BMIS 530 Liberty University Performing System Design Discussion

Post 1:

Discussion Thread: Performing System Design

Although the tendency is to see technology as tools or means designed for specific purposes, in recent years there has been an increase in awareness of ethical issues related to IT, given their significant potential to affect the well-being of people and communities; the growing list of moral issues affecting the school includes digital violence, Internet addiction, hyper-sexualization of young people and compromises in academic integrity (Mata, 2019). The word “Ethics” reverberates throughout a company’s culture. The way we treat each other, the use of information, how we engage with our co-workers, manage allocated resources, and our individual impacts on our communities are all ethical issues companies should be concerned with. These aforementioned items are often scrutinized by our society and can be a determining factor of a business’s success. It is everyone’s responsibility to protect our personal freedoms and use data appropriately. One of the most glaring ethnical hurdles we face today is the way companies use our personal data. Our personal information is like gold to companies, but to what extent are these companies actually awaiting our right to privacy with regards to our personal information? Data points harvested such as sites we browse, online purchases, information we submit online, business and social media sites we participate in are all extremely valuable information businesses can exploit to make money and advance their goals.

I know that my project will utilize a blend of third-party technologies. This means are organizations should be ever vigilant in our oversight of technological use and band together to accept responsibility when it comes to governance of our information systems. With breaches of our systems due to cybersecurity, big data mining, and managing personally identifiable information (PII) there is confusion on who is responsible for the governance of these threats. Organizations need to adopt a perspective on where all collective parties share responsibility. In taking a similar global approach we can hope for policy that eliminates widespread mismanagement of data.

Employees and customers are indubitably a business greatest asset. Companies who engage in ethnical technological practice will instill a firm moral sense of employee rights and shareholder protections. The central ethical issue raised by the emergence of IT is the same and as old as Plato’s Republic: “suppose you had a ring that made you invisible if you turned its stone; in this case, why should you still act correctly?” (Mata, 2019). If our companies, domestic and global, believe they are responsible for the safe and ethical usage of technology, then we should see better governance and use of data.

Biblical Integration

Galatians 6:5 says, “For each will have to bear his own load.” As Christians, we are called to help others, but we must take responsibility for ourselves and our own actions. It is our responsibility to create a life and culture of responsibility in our own households that supports what the Bible teaches us. Proverbs 3:5-6 says, Trust in the Lord with all your heart, and do not lean on your own understanding. In all your ways acknowledge him, and he will make your path straight.” When it comes to the moral use of data and resources, the bible tells us to follow God and not invest in our worldly understanding. Philippians 2:3 says, “Do nothing from selfish ambition or conceit, but in humility count others more significant than yourselves.” Jesus teaches us to treat others as we want to be treated and to love our enemies. As Christians, we are expected to treat everyone with respect. It is so important that in the workplace we do the same.

References:

MATA, L., BOGHIAN, I., & University of Bacau, Bacau, Romania. (2019). Perception of teachers in higher education towards ethical issues of information technology use. Revista Româneasc? Pentru Educa?ie Multidimensional?, , 156-169. https://doi.org/10.18662/rrem/183

King James Version Bible Standard Edition. (2013) Christian Art Publishers

Old system:

New System:

Post 2:

Discussion Thread: Performing System Design

Part 1

The system analysis and design project that was conducted by this author revolved around Bart Gray Realty Property Management’s maintenance work order system. The analysis pointed out several crucial flaws that currently affect the existing system. It is recommended that a new system be designed and implemented to address these flaws. The improvements of the new system can help solve and prevent potential ethical dilemmas from occurring. The current system was created in the mid-90s and in regards to customer data and security, it has very minimal controls in place. Although this work order system does not contain any extremely sensitive data such as payment information or health records it does however contain personally identifiable information (PII) data such as the tenant’s name, address, and contact information. PII is any information that is contained by an organization that can be linked back to an individual to determine their identity (McCallister, 2010). This includes information such as the person’s name, social security number, date of birth, home address, or contact information (McCallister, 2010). BGRPM’s risks are high for data to be potentially compromised as its current system runs on an outdated server that has very minimal security protocols in place. This is due to BGRPM being a small business that has not previously had the knowledge or resources to handle these types of issues. Small-to-medium sized businesses (SMBs) often do not have dedicated IT resources or specialists on staff to help keep their systems secure (Gafni & Pavel, 2019). Cybercriminals are indiscriminate about who they choose to attack. In 2017, it is estimated that 58% of all cyber-attacks in the United States impacted SMBs (Gafni & Pavel, 2019). The average cost of these attacks on SMBs that did not include compromised financial data averaged around $7,100 and the incident averaged around $32,000 for companies who had their banking accounts compromised because of the attack (Gafni & Pavel, 2019). These costs can be detrimental to a small business.

From analyzing their existing systems, it was determined that a new system should be designed and implemented for several reasons. The purpose of this new system is to not only provide new functionality for BGRPM’s staff that will allow them to serve its customers better and more efficiently but to also protect the integrity and privacy of its customer’s data. The new system that is being proposed will live on a new private cloud infrastructure that BGRPM will be implementing. This new hardware will offer BGRPM many benefits such as high availability, scalability, elasticity, and most importantly improved security. The new systems and hardware will be hardened based on the latest standards provided by the Center for Information Security (CIS) Critical Security Controls framework. The CIS Critical Security Controls cover 20 different domains and consist of over 180 sub-controls. This framework includes controls that cover several areas such as maintaining asset inventories, tracking unapproved software, performing vulnerability scanning, limiting administrative access, regularly reviewing logs, network security, role-based access controls, and various other controls (CIS Controls V7 Measures & Metrics, 2021, November 30). By implementing these controls, BGRPM will drastically increase the security of its systems and better protect and secure the privacy of its customers’ data.

