This assignment is intended solely for sample

purposes and should not be u5lized for any

other purpose beyond its demonstra5on
value. Its content may not align with the
specific requirements of your own
assignment.

Furthermore, it's important to note that the

content of this assignment does not
necessarily coincide with the scope and
objec5ves of your current assignment.

Please regard this assignment as a sample

only. Some par5cipants may not have had
previous exposure to assignments, and this
serves as an illustra5ve example. It is not
intended to be relied upon for securing good
grades in this course.

Page | 1
Title:
Course: CIS5209 Systems Analysis and Design for IT Professionals
Semester:

Sr.# Contents Page#

1. Task 1# Ethical and legal consideration 3
2. Task 2# Legal Requirements and Compliance standards 4
3. Task 3# Legal Considerations that impact system analysis 4
4. Task 4# Regulatory compliance 4-5
5. List of References 5

Page | 2
Contents Table:

Page | 3
Ethical and legal considerations:
Evaluate the ethical implications of decisions made during the systems analysis phase, especially
concerning patient data, stakeholder communication, and vendor relationships.

Patient data:
• Confidentiality and Privacy:
Systems analysts are responsible for maintaining the privacy and confidentiality of patient data.
Inadequate implementation of strong security protocols or unapproved entry to patient information may
lead to trust violations, and legal implications. (Whitman & Mattord, 2021)
• Informed consent:
Patients must give their informed consent before any data is collected, used, or stored. To respect patients’
autonomy and build trust, open communication regarding data management procedures, possible risks is
crucial. (Whitman & Mattord, 2021)
• Data minimization:
To reduce privacy threats, ethical analysis focuses on minimizing the acquisition and keeping of
superfluous patient data.

Stakeholder communication:
• Transparency:
Transparent and truthful communication builds confidence and encourages moral behavior.
• Inclusivity:
Making sure that patients, administrators, and healthcare professionals are all treated with respect and
inclusivity. Upholding the moral principles of justice and respect requires acknowledging and attending to
the needs and viewpoints of all stakeholders. (Faden & Beauchamp, 1986)
• Consent and participation:
Encouraging ethical behavior and improving project outcomes are achieved by honoring stakeholders’
autonomy and including them in talks about system design and implementation. (Faden & Beauchamp,
1986)

Vendor relationships:
• Fairness and equity:
Requires fairness and equity in contract negotiations, the procurement process. Promoting ethical behavior
and upholding integrity are facilitated by avoiding conflicts of interest and maintaining transparency.
(Buxbaum, 2019)
• Intellectual property rights:
Entail upholding contractual duties and intellectual property rights in vendor partnerships. Reduces legal
risks.

Page | 4
Standards of Compliance and Legal requirements:
Portability and Accountability of Health Insurance Act:
• To find weakness in data handling procedures, conducts routine audits and risk assessments.
• Protect sensitive health information by implementing secure authentication methods, encryption, and
access controls.
General Data Protection Regulation:
• Prior to processing someone’s personal data, get their express consent.
• To secure personal data, use data encryption, pseudonymization, and data minimization techniques.
The Economic and Clinical Health Information Technology Act:
• To stop data breaches, put strong cybersecurity measures in place including intrusion detection systems
and network security procedures.
• Create incident response plans to deal with data breaches quickly and adhere to regulations requiring
breach notifications.
Payment Card Industry Data Security Guidelines:
• To protect credit card details, put in place a secure payment processing solution that adheres to PCI DSS
guidelines.
• To make sure rules are being followed, conduct routine security audits and assessments.

Legal considerations that impact System Analysis:

Intellectual Property Rights:
• Ownership: Systems analysts must consider who is the rightful owner of the software, proprietary
techniques, and algorithms used in the systems under analysis. This involves being aware of licenses and
ownership agreements.
• Protection: It is essential to safeguard confidential data created during analysis using trade secrets and
copyrights. This guarantees that novel approaches and solutions are shielded from misuse by unauthorized
parties.
• Licensing: When using third-party software or components for analysis, systems analysts need to follow
the licensing agreements to make sure the terms and conditions of use, modification, are met.
Compliance regulations:
Data privacy and protection: Managing sensitive data, such as patient data in healthcare systems is a
part of system analysis.
• Compliance with laws like GDPR and HIPAA to safeguard the security and privacy of this data is crucial.
• HIPAA compliance ensures the privacy and accuracy of patient health information, while GDPR
compliance is necessary for the authorized processing of EU individuals’ personal data.
Cybersecurity Standards:
• Adherence to cybersecurity standards outlined by industry-specific standards is necessary to ensure the
security and integrity of systems being analyzed.
• Compliance with standards like NIST cybersecurity framework helps mitigate cybersecurity risks by
providing guidelines for identifying, detecting, recovering from cyber threats.

Regulatory Compliance:

Page | 5
 International Standards:
GDPR: GDPR requires strict data protection measures, including informed permission, data minimization
and data subject rights. It is applicable to system analysis involving EU individuals.
Standards of the International Organization for Standardization: ISO/IEC 27001 management of
information security and ISO/IEC 9000 for quality management provide frameworks applicable to
systems analysis, ensuring security and quality compliance.
Industry specific regulations:
Healthcare industry:
Strict guidelines are enforced for managing patient data and systems analysis related to medical devices
by law such as (MDR) and the US’s (HIPAA).
Financial Services Industry:
Security and risk management procedures are required for financial system analysis by laws like PCI DSS
and Basel III framework.
Impact on System Analysis Process:
• Risk assessment is essential to ensure regulatory compliance.
• Compliance Integration in every phase of the system analysis
• Documentation and reporting on compliance status are critical.
Industry-specific considerations:
Health care: addressing HIPAA requirements for patient data protection.
Financial services: Implementing PCI DSS controls for securing payment card data, conducting regular
security assessments of key aspects in the financial sector.

References:
• Buxbaum, P.L.2019,’Vendor contracts: Where the fine print can trip you up; American Journal of
Psychiatry, vol.176, no.9, pp. 651-653
• Whitman, M.E. & Mattord, H.J.2021, Principles of Information Security, 7th edn, Cengage Learning
• Bultas, M. W., Ruebling, I., Breitbach, A., & Carlsn, J. (2016). Views of the United States healthcare
system: Findings from documentary analysis of an interprofessional education course. Journal of
Interprofessional Care, 30(4), 489-497.
• HHS n.d., HIPAA Privacy, Security, and Breach Notification Rules,
https://www.hhs.gov/hipaa/index.html.
• GDPR n.d., General Data Protection Regulation, https://gdpr.eu/.
• HITEC Act n.d., The Health Information Technology for Economic and Clinical Health (HITECH) Act,
https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act/index.html

Page | 6