Ethics Scenario
Our town medical center has hired a new chief information officer who is responsible for the information security plan. She has decided that HIPAA is outdated, complying with HIPAA security standards is too costly, and that the medical center would be better to save the money spent and use to deal with a data breach. She has stated that her philosophy is that, “Nothing is going to stop breaches, so why waste our money?” This is concerning to you in your role as the privacy officer and you are preparing to meet with her and discuss the important of compliance with both the security and privacy rules.
Is there an ethical dilemma?
How should the privacy officer respond?