yoyo's sis

7/31/2019 YOYO's SIS

http://slidepdf.com/reader/full/yoyos-sis 1/13

Introduction

“With the help of information system technology, a company can become competitive on all

phases of its customer relationships. The customer resource life cycle model makes it possible

for companies to determine not only when opportunities exist for strategic applications, but also

specific application should be developed.”( Blake Ives and Gerard P. Learmonth, 1984, The

information system as a competitive weapon, Communication of the ACM, Volume 27 )

The information technique, energy source and material are called ‘Three backbones of the

modern civilization’. The swift and violent improvement of the Internet makes the sharing of

data and information resource come true. As a result, information technique has permeated into

every field of the whole society and even the connection of the whole world. Moreover,

information technique can weaken the market barriers and make the market full of efficiency. At

the same time, the organization is facing more challenges and competitions in the informationexchanging world. Therefore, owning an efficient, accurate and flexible strategy for an

organization plays an essential role in the surviving and developing of an organization.

A. Explain the strategic importance of information in organizations by paying a

particular attention to its flow through use of systems.

I would like to choose NHS as an example. The NHS (National Health Service) is the shared

name of four public funded healthcare systems in the United Kingdom. The NHS was born on

5th July in 1948. When health secretary Aneurin Bevan opens Park Hospital in Manchester, it is

the climax of a hugely ambitious plan to bring good healthcare to all. The central principles areclear: the health service will be available to all and financed entirely from taxation, which

means that people pay into it according to their means. NHS is providing several health

services. The services contain: Emergency and urgent care, hospital services, dental services,

GP services, eye care services, pharmacies, social care services, mental health services and so

on.( NHS Choices, 2011)

How does the data transfer into information in the operating and management in NHS? Firstly,

the definition of data and information should be given as follows. Data are raw facts or

observations that are considered to have little or no value until they have been processed and

transformed into information. For instance, data can be a series of non-random symbols,

numbers, values or words. Information: a) Data that have been processed so that they are

meaningful; b) data that have been processed for a purpose; c) data that have been interpreted

and understood by the recipient. For example, a bank statement; a sales forecast; a telephone

directory; graphs of trends in visitor numbers to a web site.

There are three major types of systems in organizations. The three main categories of

information systems stand for different levels: operational-level systems, management-level

systems, and strategic-level systems.



Fig. 1 - organizational levels and business functions (Source: Laudon & Laudon, 2009)

In addition, four major types of systems are shown in the figure below. The four types of

systems are Executive Support Systems (ESS); Management Information Systems (MIS);

Decision Support Systems (DSS); Transaction Processing Systems (TPS).

Information system as a Transaction Processing System

Organization needs an effective monitoring and control to follow the standard information

processing. The organization can get a better management strategy if a standard information

system is applied for transaction processing systems.

Information system as a Management Information System and a Decision Support system

A concern for the information operation is the good communication between the information

sender and the recipient. In other words, make good use of Management Information System

can build up a better communication between the sellers and the consumers. Take the health

care services for example; better understanding between the patients and GPs can help the

doctors give an accurate diagnosis.

Information system as an Executive Support System



Executive Support System can give the company a strategic guidance. Also, ESS can help the

organization build up a long-term strategy.

Fig. 2- organizational levels and business functions (Source: Laudon & Laudon, 2009)

Moreover, there are some particular systems for the managing and operating in the health care

organizations and especially in hospitals. In the Journal of Management Information System,

Moshe Ayal and Abraham Seidmann have some views of the information systems in health care

organizations and hospitals. They think that medical images are currently created digitally and

stored in the radiology department’s picture archiving and communication system (PACS) in the

modern time,. And reports are organized in the electronic medical record (EMR) of the hospital

information system (HIS), and especially in the radiology information system (RIS). The

functions of these systems are designed to store, manipulate, and retrieve information for

planning, organizing, directing, and controlling administrative activities associated with the

provision and utilization of radiology services and facilities. They also claimed that higher

quality services can be provided if EMR data can be integrated with the digital images in a

PACS. In this way, clinicians can get access to both systems’ information and data as part of

their regular working environment, whether HIS or RIS. The integrated systems should allow

the teleconferencing with other users such as specialists and technologists in the radiology



department. (Moshe Ayal and Abraham Seidmann, 2009, Journal of Management Information

Systems/Fall 2009, Vol. 26, No. 2, pp 43-68 )

What are the flow and processing in the management and operating in NHS? The information

flow map shows the whole processors which the patient completes the diagnosing with his or

her GP and also other information processing flows. The figure given by the Information Centre

displays how does the information flow around the NHS.

Fig 3-How does the information flow around NHS (Source: NHS, the Information Centre)



B. Investigate the relevant data protection legislation which affects the processing of

information by UK businesses.

The quotation below gives a clue for the purpose of the Data Protection Act.

