The rights of different groups of people involved in healthcare are outlined in the policy of Georgetown University in detail (Protection of Health Information Policies and Procedures Manual, 2003), while in other documents, there is no clear analysis of different shareholders’ rights. One major difference of information security policy of Beth Israel Deaconess Medical Center is absolute prohibition to use organizational software and equipment for employee personal needs, and denial of employee privacy with regard to all data stored at the computers of the organization (Beth Israel Deaconess Medical Center Technology Resources Policy, 2003). Other two organizations allow to minor use of organizational resources for personal needs of their employees, with certain reservations. One more significant difference is that the policy of Beth Israel Deaconess Medical Center does not mention how sensitive personal information of the patients should be managed. At the same time, the policies of Georgetown University and Mayo Foundation mention the requirements of the HIPAA and describe the procedures of handling and securing personal data of their patients. Finally, the Health Care Department of Georgetown University clearly has to deal with a wider scope of situations, and therefore many situations involving legal regulations are explicitly described in the information security document of Georgetown University.

Overall, key security principles which should be covered in the organizational information security policy are rights and responsibilities of employees, storage and handing of personal data (sensitive data), control of access to information (Lazakidou, 2006), access to information network using different types of devices, e-mail handling, spam issues, virus issues, use of anti-virus software, use of encryption software as well as appropriate control and revision procedures.



Beth Israel Deaconess Medical Center Technology Resources Policy. (2003). Retrieved from

Bos, L. (2008). Medical and Care Compunetics 5. IOS Press.

Information Security Policies and Standards With Guidelines and Cross References. (2002). Mayo Foundation. Retrieved from

Lazakidou, A.A. (2006). Handbook of research on informatics in healthcare and biomedicine. Idea Group Inc (IGI).

Protection of Health Information Policies and Procedures Manual. (2003). Georgetown University. Retrieved from