Introduction With the help of information system technology, a company can become competitive on all phases of its customer

relationships. The customer resource life cycle model makes it possible for companies to determine not only when opportunities exist for strategic applications, but also specific application should be developed.(Blake Ives and Gerard P. Learmonth, 1984, The information system as a competitive weapon, Communication of the ACM, Volume 27) The information technique, energy source and material are called Three backbones of the modern civilization. The swift and violent improvement of the Internet makes the sharing of data and information resource come true. As a result, information technique has permeated into every field of the whole society and even the connection of the whole world. Moreover, information technique can weaken the market barriers and make the market full of efficiency. At the same time, the organization is facing more challenges and competitions in the information exchanging world. Therefore, owning an efficient, accurate and flexible strategy for an organization plays an essential role in the surviving and developing of an organization.

A. Explain the strategic importance of information in organizations by paying a

particular attention to its flow through use of systems. I would like to choose NHS as an example. The NHS (National Health Service) is the shared name of four public funded healthcare systems in the United Kingdom. The NHS was born on 5th July in 1948. When health secretary Aneurin Bevan opens Park Hospital in Manchester, it is the climax of a hugely ambitious plan to bring good healthcare to all. The central principles are clear: the health service will be available to all and financed entirely from taxation, which means that people pay into it according to their means. NHS is providing several health services. The services contain: Emergency and urgent care, hospital services, dental services, GP services, eye care services, pharmacies, social care services, mental health services and so on.(NHS Choices, 2011) How does the data transfer into information in the operating and management in NHS? Firstly, the definition of data and information should be given as follows. Data are raw facts or observations that are considered to have little or no value until they have been processed and transformed into information. For instance, data can be a series of non-random symbols, numbers, values or words. Information: a) Data that have been processed so that they are meaningful; b) data that have been processed for a purpose; c) data that have been interpreted and understood by the recipient. For example, a bank statement; a sales forecast; a telephone directory; graphs of trends in visitor numbers to a web site. There are three major types of systems in organizations. The three main categories of information systems stand for different levels: operational-level systems, management-level systems, and strategic-level systems.

Fig. 1 - organizational levels and business functions (Source: Laudon & Laudon, 2009) In addition, four major types of systems are shown in the figure below. The four types of systems are Executive Support Systems (ESS); Management Information Systems (MIS); Decision Support Systems (DSS); Transaction Processing Systems (TPS). Information system as a Transaction Processing System Organization needs an effective monitoring and control to follow the standard information processing. The organization can get a better management strategy if a standard information system is applied for transaction processing systems. Information system as a Management Information System and a Decision Support system A concern for the information operation is the good communication between the information sender and the recipient. In other words, make good use of Management Information System can build up a better communication between the sellers and the consumers. Take the health care services for example; better understanding between the patients and GPs can help the doctors give an accurate diagnosis. Information system as an Executive Support System

Executive Support System can give the company a strategic guidance. Also, ESS can help the organization build up a long-term strategy.

Fig. 2- organizational levels and business functions (Source: Laudon & Laudon, 2009) Moreover, there are some particular systems for the managing and operating in the health care organizations and especially in hospitals. In the Journal of Management Information System, Moshe Ayal and Abraham Seidmann have some views of the information systems in health care organizations and hospitals. They think that medical images are currently created digitally and stored in the radiology departments picture archiving and communication system (PACS) in the modern time,. And reports are organized in the electronic medical record (EMR) of the hospital information system (HIS), and especially in the radiology information system (RIS). The functions of these systems are designed to store, manipulate, and retrieve information for planning, organizing, directing, and controlling administrative activities associated with the provision and utilization of radiology services and facilities. They also claimed that higher quality services can be provided if EMR data can be integrated with the digital images in a PACS. In this way, clinicians can get access to both systems information and data as part of their regular working environment, whether HIS or RIS. The integrated systems should allow the teleconferencing with other users such as specialists and technologists in the radiology

department. (Moshe Ayal and Abraham Seidmann, 2009, Journal of Management Information Systems/Fall 2009, Vol. 26, No. 2, pp 43-68 ) What are the flow and processing in the management and operating in NHS? The information flow map shows the whole processors which the patient completes the diagnosing with his or her GP and also other information processing flows. The figure given by the Information Centre displays how does the information flow around the NHS.