"Regulate the use of automatically processed information relating to individuals and the

provision of services in respect of such information."( Data Protection Act 1984, long title, page

1. © Crown Copyright 1984.)

Additionally, there are eight principles of the Act.

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed

unless - at least one of the conditions in Schedule 2 is met, and in the case of sensitive

personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall

not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is

necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organizational measures shall be taken against unauthorized or

unlawful processing of personal data and against accidental loss or destruction of,

or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic

Area, unless that country or territory ensures an adequate level of protection for the rights

and freedoms of data subjects in relation to the processing of personal data.

(Data Protection Act 1998, Schedule 1, Part I. page 35. © Crown Copyright 1998.)

“Informational privacy encompasses an individual’s ability to choose the extent and

circumstances under which his or her beliefs, behaviors, opinions and attitudes will be shared

with or withheld from others”(Duncan, G.T.; Jabine, T.B.; and De Wolf, V.A. Private Lives and

Public Policies: Confidentiality and Accessibility of Government Statistics. Washington, DC:

National Academy Press, 1993 pp 22) A research about the legal and ethical perspectives of

privacy claimed that privacy is not a fundamental human, moral, or absolute right. Instead, it is

a prudential right. (Roseberg, A. Privacy as a matter of taste and right, In E. F. Paul, F.D. Miller,and J. Paul, The Right to Privacy. Cambridge: Cambridge University Press, 2000, 68-90)

In the temporary world, information security becomes an ongoing issue for the people who are

sending and receiving data and information. As a result, the publishing of the Data Protection

Act gives a legal guarantee for the organizations that is using information systems (IS). In the

Computer Security Institute’s twelfth annual survey, 52 percent of respondents experienced up

to 10 information security attacks and 26 percent reported more than 10 data security incidents,

which make losses of $350,424. Obviously, the Data Protection Act can bring a lot of benefits to

customers, individuals and the society. Firstly, the Act can protect customers’ privacy. Take the

health care for example, for the customers who are using the health care services, to keep their



medical data confidentially stored can guarantee their privacy. Secondly, the Act can improve

the social trust in the modern society.

C. Discuss the ways in which you would incorporate the key aspects of the data protection

legislation into information-related strategies for an organization of your choice. Give

relevant examples.

The Conceptual Information Flow Model below provides an overview of the flow of

information from.Furthermore, there are four underlying functionalities supporting the flow in

the NHS: “

1. Security & Access Control – ensuring only authorized clinicians have access to the data;

2. Audit & Logging – ensuring access is logged for auditing purposes;

3. Meta Data Management - provision of a service to manage and provide access toinformation about the data, e.g. the provenance of the data and what a log of the

transformations that have been performed on it;

4. Service Management – provision of a service to support normal operation of the

solution that meets business needs for availability, performance, backup & recovery,

etc.” (NHS, 2011)

Fig 4-Conseptual Information Flow Model (NHS,2011)



One of the emphasized functionalities which should be mentioned to give an explanation is the

Security & Access Control. The Data Protection Act should be taken into account for making

patients’ data confidentially.

Marchand, Davenport, and Dickson (2000) give a view that the health care database of the new

information system includes sensitive and private customer data. Moreover, the security concern

can not be overlooked particularly in clients’ application structure. For the health care service

industries, storing all the patients’ private information and make sure the information will be

kept confidentially is one of the high quality services which the patients ask for. However, a

piece of news from Computer Weekly shows that NHS research system could breach patient

confidentiality. Medical experts have hit out against an NHS computer system which gives

researchers access to patient information without their consent. The Secondary Uses Services

(SUS) system gives commercial and academic researchers access to patient information which

is 'anonymised'. But in a letter to the British Medical Journal, Dr Ian Brown of the OxfordInternet Institute said patients were being misled about the level of anonymisation of their data

and the likelihood of re-identification. "The Department of Health claims that patient data

accessible through SUS should be available for use in medical research without consent,

because the patient cannot be identified from such data. On the other hand, researchers want to

be able to make historical or other linkages with data, and therefore data in SUS are only

'partially anonymised'," he said. (Reed Business Information Ltd,2011)

Whereas, a research written by Robert Navarro (Director, Sapior Ltd) shows some limitations of

anonymisation in NHS data systems. “Richard Turner makes a good case for caution in the

sharing of pseudonymised records, citing the examples of discrimination or embarrassment to

patients. It is easy to develop this example a little further from embarrassment to harassment as

jealous spouses snoop on their ex-partners. Or further still as Social Services or the Police look

for "high risk" patients indicated by data of which the only reliable source is our wonderful

Health Service.”

Patients’ healthy conditions and other information should only be used on the medical purpose.

