R M 357E Risk Management

You picked one specific risk management issue to further explore.

You will research this risk management issue and its impact on a health care organization. You will create an organizational risk management plan related to the specific risk management issue that you identified.

Organizational risk management plan that includes:

 

An introduction that provides discussion about the specific risk management issue and the specific type of health care facility or organization that you will target in this organizational risk management plan. Address the needed stakeholders and what positions in the organization should be included in this type of planning.

 

An analysis that provides three to four different sources of information discussing this issue or supporting organizational planning related to the issue you identified.

At least five steps for an organization to correctly identify the issue, track the issue, plan for outcomes, and implement change.

An evaluation discussion that provides clear ways for the organization to determine if the plan is working.

A final recommendation of what other considerations the organization may need to include in organizational risk planning.

Introduction

Risk management is an important consideration in the healthcare sector as it touches on the information security aspect of a healthcare system. One of the risk elements outlined in the local health facility was the issue of information security and the threat of cyber crime. The healthcare industry is adapting the current wave of electronic healthcare records moving away from the manual storage which consumed space and time to retrieve. However, the present development comes with the threat of cyber crime where cyber criminals might hack the information and shut down the health-related systems. The information and technology department of the hospital remains the concerned parties in the risk management plan.   

Information and Data Risk Management

Interruptions and breaches on network system of the healthcare facility can lead to the jeopardy of an organization’s security system, reputation, and financial standards. The firm lacks the necessary policies to guarantee information security which can affect its operations and the confidentiality of patient information. Cyber crime affects several industries using information technology systems thus putting the healthcare organization at risk.

According to (Wager, Lee & Glaser, 2017), competitors and other individuals out to spoil the reputation of a given hospital can use the cyber criminals to destroy patient information or altering the same thus putting the patients in danger as well as the facility. Consequently, the risk can lead to financial costs from court battles from patients and other regulatory fines due to the lack of compliance by the organization (Perakslis, 2014). As such, the risk of cyber security becomes a real threat to the healthcare industry in the present day operations.

Steps and Analysis to Risk Management on Healthcare Records

Risk management calls for adequate measures to safeguard the information and ensure little or no threats to information alteration. As such, several steps have to be initiated and launched to protect information while staying away from the cyber criminals.

Insurance Carriers

The firm needs to work in close collaboration with the insurance carriers for the assessment of exposure levels to provide consultancy on the effective management strategies. Insurance companies cover damages occasioned to hacking and information loss thus can offer essential guidance on safeguarding and closing all loop holes accredited to healthcare information disturbances. 

Training

The medical facility needs to obtain top-notch training for its information technology officers to ensure compliance with the latest trends in data handling. Consultants and experts in information protection ought to be brought in periodically to update and train them on the most recent considerations and steps to avoid data damage. In so doing, the firm would remain protected thus avoiding losses occasioned to information loss.

Information Backup

Storage of information in one provider or server proves to be difficult in case of a cyber crime thus bringing difficulties in data retrieval. Rodrigues, De La Torre, Fernández & López-Coronado, 2013). Suggest that providing a backup system is prudent towards protecting information that can be presented and updated once a threat to the network is detected.

Cyber Liability Insurance

Acquisition of cyber insurance assists in data security and the transfer of liability, should any associated risks occur in patient information privacy. In such a case, all the costs incurred in forensic analysis, legal expenses, and regulatory costs can be covered by the insurance firms (Fernández-Alemán, Señor, Lozoya,  & Toval, 2013).

Policies and Procedures

The healthcare facility needs to develop policies and procedures to guide operations among individuals in the records department to affirm security on information. The use of passwords that change over time is advisable to avoid internal information leakages and having different logins to the systems for accountability reasons.

Recommendations

  As the use of electronic records system comes into play, the firm needs to stay aware of the importance of privacy thus acquire matching minds that can handle the department intelligently. Besides, there is a need for constant training activities to cover key risk areas and prepare the unit for uncertainties. A robust compliance system has to be set to ensure ultimate adherence to the rules and procedures of engagement in line with present security trends.

References

Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics, 46(3), 541-562.

Perakslis, E. D. (2014). Cybersecurity in health care. The New England journal of medicine, 371(5), 395.

Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security and privacy requirements of cloud-based electronic health records systems. Journal of medical Internet research, 15(8).

Wager, K. A., Lee, F. W., & Glaser, J. P. (2017). Health care information systems: a practical approach for health care management. John Wiley & Sons.