In addition to financial and legal implications that could result because of data being compromised BGRPM also has a moral obligation to protect its customers’ data. This is rooted deep in biblical principles such as the “golden rule” which is found in Matthew 7:12 and states, “So in everything, do to others what you would have them do to you, for this sums up the Law and the Prophets.” (The Holy Bible, New International Version [NIV], 1973/2011, Matt. 7:12). Unfortunately, many have fallen victim to identity theft and fraud, and the pains of dealing with these issues because an organization did not properly protect its data. One would not want a company that had their personal data stored to have lax security protocols in place, therefore organizations should make sure to put the proper safeguards in place to protect their customers’ data. Just as one can take comfort in knowing that a system storing their data has been designed to be efficient, optimized, healthy, and secure they can also feel secure in their day-to-day lives if they put their hope and trust in the Lord. Job 11:18 highlights the security we can find in the Lord when it says, “You will be secure, because there is hope; you will look about you and take your rest in safety.” (NIV, 1973/2011, Job 11:18).

References

CIS Controls V7 Measures & Metrics. (2021, November 30). CIS. https://www.cisecurity.org/insights/white-papers/c…

Gafni, R., & Pavel, T. (2019). The invisible hole of information on SMB’s cybersecurity. Online Journal of Applied Knowledge Management (OJAKM), 7(1), 14-26.

McCallister, E. (2010). Guide to protecting the confidentiality of personally identifiable information (Vol. 800, No. 122). Diane Publishing.

The Holy Bible, New International Version. (1973, 2011). Biblica, Inc.

Part 2

The UML Class Diagram for the new system highlights several additional features that will make a more secure system. The new system will have role-based access controls which will allow users access to only what they need to see. The new system also adds the property manager role which will be allowed to perform tasks that will now require elevated permissions such as generating payroll reports, adding or removing employees, running monthly owner statements, as well as having the ability to push the data over to the AppFolio application.

UML Class Diagram – New System

Post 3:

BMIS 530

Module 5 Discussion Board Thread

Part One: Purpose Statement

The purpose of this qualitative project is to specifically describe the need for an Epic O2 software optimization in the area of electronic medical record (EMR) billing for the rehabilitation department at The University of Kansas Health System. The project will be conducted through a review of the literature that pertains to inaccuracies in billing and the ramifications on the specific department and/or health system. Charge capture reports could be utilized to quantify the extent of the errors. Having error free charges improves the integrity and security of the EMR, decreases the risk for fraud investigation, and decreases the amount of lost revenue due to inaccurate billing.

A patient should be able to feel confident that their personal health information and financial information that is located in the EMR is protected. There is a recent trend that for-profit companies are acquiring large health care system’s databases (Chiruvella & Guddati, 2021). There is an ethical concern that the sharing of patient data with these entities could result in the exploitation of persons for commercial interests or that vulnerable populations will be targeted. The advances in technology, especially in the area of big data housed in medical databases, comes at the price of security. More and more health systems and other medical practices have come under fire from hackers. Areas where the attacks could happen in the network need to be anticipated so that preventive measures can be in place (George & Thampi, 2019). Some of the potential information that could be compromised is financial. Patient’s banking details can be stored in the EMR. To keep protected health information safe, certain processes should be followed and in a certain order. “But all things must be done properly and in an orderly manner,” (New American Standard Bible, 1995, 1 Corinthians 14:40). Computers should be password protected and on a need-to-know basis, where a person needs to be authorized to access particular areas. As with billing, the system should not produce errors when two therapists with a unique sign-on file charges on the same patient at the same time. This creates confusion and lost time in trying to rectify the problem. Having a software that does not allow a simultaneous filing error to happen improves productivity. Order is a must. “…for God is not a God of confusion but of peace, as in all the churches of the saints”, (New American Standard Bible, 1995, 1 Corinthians 14:33).

Part Two

Having a secure, efficient, and optimized EMR is integral to the well-being of the health system. Just as Psalm 3:3 states, “But You, O LORD, are a shield about me, My glory, and the One who lifts my head”, a database that stores PHI should be a shield to protect persons from malicious attacks (New American Standard Bible, 1995). The attributes and methods of the class diagram will need to be set at protected. If the software designer inadvertently makes the patient social security number, for example, public, it could be accessed by other classes. In my limited understanding, this could increase the risk of a security breach and the patient’s PHI not being secure. Being careful and diligent in our work is necessary in preventing a catastrophe. “Whatever you do, do your work heartily, as for the Lord rather than for men”, (New American Standard Bible, 1995, Colossians 3:23).

*******Diagrams are attached below*******

References

Chiruvella, V. & Guddati, A.K. (2021). Ethical issues in patient data ownership. Interactive Journal of Medical Research; 10(2), e22269. Doi:10.2169/22269. https://www.i-jmr.org/2021/2/e22269

George, G. & Thampi, S.M. (2019). Securing smart healthcare systems from vulnerability exploitation. Smart City and Informatization. iSCI 2019. Communications in Computer and Information Science; 1122, pp. 295- 308. https://doi.org/10.1007/978-981-15-1301-5_24

New American Standard Bible. (1995). The Bible App. www.lockman.org (Original work published 1960)