Otherwise, the privacy of the patients will not be guaranteed. There is a piece of wonderful

paper written by Nissenbaum. He found a way to predict when someone’s privacy will have

been breached. As a result, the harm to the privacy may be avoided which will be surprising to

the patients. ((H. Nissenbaum. Privacy as Contextual Integrity.)

( http://www.bmj.com/content/342/bmj.d238/reply ))

After that, I should look for some proof and evidence for a no harm potential or low harm

potential in order to catch up with the lack of highly publicized press reports. People will have

no idea about how many privacy breach example would move to you to go to the press. Though

some people are suspected and proved an NHS data breach. Therefore, this situation can turn

out to have more important principles at stake.

http://www.bmj.com/content/342/bmj.d238/reply




There are also some accidents that we should be working on and avoid. For example, the

nightmare scenario can be the loss of faith, reputation and the faith in the NHS. In this case, a

sufficient number of patients who begin to routinely mislead the clinician will try their best to

avoid the recording of potentially harmful data. In this point of view, the quality of the data will

decrease. As a result, the quality of the health care will nose-dive as well. By contrast, the cost

of the compensation will climb higher.

There is a question which is prudent to ask “Will the new data sharing project cause any patients

to lose trust in their NHS?” So it is really necessary for the NHS to cut down the risks of

privacy and prevent the harm. (H. Nissenbaum. Privacy as Contextual Integrity.)

Therefore, I should find out how is access to data controlled in the NHS. The NHS information

centre gives a clue how does it work within the organization. “All access is controlled through

information governance groups; including the Patient Information Advisory Group (PIAG)whose approval is required for patient identifiers (these include name, address, and postcode,

date of birth, NHS number, and local identifier).” ( Copyright © 2011, The Health and Social

Care Information Centre. All rights reserved)

HES is the national statistical data warehouse for England of the care provided by NHS

hospitals and for NHS hospital patients treated elsewhere. HES is the data source for a wide

range of healthcare analysis for the NHS, government and many other organizations and

individuals. For access to sensitive HES data, the Security and Confidentiality Advisory Group

(SCAG) must also be considered. ( Copyright © 2011, The Health and Social Care Information

Centre. All rights reserved)

D. Choose an IS planning framework and critically evaluate its potential to incorporate

the necessary data protection legislation into organizational governance.

In the data security system, there are different kinds of typical users which cover a very a very

range. As data and information is available to any customers, data is subject to the approval of

the information where the sensitive items are required, and to meet data security requirements.

The wide range includes the fields shown as follows.

• Researchers

• Providers, commissioners and health authorities

• Commercial organizations providing services to the NHS

• Department of Health

• Public health

• Regulators

(Copyright © 2011, The Health and Social Care Information Centre. All rights reserved)



Take the Bradford Council as an example which aiming at learning the regulation of data

protection.

There are some details about the operation of Data Protection Act in Bradford. Some personal

data or information such as members of the family, income, etc can not be given to a landlord or

agent in Benefits Services. It is because that this maybe a breach of the Data Protection Act. The

Bradford Council should protect clients’ information confidentially which is a piece of the

regulation in the Data Protection Act. We are not allowed to give any information or details

about the personal circumstances of a claimant to the landlords or agents. However, housing

benefit is being paid directly to the landlord or the agent under some certain circumstances. We

can not tell the landlord or the agent anything if the client has not authorized to the organization.

It is not allowed to confirm that a client has made a claim unless the customer has given written

consent. “If the client has authorised payment to the landlord/agent we can only tell the

landlord/agent the amount of entitlement (but not how it is calculated), the date from which it isto be paid and the method and frequency of payment. If the landlord/agent has been charged

with an overpayment we will tell the landlord/agent the amount of the overpayment and how it

is made up (i.e. number of weeks and amount per week), the reason for the overpayment (i.e.

claimant error, Local Authority error, other error or fraud), the fact that it is recoverable, and the

method of recovery.”(Data Protection and Confidentiality©2011 Bradford Metropolitan District

Council)

SWOT

Internal Analysis

Strengths

NHS is the National Health Service which is not gaining any profits from the patients. It is a

non-profit health care services company.

NHS owns the biggest labour in the UK. It is rich in Human Resource. Plus, the labour

is investing more money in the NHS than ever before. The NHS in England has nearly 1.30

million staff. The number of employees in the NHS in Scotland is around 158,000. For the

NHS in Wales, it has 90,000 staff.

By 2010, NHS has 100 new hospitals and it wins the biggest building programme.

The level of patient satisfaction is high, especially on hospital ambulance, primary care servicesand mental health.

Weakness

The quality of the employees is falling and the average age of the workers are rising. The

proportional well-paid working population has been declining for about 20 years.

Many people feel that NHS does not provide value fro money. The workers are getting

disillusioned. Patients will have to wait for an appointment for a long time.

Besides, the costs of some new drugs will make the GPs think about the description.

