head of a Hacker Final
Shallu Behar-Sheehan FCIM
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
Keith Braswell
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET Journal
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
daniahendric
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptx
Dolchandra
 
C018131821
C018131821C018131821
C018131821
IOSR Journals
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
AliyuMuhammadButu
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
wbesse
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx
romawoodz
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Organization
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategies
Venkata Karthik Gullapalli
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
How to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jarHow to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jar
JudgeEagle
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
Patrick Bouillaud
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
Skippedltd
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
GogoOmolloFrancis
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
Strategy&, a member of the PwC network
 
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
keturahhazelhurst
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
keturahhazelhurst
 

More Related Content

Similar to CHAPTER 15HRIS Privacy and Security1.docx

An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
Kashif Ali
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 

Similar to CHAPTER 15HRIS Privacy and Security1.docx (20)

5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Abhishek kurre.pptx
Abhishek kurre.pptxAbhishek kurre.pptx
Abhishek kurre.pptx
 
C018131821
C018131821C018131821
C018131821
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx4b - Security Management - Cyber Security Mgt (1).pptx
4b - Security Management - Cyber Security Mgt (1).pptx
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategies
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docxThe uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
 
How to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jarHow to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jar
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
 
Rapport X force 2014
Rapport X force 2014Rapport X force 2014
Rapport X force 2014
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Cybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future AttacksCybersecurity After WannaCry: How to Resist Future Attacks
Cybersecurity After WannaCry: How to Resist Future Attacks
 

More from keturahhazelhurst

1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
keturahhazelhurst
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
keturahhazelhurst
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
keturahhazelhurst
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
keturahhazelhurst
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
keturahhazelhurst
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
keturahhazelhurst
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
keturahhazelhurst
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
keturahhazelhurst
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
keturahhazelhurst
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
keturahhazelhurst
 

More from keturahhazelhurst (20)

1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
1. The ALIVE status of each SEX. (SEX needs to be integrated into th.docx
 
1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx1. Some potentially pathogenic bacteria and fungi, including strains.docx
1. Some potentially pathogenic bacteria and fungi, including strains.docx
 
1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx1. Terrestrial Planets                           2. Astronomical.docx
1. Terrestrial Planets                           2. Astronomical.docx
 
1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx1. Taking turns to listen to other students is not always easy f.docx
1. Taking turns to listen to other students is not always easy f.docx
 
1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx1. The main characters names in The Shape of Things are Adam and E.docx
1. The main characters names in The Shape of Things are Adam and E.docx
 
1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx1. Select one movie from the list belowShutter Island (2010; My.docx
1. Select one movie from the list belowShutter Island (2010; My.docx
 
1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx1. Select a system of your choice and describe the system life-cycle.docx
1. Select a system of your choice and describe the system life-cycle.docx
 
1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx1. Sensation refers to an actual event; perception refers to how we .docx
1. Sensation refers to an actual event; perception refers to how we .docx
 
1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx1. The Institute of Medicine (now a renamed as a part of the N.docx
1. The Institute of Medicine (now a renamed as a part of the N.docx
 
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
1. The Documentary Hypothesis holds that the Pentateuch has a number.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx1. Search the internet and learn about the cases of nurses Julie Tha.docx
1. Search the internet and learn about the cases of nurses Julie Tha.docx
 
1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx1. Review the three articles about Inflation that are found below th.docx
1. Review the three articles about Inflation that are found below th.docx
 
1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx1. Review the following request from a customerWe have a ne.docx
1. Review the following request from a customerWe have a ne.docx
 
1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx1. Research risk assessment approaches.2. Create an outline .docx
1. Research risk assessment approaches.2. Create an outline .docx
 
1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx1. Research has narrowed the thousands of leadership behaviors into .docx
1. Research has narrowed the thousands of leadership behaviors into .docx
 
1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx1. Research Topic Super Computer Data MiningThe aim of this.docx
1. Research Topic Super Computer Data MiningThe aim of this.docx
 