Fig 3-How does the information flow around NHS (Source: NHS, the Information Centre)

B. Investigate the relevant data protection legislation which affects the processing of information by UK businesses. The quotation below gives a clue for the purpose of the Data Protection Act. "Regulate the use of automatically processed information relating to individuals and the provision of services in respect of such information."(Data Protection Act 1984, long title, page 1. Crown Copyright 1984.) Additionally, there are eight principles of the Act. 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless - at least one of the conditions in Schedule 2 is met, and in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. (Data Protection Act 1998, Schedule 1, Part I. page 35. Crown Copyright 1998.) Informational privacy encompasses an individuals ability to choose the extent and circumstances under which his or her beliefs, behaviors, opinions and attitudes will be shared with or withheld from others(Duncan, G.T.; Jabine, T.B.; and De Wolf, V.A. Private Lives and Public Policies: Confidentiality and Accessibility of Government Statistics. Washington, DC: National Academy Press, 1993 pp 22) A research about the legal and ethical perspectives of privacy claimed that privacy is not a fundamental human, moral, or absolute right. Instead, it is a prudential right. (Roseberg, A. Privacy as a matter of taste and right, In E. F. Paul, F.D. Miller, and J. Paul, The Right to Privacy. Cambridge: Cambridge University Press, 2000, 68-90) In the temporary world, information security becomes an ongoing issue for the people who are sending and receiving data and information. As a result, the publishing of the Data Protection Act gives a legal guarantee for the organizations that is using information systems (IS). In the Computer Security Institutes twelfth annual survey, 52 percent of respondents experienced up to 10 information security attacks and 26 percent reported more than 10 data security incidents, which make losses of $350,424. Obviously, the Data Protection Act can bring a lot of benefits to customers, individuals and the society. Firstly, the Act can protect customers privacy. Take the health care for example, for the customers who are using the health care services, to keep their

medical data confidentially stored can guarantee their privacy. Secondly, the Act can improve the social trust in the modern society.

C. Discuss the ways in which you would incorporate the key aspects of the data protection
legislation into information-related strategies for an organization of your choice. Give relevant examples. The Conceptual Information Flow Model below provides an overview of the flow of information from.Furthermore, there are four underlying functionalities supporting the flow in the NHS: 1. Security & Access Control ensuring only authorized clinicians have access to the data; 2. Audit & Logging ensuring access is logged for auditing purposes; 3. Meta Data Management - provision of a service to manage and provide access to information about the data, e.g. the provenance of the data and what a log of the transformations that have been performed on it; 4. Service Management provision of a service to support normal operation of the solution that meets business needs for availability, performance, backup & recovery, etc. (NHS, 2011)

Fig 4-Conseptual Information Flow Model (NHS,2011)

One of the emphasized functionalities which should be mentioned to give an explanation is the Security & Access Control. The Data Protection Act should be taken into account for making patients data confidentially. Marchand, Davenport, and Dickson (2000) give a view that the health care database of the new information system includes sensitive and private customer data. Moreover, the security concern can not be overlooked particularly in clients application structure. For the health care service industries, storing all the patients private information and make sure the information will be kept confidentially is one of the high quality services which the patients ask for. However, a piece of news from Computer Weekly shows that NHS research system could breach patient confidentiality. Medical experts have hit out against an NHS computer system which gives researchers access to patient information without their consent. The Secondary Uses Services (SUS) system gives commercial and academic researchers access to patient information which is 'anonymised'. But in a letter to the British Medical Journal, Dr Ian Brown of the Oxford Internet Institute said patients were being misled about the level of anonymisation of their data and the likelihood of re-identification. "The Department of Health claims that patient data accessible through SUS should be available for use in medical research without consent, because the patient cannot be identified from such data. On the other hand, researchers want to be able to make historical or other linkages with data, and therefore data in SUS are only 'partially anonymised'," he said. (Reed Business Information Ltd,2011) Whereas, a research written by Robert Navarro (Director, Sapior Ltd) shows some limitations of anonymisation in NHS data systems. Richard Turner makes a good case for caution in the sharing of pseudonymised records, citing the examples of discrimination or embarrassment to patients. It is easy to develop this example a little further from embarrassment to harassment as jealous spouses snoop on their ex-partners. Or further still as Social Services or the Police look for "high risk" patients indicated by data of which the only reliable source is our wonderful Health Service. Patients healthy conditions and other information should only be used on the medical purpose. Otherwise, the privacy of the patients will not be guaranteed. There is a piece of wonderful paper written by Nissenbaum. He found a way to predict when someones privacy will have been breached. As a result, the harm to the privacy may be avoided which will be surprising to the patients. ((H. Nissenbaum. Privacy as Contextual Integrity.) (http://www.bmj.com/content/342/bmj.d238/reply)) After that, I should look for some proof and evidence for a no harm potential or low harm potential in order to catch up with the lack of highly publicized press reports. People will have no idea about how many privacy breach example would move to you to go to the press. Though some people are suspected and proved an NHS data breach. Therefore, this situation can turn out to have more important principles at stake.

