Steering Clear of Scandal

Savvy CIOs do more than legal compliance. They help the business avoid ethics disasters.

The IT staff at Texas Health Resources Inc. must deliver more than technical functionality. And it needs to deliver more than the business requirements: It also has to meet the organization's ethical standards.

To that end, its systems must help ensure that Texas Health complies with laws and regulations. And they also have to promote the right behaviors and prevent or flag undesirable ones, says Michael Alverson, vice president and deputy CIO at the Arlington-based nonprofit health care system.

Consider the challenge of handling patients' medical records. Even though the federal Health Insurance Portability and Accountability Act mandates that agencies keep those records private, caregivers still need to access them -- when appropriate.

So the organization's electronic health records system gives doctors and nurses who are caring directly for patients quick access when they use the right authentication, Alverson says. But additional authentication is required to get records for patients who aren't under the provider's immediate care. The system records who gets access to what, allowing officials to audit and review cases to ensure there's no inappropriate access.

The IT staff holds itself to similar ethical standards, too, Alverson says. The department has policies that prohibit taking gifts and endorsing vendors, to help guarantee that workers make procurement decisions only based on quality and needs. And when there's any question -- such as when a vendor proposes a deep discount if Texas Health agrees to be an early adopter of a new technology -- IT leaders can turn to the systemwide Business and Ethics Council for guidance.

"If we really want everyone to subscribe to the idea that working at Texas Health is special, then we have to have people actively believe in doing the right thing," Alverson says.

Companies are increasingly looking at their ethics policies and articulating specific values that address a range of issues, from community commitment to environmental sustainability, which employees can use to guide their work. The need to comply with federal laws and regulations drives some of this, while consumer expectations, employee demands and economic pressures also play a part.

"Companies use the term 'corporate ethics' to mean many different things. In many organizations, if not the majority, it means compliance with a set of legal and minimum standards. In other organizations, corporate ethics means defining a set of corporate values that are integral to how they go about business," says Kirk O. Hanson, executive director of the Markkula Center for Applied Ethics at Santa Clara University.

Either way, CIOs have an opportunity to show how technology can further their companies' ethics objectives.

1 2 3 4 Page
FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies