Presentation is loading. Please wait.

Presentation is loading. Please wait.

Elite Technology Risk/Mitigation Plan [Fall 2010] Fall Semester 2010.

Published byMillicent Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "Elite Technology Risk/Mitigation Plan [Fall 2010] Fall Semester 2010."— Presentation transcript:

1 Elite Technology Risk/Mitigation Plan [Fall 2010] Fall Semester 2010

2 Risk Management – Identify Predominant Risks Risk of Inaccurately Calculating and Measuring Radiation using the system Risk of Leaking Patient Privacy Risk of Unprotected Database Risk of inoperable or Non-responsive System or Database Risk of Entering Incorrect Information Risk of Incorrectly tracking insurance information Training Risks 2

3 T.C.A.Houston - Risk Matrix WATCH FOR UNEXPECTED CHANGES MITIGATION PLAN REQUIRD AND CONTINUAL CHECK ING ACTIONS TAKEN VERY LITTLE PLANNING REQUIREDACTION PLANS SET IN PLACE Degree of Impact on the Project High Low Probability of OccurringLow High 6 2 7 4 The chart shown refers to the Risk Mitigation Plan. The colors are ordered in levels of risk and importance with Red being the highest risk. 3 1 5 View Details #StepDescriptionOutput LevelStatusNotes 1Risk of Inaccurately Calculating and Measuring Radiation using the system Measured radiation levels of patients is of extreme importance. This information is deemed highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire busines and the reputation of the doctors and technicians at risk. Extreme Risk and High Importance PendingNot as of yet Risk of unauthorized access into the database Require every user to have a password and username to access the application Extreme Risk and High Importance PendingNot as of yet Risk of loss of data entered into the database Require user to save all the information immediately after completion Extreme Risk and High Importance PendingNot as of yet Risk of invalid input for client's information by authorized user Format each field that requires a user input to accept only the desired format Extreme Risk and High Importance PendingNot as of yet Risk of natural Disaster - Hurricane Backups all files and documents using SVNExtreme Risk and High Importance PendingNot as of yet Risk of natural Disaster - Sunami Backups all files and documents using SVNExtreme Risk and High Importance PendingNot as of yet Risk of natural Disaster - Tonado Backups all files and documents using SVNExtreme Risk and High Importance PendingNot as of yet Risk of fire outbreakBackups all files and documents using SVNExtreme Risk and High Importance PendingNot as of yet Risk of an authorized user forgets his password and Username Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available. Extreme Risk / High Importance PendingNot as of yet 2Risk of Leaking Patient PrivacyPatient privacy is required when dealing with results of any confidential test that are done. The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit. Extreme Risk / High Importance PendingNot as of yet 3Risk of Unprotected DatabaseIt is definitely important that our client has security and peace of mid knowing that the database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized. High Risk / High Importance PendingNot as of yet 4Risk of inoperable or Non- responsive System or Database Because all of this information will be routinely used and accessed there is a risk for the system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible. Moderate Risk/ Moderate Importance PendingNot as of yet Risk of an authorized user forgets his password and Username Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available. Moderate Risk/ Moderate Importance PendingNot as of yet 5Risk of Entering Incorrect Information We runb the risk of entering the right information for the wrong patient. We need to design the database in a way that makes it as easy and fast as possible to inout correct information. Otherwise we risk the clinic having serious data issues. Moderate Risk/ Moderate Importance PendingNot as of yet 6Risk of Incorrectly tracking insurance information There is a risk of incorrectly tracking patient insurance information. This could effect the clinic financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized. Mid-Low Risk/ Moderate Importance PendingNot as of yet Risk of computer malfunctionsStore all backups using SVN on computers in two different location Mid-Low Risk/ Moderate Importance Pending Risk of computer malfunctionsStore all backups using SVN on computers in two different location Low Risk /Lower Importance Pending Risk of low signal for internet connection Use a reliable company that provide internet service. (AT&T) Low Risk /Lower Importance Pending Risk of not being able to access the web application because NO internet service provide is available on the computer Verify that each computer has at least internet explorer and Mozilla Firefox installed Low Risk /Lower Importance Pending 7Training RisksThere is a risk of Improperly training each staff member on how to use the system. This would lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients. Low Risk /Lower Importance PendingNot as of yet