1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx1. Research and then describe about The Coca-Cola Company primary bu.docx
1. Research and then describe about The Coca-Cola Company primary bu.docx
 
1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx1. Prepare a risk management plan for the project of finding a job a.docx
1. Prepare a risk management plan for the project of finding a job a.docx
 
1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx1. Please define the term social class. How is it usually measured .docx
1. Please define the term social class. How is it usually measured .docx
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 

Recently uploaded (20)

fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 

CHAPTER 15HRIS Privacy and Security1.docx

  • 1. CHAPTER 15 HRIS Privacy and Security 1 WHY PRIVACY IS CRITICALLY IMPORTANT An HRIS includes a great deal of confidential data about employees, such as Social Security numbers, medical data, bank account data, salaries, domestic partner benefits, employment test scores, and performance evaluations. It is critical for organizations to understand and pay close attention to what employee data is collected, stored, manipulated, used, and distributed—when, why, and by whom. Organizations also need to carefully consider the internal and external threats to these data and develop strong information security plans and procedures to protect these data and comply with legislative mandates. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 2
  • 2. WHY PRIVACY IS CRITICALLY IMPORTANT However, starting in the 1990s, as computer networks became more common, threats to information security became more involved due to the presence of enterprise-wide systems. There is a growing concern about the extent to which these systems permit users (both inside and outside of the organization) to access a wide array of personal information about employees. As a result, employees may perceive that if these data are accessed by others, the information contained in their employment files may embarrass them or result in negative outcomes (e.g., denial of promotion or challenging job assignment). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 3 WHY PRIVACY IS CRITICALLY IMPORTANT Recent research suggests that this concern may be well founded. For example, one report indicated that over 500 million organizational records have been breached since 2005, and there
  • 3. has been a rise in the theft of employment data (Privacy Rights Clearinghouse, 2010). In view of the growing concern about identity theft and the security of employment information in HRIS, a number of states (e.g., AK, CA, FL, HI, IL, LA, MO, NY, SC, WA) passed privacy laws requiring organizations to adopt reasonable security practices to prevent unauthorized access to personal data (Privacy Protections in State Constitutions, 2012). Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 4 WHY PRIVACY IS CRITICALLY IMPORTANT Despite these new laws, results of surveys revealed that 43% of businesses stated that they did not put any new security solutions in place to prevent the inadvertent release or access to employee data, and almost half did not change any internal policies to ensure that data were secure. The cost of these data breaches can be large. For example, the average cost of a data breach has increased to almost $7 million per firm. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 5
  • 4. WHY PRIVACY IS CRITICALLY IMPORTANT Software vendors, such as Oracle, are aware of the potential for security breaches and offer multiple security models (e.g., Standard HRIS Security and Security Groups Enabled Security) that enable an administrator to set up HRIS security specifically for an organization. This means that the software allows companies to determine the kind of data access and responsibility each employee has. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 6 EMPLOYEE PRIVACY ISSUES The U.S. Fair Labor Standards Act of 1938 requires employers to maintain basic information on all employees including Social Security number, address, gender, occupation, pay, and hours worked. However, the increased use of HRIS to store these data has prompted concerns about the degree to which these systems have the potential to invade personal privacy. Information privacy has been defined as the “degree to which
  • 5. individuals have control over the collection, storage, access, and release of personal data.” Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 7 EMPLOYEE PRIVACY ISSUES Unauthorized access to information Unauthorized Disclosure of Information The unauthorized disclosure of data accuracy problems Stigmatization problems Use of data in social network websites Lack of privacy protection policies Despite the widespread use of HRIS and growing concerns about the (a) unauthorized access, (b) unauthorized release, (c) data accuracy, and (d) use of data to stigmatize employees, many companies have not established fair information management policies to control the use and release of employee information. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 8