External Analysis



Opportunities

NHS can get the support from the UK government. The National Health Service or NHS is one

of most well known publicly-funded healthcare organizations in England, Scotland, Wales, and

Northern Ireland

NHS carries out the reforms in order to minimize the number of the department. Moreover, the

company can gain more efficiency.

Threats

The other hospitals and health care organizations will be the threats for the NHS.

The data security will be a threat as well. The data safety of the patients is the issue for NHS to

pay more attention to. The information of the patients should only be used in the medical

purpose.

PEST

Political-legal

The healthy policies and regimes between England and Wales differ from each because of some

factors. For instance, the age distribution of population and life-style changes will have an effect

on the operation of the policies. With the development of the technology, people’s life styles

keep changing all the time. Also, the trust of the governance is significant as well.

Economic

There are some key issues for the NHS to consider about. The restricted access to capital and

the amount of the investment will have an effect on the operating within the NHS.

“Charges for personal social services have in creased from £ 502 million in 1992-1993 to £2039

million in 2000-2001. And the proportion of total spending recouped by local authorities in fees

and charges has risen from 9.1% in 1992-1993 to 16.1% in 2000-2001.”( Laing’s Review of

Private Health Care 1996)

Social-cultural

Patients’ choice, demographic and changing expectations will impact on activities. Patients or

public activism is increasing as well. NHS should plan for the future population changes.

Moreover, patients will pay more attention for their information privacy and safety.

Technological

In order to strengthening the diagnosing capability, new medical technologies are invented

frequently. Nowadays, NHS is faced with some key issues: the growing number of expensive

treatment and diagnostic equipment, high quality decision-makers and management planning

technique.

Conclusion

As it is shown in the previous tasks, the information flow in the NHS is displayed in the figure.



And then, I use the quotation from the Data Protection Act to get a clue about customer privacy

and the information security. After that more details about the data control in the NHS are

discussed. The SWOT analysis and PEST model are also used to evaluate the management of

the NHS.



Reference

Blake Ives and Gerard P. Learmonth, 1984, The information system as a competitive weapon,

Communication of the ACM, Volume 27

Copyright © 2011, The Health and Social Care Information Centre. All rights reserved

http://www.ic.nhs.uk/services/independent-sector-information-programme/support-and-

guidance/access-to-data

Data Protection Act 1984, long title, page 1. © Crown Copyright 1984.

Data Protection Act 1998, Schedule 1, Part I. page 35. © Crown Copyright 1998.

Data Protection and Confidentiality©2011 Bradford Metropolitan District Council)

http://www.bradford.gov.uk/bmdc/health_well-

being_and_care/benefits/data_protection_and_confidentiality

Duncan, G.T.; Jabine, T.B.; and De Wolf, V.A. Private Lives and Public Policies: Confidentiality

and Accessibility of Government Statistics. Washington, DC: National Academy Press,1993 pp 22

Fig. 1 - organizational levels and business functions (Source: Laudon & Laudon, 2009

Fig. 2- organizational levels and business functions (Source: Laudon & Laudon, 2009)

Fig 3-How does the information flow around NHS (Source: NHS, the Information Centre)

Fig 4-Conseptual Information Flow Model (NHS)

http://www.connectingforhealth.nhs.uk/systemsandservices/clindash/toolkit/overview/conceptinfof

low

H. Nissenbaum. Privacy as Contextual Integrity.

http://crypto.stanford.edu/portia/papers/RevnissenbaumDTP31.pdf

Competing interests: Director of Sapior Ltd that develops and markets innovative technologies

and services to reduce the breach risks of making fantastic use of health data.

H. Nissenbaum. Privacy as Contextual Integrity.http://www.bmj.com/content/342/bmj.d238/reply )

http://www.ic.nhs.uk/services/independent-sector-information-programme/support-and-guidance/access-to-data


http://www.connectingforhealth.nhs.uk/systemsandservices/clindash/toolkit/overview/conceptinfoflow












Laing’s Review of Private Health Care 1996

Moshe Ayal and Abraham Seidmann, 2009, Journal of Management Information Systems/Fall

2009, Vol. 26, No. 2, pp 43-68

Reed Business Information Ltd,2011

( http://www.computerweekly.com/Articles/2011/02/08/245314/NHS-research-system-could-

breach-patient-confidentiality.htm# )

Richardson, R. The 12th annual computer crime and security survey, Computer Security Institute,

San Francisco, CA, 2007

Roseberg, A. Privacy as a matter of taste and right. In E. F. Paul, F.D. Miller, and J. Paul, The

Right to Privacy. Cambridge: Cambridge University Press, 2000, 68-90

http://www.computerweekly.com/Articles/2011/02/08/245314/NHS-research-system-could-breach-patient-confidentiality.htm#




yoyo's sis

Documents