Case Study 8.6
Read the following and then answer the questions at the bottom
The IT staff at Texas Health Resources Inc. must deliver more than technical functionality. And it needs to deliver more than the business requirements; it also has to meet the organization’s ethical standards.
To that end, its systems must help ensure that Texas Health complies with laws and regulations. And they also have to promote the right behaviors and prevent or flag undesirable ones, says Micheal Alverson, vice president and deputy chief information officer at the Arlington-based nonprofit health care system. Consider the challenge of handling patients’ medical records. Even though the federal Health Insurance Probability and Accountability Act mandates that agencies keep those records private, caregivers still need to access them—when appropriate.
So the organization’s electronic health records system “gives doctors and nurses who are caring directly for patients quick access when they use the right authentication,” Alverson says. But additional authentication is required to get records for patients who aren’t under the provider’s immediate care. The system records who gets access to what, allowing officials to audit and review cases to ensure there’s no inappropriate access.
“the IT staff holds itself to similar ethical standards, too,” Alverson says. The department has policies that prohibit taking gifts and endorsing vendors, to help guarantee that workers make procurement decisions only based on quality and needs. And when there’s any question—such as when a vendor proposes a deep discount if Texas Health agrees to be an early adopter of a new technology—IT leaders can turn to the system wide Business and Ethics Council for guidance.
“If we really want everyone to subscribe to the idea that working at Texas Health is special, then we have to have people actively believe in doing the right thing,” Alverson says.
Companies are increasingly looking at their ethics policies and articulating specific values that address a range of issues, from community commitment to environmental sustainability, which employees can use to guide their work. The need to comply with federal laws and regulations drives some of this, while consumer expectations, employee demands, and economic pressures also play a part.
Information technology consultant Dena L. Smith lays out a hypothetical dilemma: should an IT department hire a more expensive vendor because the vendor shares its own company’s ethics standards, or should it go with a lower cost provider that doesn’t?
Companies with established ethical standards that guide how they conduct business frequently confront this kind of question, Smith says, but it’s a particularly tough question today, given the recession,. With IT departments forced to cut budgets and staff, chief information officers will find it difficult to allocate dollars for applications that promote corporate ethics.
“The decisions are easier in the days when the economics were favorable, but the choices may have to be more limited now,” says former CIO John Stevenson, president of consultancy JG Stevenson Associates. “Now it’s how much can you afford to do versus how much do you have to do so you don’t get burned.” Stevenson says companies that had moved toward certain ethical goals before the economic crisis—whether those goals involved green initiatives or corporate responsibility programs—aren’t giving up their gains. “But if they haven’t done that yet, it gets more difficult to say we’ll spend more money than we have to,” he says.
“Companies use the term ‘corporate ethics’ to mean many different things. In many organizations, if not the majority, it means compliance with a set of legal and minimum standards, In other organizations, corporate ethics means defining a set of corporate values that are integral to how they go about business,: says Kirk O. Hanson, executive director of the Markkula Center for Applied Ethics at Santa Clara University.
Either way, chief information officers have an opportunity to show how technology can further their companies’ ethics objectives.
“Policy decisions at the very senior level need to the sensitivity that IT experts can bring to the table,” Hanson says. “CIOs will know the capabilities of IT and be able to contribute that to corporate strategy. They will also know the misuses of those capabilities and be able to flag those and prevent the organization from stepping in scandals.”
Hanson cites a 15-year-old case in which marketing workers at a large telephone company spent millions of dollars to develop a list of customers with ties to the Washington area that they planned to sell to other marketers. In violation of company policy, they compiled the list using the company’s database of customers who frequently placed calls to the District of Columbia.
Executives learned about the list before the marketing department sold it. IT then developed a system to monitor use and block future unauthorized access to such information, Hanson says. However, it came a bit late, since IT should have developed the application in advance, anticipating the need to protect the information as well as detect any efforts to breach it.
Hanson says IT today can build systems that can screen potential subcontractors and vendors to see if they share certain values. It’s also possible to create tools that flag contracts whose costs exceed expectations in ways that suggest bribery or other improprieties, or set up systems that analyze customer satisfaction surveys to find evidence of unethical behaviors on the part of workers.
Meanwhile, companies that put green initiatives at the top of their ethical concerns can have IT create applications that track energy consumption to flag anomalies that indicate inefficiencies or calculate the corporate carbon footprint and identify ways to reduce it.
“You have to step back a minute and ask, ‘What is the role of technology around ethics?” says Smith. “Technology can help from a monitoring, protection, and prevention standpoint in a lot of ways.” The notion of corporate ethics hasn’t always been so broad, says Mike Distelhorst, a law professor at Capital University Law School, a former adjunct professor of business ethics at the Capital School of Management and Leadership and former executive director for the university’s Council for Ethical Leadership. “You’d be hard-pressed to find any company that doesn’t have a beautiful ethics and compliance program,” Distelhorst says. “They’re talking about it, and they’re working it all out in various strategic documents. But the question is whether they’re actually living by it. Some are, and clearly some aren’t.”
Regardless of where a company stands in the process, IT leaders should be ready to contribute, he says.
“These policies are worked out on the ethics and compliance committees below the board level, and they’re having the CIO as a key player,” Distelhorst explains. That’s the case at Intel Corp., says the company’s chief information officer, Diane Bryant.
Intel’s Ethics and Compliance Oversight Committee established the following five principles for the company and its workers: Intel should conduct business with honesty and integrity; the company must follow the letter and spirit of the law; employees are expected to treat one another fairly; employees should act in the best interest of Intel and avoid conflicts of interest; and employees mus protect the company’s assets and reputation.
“Intel’s IT staff builds and maintains the systems that allow the company to meet its legal and regulatory requirements, such as those laid out for accounting and governance by the Sarbanes-Oxley Act,” Bryant says. It also developed applications and a team of workers to handle document retention, which is crucial should there be a legal case with electronic discovery requests.
But IT also enables Intel to enforce its own values and not just meet regulatory requirements, Bryant explains. So there are applications to help perform rigorous checks on suppliers to ensure that they have sufficient business continuity plans and environmental sustainability plans, as well as ethical stances that match Intel’s own. IT has also delivered sophisticated systems that monitor the power consumption and carbon dioxide emissions of Intel’s data centers. And it developed systems that monitor for potential malicious behavior, such as violations of access management rights or the public release of Intel’s intellectual property.
“We put solutions in place that help protect Intel’s five principles,” Bryant says.
Few companies are that advanced in their use of technology to further an ethical agenda. “Companies recognize that they have to be on record as being committed, but they’re not yet as convinced that they have to manage it like other parts of their business,” Hanson explains.
But when companies do decide to move in that direction, that’s when chief information officers can shine, offering ideas on what metrics to use and what to measure.
“That’s where IT can be a real leader,” Hanson says, “since they know what can be measured and captured.”
What are the two meanings of “corporate ethics” in organizations today? What does each definition imply for IT practices? How does the economic environment affect this?
How does IT provide more opportunities for difficult ethic issues to arise? How does IT help address those opportunities? Use examples from the case to justify your answer.
Should organizations pursue high ethical standards regardless (or in spite of) their bottom-line impact? Or should they limit themselves to those scenarios where “good ethics make for good business”?