  • 6. COMPONENTS OF INFORMATION SECURITY The McCumber Cube provides a graphical representation of the architectural approach widely used information security. It examines not only the characteristics of the information to be protected but also the context of the information state. The cube allows an analyst to identify the information flows within an HRIS, view it for important security-relevant factors, and then map the findings to the cube. The cube has three dimensions. If extrapolated, the three dimensions of each axis become a 3 x 3 x 3 cube with 27 cells representing areas that must be addressed to secure a modern-day information system. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 9 COMPONENTS OF INFORMATION SECURITY Desired Information Goals – Ensure that data is kept confidential, has not been manipulated, and is available to those who are authorized to access it Countermeasures – Identify mechanisms that can be used to protect data
  • 7. State of Information – Identify the state in which data is currently residing Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 10 THE MACUMBER CUBE Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 11 SECURITY THREATS: SOURCES Human error Disgruntled employees and ex-employees Other “internal” attackers External hackers Natural disasters
  • 8. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 12 SECURITY THREATS: TYPES Misuse of computer systems Extortion Theft Computer-based fraud Cyber-terrorism Phishing Denial-of-service (DoS) Software Threats Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 13 SECURITY THREATS: TYPES A computer virus is a type of malware that works by inserting a
  • 9. copy of itself onto a computer or device (e.g. smartphone) and then becoming part of another program. It can attach itself to files without the user’s knowledge and duplicate itself by executing infected files. When successful, a virus can alter data, erase or damage data, create a nuisance, or inflict other damage. Worms are in some ways similar to viruses since they can replicate themselves. However, unlike viruses that require the spreading of an infected file, worms such as Code Red, Slammer, and MyDoom can spread by themselves without attaching to files. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 14 SECURITY THREATS: TYPES Spyware is software installed on an unknowing user’s computer that gathers information about the user’s activities on the Web (keystrokes, websites visited, et cetera) and transmits it to third parties such as advertisers or attackers. Problems associated with spyware include potential privacy invasion, appropriation of personal information, and interference with the user’s computer operation. Blended Threats: These threats propagate both as viruses and worms. They can also post themselves on websites for people to download unwittingly. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018.
  • 10. 15 SECURITY THREATS: TYPES Trojan is another type of malware that usually hides inside e- mail attachments or files and infects a user’s computer when attachments are opened or programs are executed. Trojans are named after the Trojan horse of Greek mythology in that they appear to be something positive but are, in reality, doing something malicious. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Instead, they must be opened on a computer by a user. Some Trojans can work as spyware while others can display a login or install screen and collect personal data such as usernames and passwords, or other forms of identification, such as bank account or credit card numbers. They can also copy files, delete files, uninstall applications using remote access programs on the computers, and format disks without alerting the victim. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 16
  • 11. SECURITY THREATS: SOFTWARE AS A THREAT A computer virus is a type of malware that works by inserting a copy of itself onto a computer or device (e.g. smartphone) and then becoming part of another program. It can attach itself to files without the user’s knowledge and duplicate itself by executing infected files. Worms such as Code Red, Slammer, and MyDoom can spread by themselves without attaching to files. Spyware is software installed on an unknowing user’s computer that gathers information about the user’s activities on the Web (keystrokes, websites visited, et cetera) and transmits it to third parties such as advertisers or attackers. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 17 SECURITY THREATS: SOFTWARE AS A THREAT Blended Threats: These threats propagate both as viruses and worms. They can also post themselves on websites for people to download unwittingly. Trojan is another type of malware that usually hides inside e- mail attachments or files and infects a user’s computer when attachments are opened or programs are executed.