There are also some accidents that we should be working on and avoid. For example, the nightmare scenario can be the loss of faith, reputation and the faith in the NHS. In this case, a sufficient number of patients who begin to routinely mislead the clinician will try their best to avoid the recording of potentially harmful data. In this point of view, the quality of the data will decrease. As a result, the quality of the health care will nose-dive as well. By contrast, the cost of the compensation will climb higher. There is a question which is prudent to ask Will the new data sharing project cause any patients to lose trust in their NHS? So it is really necessary for the NHS to cut down the risks of privacy and prevent the harm. (H. Nissenbaum. Privacy as Contextual Integrity.) Therefore, I should find out how is access to data controlled in the NHS. The NHS information centre gives a clue how does it work within the organization. All access is controlled through information governance groups; including the Patient Information Advisory Group (PIAG) whose approval is required for patient identifiers (these include name, address, and postcode, date of birth, NHS number, and local identifier). (Copyright 2011, The Health and Social Care Information Centre. All rights reserved) HES is the national statistical data warehouse for England of the care provided by NHS hospitals and for NHS hospital patients treated elsewhere. HES is the data source for a wide range of healthcare analysis for the NHS, government and many other organizations and individuals. For access to sensitive HES data, the Security and Confidentiality Advisory Group (SCAG) must also be considered. (Copyright 2011, The Health and Social Care Information Centre. All rights reserved)

D. Choose an IS planning framework and critically evaluate its potential to incorporate

the necessary data protection legislation into organizational governance.

In the data security system, there are different kinds of typical users which cover a very a very range. As data and information is available to any customers, data is subject to the approval of the information where the sensitive items are required, and to meet data security requirements. The wide range includes the fields shown as follows.

Researchers Providers, commissioners and health authorities Commercial organizations providing services to the NHS Department of Health Public health Regulators

(Copyright 2011, The Health and Social Care Information Centre. All rights reserved)

Take the Bradford Council as an example which aiming at learning the regulation of data protection. There are some details about the operation of Data Protection Act in Bradford. Some personal data or information such as members of the family, income, etc can not be given to a landlord or agent in Benefits Services. It is because that this maybe a breach of the Data Protection Act. The Bradford Council should protect clients information confidentially which is a piece of the regulation in the Data Protection Act. We are not allowed to give any information or details about the personal circumstances of a claimant to the landlords or agents. However, housing benefit is being paid directly to the landlord or the agent under some certain circumstances. We can not tell the landlord or the agent anything if the client has not authorized to the organization. It is not allowed to confirm that a client has made a claim unless the customer has given written consent. If the client has authorised payment to the landlord/agent we can only tell the landlord/agent the amount of entitlement (but not how it is calculated), the date from which it is to be paid and the method and frequency of payment. If the landlord/agent has been charged with an overpayment we will tell the landlord/agent the amount of the overpayment and how it is made up (i.e. number of weeks and amount per week), the reason for the overpayment (i.e. claimant error, Local Authority error, other error or fraud), the fact that it is recoverable, and the method of recovery.(Data Protection and Confidentiality2011 Bradford Metropolitan District Council) SWOT Internal Analysis Strengths NHS is the National Health Service which is not gaining any profits from the patients. It is a non-profit health care services company. NHS owns the biggest labour in the UK. It is rich in Human Resource. Plus, the labour is investing more money in the NHS than ever before. The NHS in England has nearly 1.30 million staff. The number of employees in the NHS in Scotland is around 158,000. For the NHS in Wales, it has 90,000 staff. By 2010, NHS has 100 new hospitals and it wins the biggest building programme. The level of patient satisfaction is high, especially on hospital ambulance, primary care services and mental health. Weakness The quality of the employees is falling and the average age of the workers are rising. The proportional well-paid working population has been declining for about 20 years. Many people feel that NHS does not provide value fro money. The workers are getting disillusioned. Patients will have to wait for an appointment for a long time. Besides, the costs of some new drugs will make the GPs think about the description. External Analysis