4 Risk of Inaccurately Calculating and Measuring Radiation using the system Assumption: We will effectively design a system that accurately organizes and tracks this information. Potential Risks: Measured radiation levels of patients is of extreme importance. This information is deemed highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire business and the reputation of the doctors and technicians at risk. Plans to Mitigate Risks: We will allow for a section in the application that will look for errors specifically in this section. 4

5 Risk of Leaking Patient Privacy Assumption: We will effectively protect this information Potential Risks: Patient privacy is required when dealing with results of any confidential test that are done. The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit. Risk Assessment: We will deploy techniques to secure and password protect the web application. We will also apply user privileges and administrative rights. 5

6 Risk of Unprotected Database Assumption: We will successfully protect and secure the system designed for TCA Houston Potential Risks: It is definitely important that our client has security and peace of mid knowing that the database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized. Plans to Mitigate Risks: Database needs only to be accessible on site. Database needs to be password protected. Database needs to be backed up in multiple places. 6

7 Risk of inoperable or Non-responsive System or Database Status: We will execute database performance techniques that should serve as preventative measures Potential Risk: Because all of this information will be routinely used and accessed there is a risk for the system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible. Plans to Mitigate Risk: We will performed useful and effective database tuning and performance techniques. 7

8 Risk of Entering Incorrect Information Assumption: We will design the system and application in a way that it is easy to properly enter this information. Potential Risks: We run the risk of entering the right information for the wrong patient. We need to design the database in a way that makes it as easy and fast as possible to input correct information. Otherwise we risk the clinic having serious data issues. Plans to Mitigate Risks: We will allow as little typing as possible and as many dropdown/button/lists as possible. We want to try and prevent human error. 8

9 Risk of Incorrectly tracking insurance information Assumption: We will design the application in a way that will successfully track this information. Potential Risks: There is a risk of incorrectly tracking patient insurance information. This could effect the clinic financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized. Plans to Mitigate Risks: TBD 9

10 Training Risks Assumption: We will be able top provide useful and easy to understand training material for staff members. Potential Risks: There is a risk of improperly training each staff member on how to use the system. This would lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients. Plans to Mitigate Risks: Provide video and text referencing for our client. 10

Download ppt "Elite Technology Risk/Mitigation Plan [Fall 2010] Fall Semester 2010."

Similar presentations

Web Shift Booking System

Web Shift Booking System
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Building the business case for Business Continuity Justin Davey Senior Consultant CA.

Building the business case for Business Continuity Justin Davey Senior Consultant CA.
Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.

Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.
SAM 2007 v3.0 The Student Experience Including SAM Projects and Course Assess assignments.

SAM 2007 v3.0 The Student Experience Including SAM Projects and Course Assess assignments.
Problem 10-21 Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.

Problem Friggle Corp. is a leasing and property management company located in Alberta. It provides financing to organizations wishing to purchase.
SmartCall™ SMS SmartCall SMS by HME Wireless is a great tool to manage your patient workflow through your facility. Using the SmartCall SMS system, staff.

SmartCall™ SMS SmartCall SMS by HME Wireless is a great tool to manage your patient workflow through your facility. Using the SmartCall SMS system, staff.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
APPLICATION SUBMISSION MADE EASY. How it all Started One of the largest life insurance companies in the country asked CRL if we could provide an easy.

APPLICATION SUBMISSION MADE EASY. How it all Started One of the largest life insurance companies in the country asked CRL if we could provide an easy.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Clearing your Cookies Mozilla Firefox A short guide to help you navigate our website faster Brought to you by:

Clearing your Cookies Mozilla Firefox A short guide to help you navigate our website faster Brought to you by:
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Strabismus Checking System The Team: Lior Barak Omri Mosseri Application Requirements Document.

Strabismus Checking System The Team: Lior Barak Omri Mosseri Application Requirements Document.
DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.

DePaul Bears Try Your Luck!. Why buy this product? Approximately 1,000,000 cell phone users Approximately 2,000,000 or more people play the lottery New.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
WHAT’S A TECHNOLOGY SYSTEM? A technology system is a machine that processes digital data. A computer is a technology system. A computer installation is.

WHAT’S A TECHNOLOGY SYSTEM? A technology system is a machine that processes digital data. A computer is a technology system. A computer installation is.
Level 2 IT Users Qualification – Unit 1 Improving Productivity Name.

Level 2 IT Users Qualification – Unit 1 Improving Productivity Name.
Network security policy: best practices

Network security policy: best practices
Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Similar presentations

Ads by Google