  • 12. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 18 INFORMATION POLICY AND MANAGEMENT Fair information management policies To date, there has been legislation restricting the collection, storage, use, and dissemination of employee information in the public sector (e.g., Privacy Act of 1974), but there is no comprehensive federal legislation on employee information privacy in private-sector organizations. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 19 INFORMATION POLICY AND MANAGEMENT However, one state, California, has recently passed a law that protects the privacy of employee records in private-sector
  • 13. organizations (Privacy Protection in State Constitutions, 2012 In addition, multinational organizations should also consider the privacy practices in the countries in which they operate. The challenge for organizations is that every country takes a different perspective on protecting employee information privacy, and your organization will need to be familiar with all the applicable laws in each country in which you operate. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 20 PROTECTING EMPLOYEE PRIVACY “There are few laws governing the storage, use, and dissemination of information in HRIS. Organizations may decrease the degree to which employees perceive that HRIS invades their privacy by establishing fair information management policies and practices.” Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 21
  • 14. EFFECTIVE INFORMATION SECURITY PRACTICES Follow established security standards such as ISO/IEC 27000 series. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 22 EFFECTIVE INFORMATION SECURITY PRACTICES Several best practices include these: Adopt a comprehensive information security and privacy policy. Store sensitive personal data in secure HRIS, and provide appropriate encryption. Dispose of documents properly or restore persistent storage equipment. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 23
  • 15. EFFECTIVE INFORMATION SECURITY PRACTICES Build document destruction capabilities into the office infrastructure. Implement and continuously update technical (firewalls, antivirus, antispyware, etc.) and nontechnical (security education, training, and awareness) measures. Conduct privacy “walk-throughs,” and make spot checks on proper information handling. Kavanagh, Human Resource Information Systems 4e. SAGE Publications, 2018. 24 Collaborative Documentation (CD) Completing All or most of the documentation with the individual during the time of the service Benefits of CD Efficient
  • 16. Allows our clients to know what is in their charts Clarify information Include client perspectives Clients will become more engaged and involved in their treatment Specific treatment outcomes can be discussed Change in treatment plan can be addressed more quickly (emphasis on collaboration) CD and Clinical Practice Collaborative Documentation integrates documentation into clinical practice Documentation becomes useful to the interests and values of practitioners Documentation becomes timely (real time) Client participation will improve Focus on treatment goals/objectives Intake Process with CD Non clinical staff collect the non-clinical information (demographics) Completing all Information- gathering collectively Allowing clients to view the computer screen Pointing to the computer screen and alternating between listening and summarizing Depending on client presentation, some parts of the assessment may be completed post session (e.g., mental status exam).
  • 17. Tips for Psychiatric Providers Start by asking ‘What do we want to result from our work over the next few months? How will we know we if we’re successful?’ Measurable or observable outcomes What can we do together to move towards your goal (e.g., how medication monitoring services will assist in the overall treatment goal) Changes in functioning, behaviors, symptoms, skills Additional Tips ‘I may be typing while you are answering some of my questions so that I am not missing any information shared with me.’ Alternating between listening, summarizing, and eye gaze will assist in building a therapeutic alliance. Completing the note during intervals (whatever works for the individual-some clients may need a brief break or a change in focus) More Tips! Allow the individual and family to see the note! Agree to Disagree Think of CD as written ‘wrap up’ versus paperwork Control documentation to enhance the clinical process Invite clients to share their values/perspectives Use formatted notes (thank you, HMS!)
  • 18. Attitude is KEY-present CD as an invitation Office Setup Where is your desk in relation to where clients sit? How is your computer positioned? Are you facing clients ? Are you able to turn your screen so clients can see what you’re typing? Is your office conducive to CD? Office Setup Clinical Benefits Highly positive responses from individuals/families Improved recall and plan adherence Improved Engagement-reductions in NO SHOWS/CANCELLATIONS More time to see clients and meet the needs of the community