Opportunities NHS can get the support from the UK government. The National Health Service or NHS is one of most well known publicly-funded healthcare organizations in England, Scotland, Wales, and Northern Ireland NHS carries out the reforms in order to minimize the number of the department. Moreover, the company can gain more efficiency. Threats The other hospitals and health care organizations will be the threats for the NHS. The data security will be a threat as well. The data safety of the patients is the issue for NHS to pay more attention to. The information of the patients should only be used in the medical purpose. PEST Political-legal The healthy policies and regimes between England and Wales differ from each because of some factors. For instance, the age distribution of population and life-style changes will have an effect on the operation of the policies. With the development of the technology, peoples life styles keep changing all the time. Also, the trust of the governance is significant as well. Economic There are some key issues for the NHS to consider about. The restricted access to capital and the amount of the investment will have an effect on the operating within the NHS. Charges for personal social services have in creased from 502 million in 1992-1993 to 2039 million in 2000-2001. And the proportion of total spending recouped by local authorities in fees and charges has risen from 9.1% in 1992-1993 to 16.1% in 2000-2001.(Laings Review of Private Health Care 1996) Social-cultural Patients choice, demographic and changing expectations will impact on activities. Patients or public activism is increasing as well. NHS should plan for the future population changes. Moreover, patients will pay more attention for their information privacy and safety. Technological In order to strengthening the diagnosing capability, new medical technologies are invented frequently. Nowadays, NHS is faced with some key issues: the growing number of expensive treatment and diagnostic equipment, high quality decision-makers and management planning technique. Conclusion As it is shown in the previous tasks, the information flow in the NHS is displayed in the figure.

And then, I use the quotation from the Data Protection Act to get a clue about customer privacy and the information security. After that more details about the data control in the NHS are discussed. The SWOT analysis and PEST model are also used to evaluate the management of the NHS.

Reference Blake Ives and Gerard P. Learmonth, 1984, The information system as a competitive weapon, Communication of the ACM, Volume 27 Copyright 2011, The Health and Social Care Information Centre. All rights reserved http://www.ic.nhs.uk/services/independent-sector-information-programme/support-andguidance/access-to-data Data Protection Act 1984, long title, page 1. Crown Copyright 1984. Data Protection Act 1998, Schedule 1, Part I. page 35. Crown Copyright 1998.

Data Protection and Confidentiality2011 Bradford Metropolitan District Council) http://www.bradford.gov.uk/bmdc/health_wellbeing_and_care/benefits/data_protection_and_confidentiality

Duncan, G.T.; Jabine, T.B.; and De Wolf, V.A. Private Lives and Public Policies: Confidentiality and Accessibility of Government Statistics. Washington, DC: National Academy Press,1993 pp 22 Fig. 1 - organizational levels and business functions (Source: Laudon & Laudon, 2009 Fig. 2- organizational levels and business functions (Source: Laudon & Laudon, 2009) Fig 3-How does the information flow around NHS (Source: NHS, the Information Centre) Fig 4-Conseptual Information Flow Model (NHS) http://www.connectingforhealth.nhs.uk/systemsandservices/clindash/toolkit/overview/conceptinfof low

H. Nissenbaum. Privacy as Contextual Integrity. http://crypto.stanford.edu/portia/papers/RevnissenbaumDTP31.pdf Competing interests: Director of Sapior Ltd that develops and markets innovative technologies and services to reduce the breach risks of making fantastic use of health data. H. Nissenbaum. Privacy as Contextual Integrity.http://www.bmj.com/content/342/bmj.d238/reply)

Laings Review of Private Health Care 1996 Moshe Ayal and Abraham Seidmann, 2009, Journal of Management Information Systems/Fall 2009, Vol. 26, No. 2, pp 43-68

Reed Business Information Ltd,2011 (http://www.computerweekly.com/Articles/2011/02/08/245314/NHS-research-system-couldbreach-patient-confidentiality.htm#) Richardson, R. The 12th annual computer crime and security survey, Computer Security Institute, San Francisco, CA, 2007 Roseberg, A. Privacy as a matter of taste and right. In E. F. Paul, F.D. Miller, and J. Paul, The Right to Privacy. Cambridge: Cambridge University Press, 2000, 68-90