  • 19. Data from 10 CMHCs 10 community mental health centers were randomly assigned to receive training in person-centered planning and collaborative documentation or provide treatment, as usual (N=17,000) Medication Adherence and Service Engagement were measured over 11 months RESULTS-Medication Adherence increased significantly in the experimental group (B=.022, p<.01) but showed no significant change in the control condition (B=.004, p=.25). Appointment no shows were also reduced in the experimental group. National Council Survey 1. On a Scale of 1 to 5, how helpful was it to have your provider review your note with you at the end of session? 81% stated it was either ‘Very helpful’ (51%) or ‘Helpful’ (30%) 9% stated it was ‘Neither Helpful’ or ‘Nor Not Helpful’ 1% stated it was ‘Not Helpful’ 5% stated it was ‘Very Unhelpful’ 4% had No Opinion/NA Involvement in Care 2. On a scale from 1 to 5, how involved did you feel in your care, compared to past experiences? (either with us or another
  • 20. agency) 51% stated they felt ‘Very Involved’ 28% felt ‘Involved’ 14% felt ‘About the Same’ 1% felt ‘Not Involved’ 3% felt ‘Uninvolved’ 3% N/A or No Opinion Provider Approach 3. On a Scale of 1 to 5, how well do you think your provider did in introducing and using this new system? 68% reported ‘Very Good’ 25% reported ‘Good’ 4% stated ‘Average’ 0% reported ‘Poorly’ 1% reported ‘Very Poorly’ 2% had No Opinion/No Answer Continue with CD? 4. On a Scale of 1 to 3, in the future, would you want your provider to continue to review your note with you? 77% said YES! 11% were unsure 6% said NO 6% had No Answer/NA
  • 21. Medication Adherence Outpatient Pilot Selected interested clinicians from 4 outpatient sites to go through a collaborative documentation training (webinar) and management provided ongoing support/guidance (N=242). Used the same 4 question survey from National Council 77% of clients reported it either ‘Very Helpful’ or ‘Helpful’ to have their provider review notes with them at the end of session (similar to national average) 80% of clients reported they felt either Very Involved or Involved (Likert Scale) in their care (similar to national data) Outpatient Data 88% of clients reported their provider did a ‘Very Good’ or ‘Good’ job with introducing the system 72% of clients reported they would want their provider to continue the CD method Overall, data from this pilot was similar to national average in terms of client responses/reactions to CD
  • 22. Staff Reactions to CD 100% of the staff who were surveyed had implemented CD for one or more months 83% reported it was either ‘Very Easy’ or ‘Easy’ to learn collaborative documentation vs. 16% of staff who reported it was ‘Not Easy.’ 58% reported CD is helpful to the treatment process vs. 33% who reported it was ‘Neither Helpful nor Not Helpful.’ 50% reported clients were either ‘Very Involved’ or ‘Involved’ in the treatment process as a result of CD (77% of clients reported feeling involved in their care) 75% reported CD has been helpful with paperwork efficiency 50% reported better workplace satisfaction with the use of CD Research on Nonverbal Communication A study out of Northwestern evaluated eye gaze patterns between PCPs and patients while electronic health records are used 100 patient visits were observed and video-taped in 10 PCP offices Researchers wanted to assess eye contact as it relates to using electronic health record systems vs. paper charts Investigators interested in how EHR affects the quality of the patient/physician interaction Possible design guidelines indicated
  • 23. Findings Given that nonverbal communication is being explored as an important aspect to treatment, eye contact, body language, posturing, and facial expressions are vital when using an EHR system This study found patients eyes go where the physicians eyes go (patients gazed at their doctor 50% of the visit vs. doctors gaze patterns towards patients, which was 47% of the visit) Physician initiated eye gaze was found to be an important driver of interactions between the patient/physician. Implementation Skepticism Concerns Healthy work/life balance? 4-6 weeks to transition fully into CD mode Addressing concerns as they arise Seeking guidance/support from management during the initial phase Questions? References Asan, O., Montague, E. (2014). Dynamic modeling of patient and physician eye gaze to understand the effects of electronic health records on doctor-patient communication and attention. International Journal Of Medical Informatics. Vol 83, 225-234.
  • 24. Schmelter, B. (2013). Collaborative documentation gets you off the compliance treadmill. Retrieved from TheNationalCouncil.org. Stanhope, V., Ingolia, C., Schmelter, B., Marcus, S.C. (2013). Impact of person- centered planning and collaborative documentation on treatment adherence. Psychiatric Services, Vol 64, 1, 76-80.