Risk Management Report: In-patient Data Storing System Project

Verified

Added on 2020/03/13

AI Summary

This report provides a comprehensive risk management plan for the implementation of a new in-patient data storing system, named 'My Health Record System,' in an Australian hospital. It follows the AS/NZS ISO 31000:2009 standard, addressing financial and security risks associated with storing patient data electronically. The report establishes the project's context, identifies stakeholders, and outlines communication strategies. It details four risk assessment methods: identification, analysis, evaluation, and treatment, including risk recovery. The report also covers risk tolerability, monitoring, review, and the societal benefits of risk exposure, concluding with a risk closure plan and references. The assignment explores internal and external contexts, risk criteria, and stakeholder analysis to ensure the successful implementation of the data storing system, emphasizing the importance of data security and financial management.

Risk Management in Engineering
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
RISK MANAGEMENT IN ENGINEERING
Executive Summary
The report aims at establishing the risk management procedure for the implementation of a new
in-patient data storing system for hospital. The project chosen for this topic is named ‘My Health
Record System’ undertaken by an Australian hospital for storing the patients’ record over
electronic means, specifically internet. Both the patients and the professionals can access the
information stored. However, there are certain risks associated with the storing of patients’ data
over electronic means. This report elaborates the risk management procedure of this project
according to the AS/NZS ISO 31000:2009.

2
RISK MANAGEMENT IN ENGINEERING
Table of Contents
1. Introduction......................................................................................................................4
2. Project Overview and boundaries of the Project.............................................................4
3. Establishing the Context..................................................................................................5
3.1. Internal Context........................................................................................................5
3.2. External Context.......................................................................................................7
3.3. Risk management Context........................................................................................7
3.4. Risk Criteria..............................................................................................................7
4. Stakeholders.....................................................................................................................9
4.1. Stakeholder Identification.........................................................................................9
4.2. Stakeholder Analysis................................................................................................9
5. Communication and Consultation.................................................................................10
6. Four Risk assessment Methods......................................................................................11
6.1. Risk Identification......................................................................................................11
6.2. Risk Analysis..............................................................................................................13
6.2.1. The risk Associated with the Project...................................................................13
6.2.2. Existing Controls and Their Effectiveness..........................................................14
6.3. Risk Evaluation...........................................................................................................15
6.4. Risk Treatment............................................................................................................16
6.4.1. Identification of the appropriate risk treatment...................................................17

3
RISK MANAGEMENT IN ENGINEERING
6.4.2. Risk Recovery......................................................................................................17
7. Risk tolerability.............................................................................................................18
7. Monitoring and Review.................................................................................................19
8. Societal benefits of risk exposure..................................................................................20
9. Risk Closure...................................................................................................................20
10. Conclusion...................................................................................................................20
11. References....................................................................................................................22
12. Appendix......................................................................................................................25
12.1. Risk Identification Checklist................................................................................25
12.2. FMEA Analysis....................................................................................................26

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
RISK MANAGEMENT IN ENGINEERING
1. Introduction
The proposed project ‘Implementation of new in patient data storing system’ aims at
automating the process of storing patients’ data , who are admitted in the hospital and monitor it
electronically. The proposed system aims at eliminating the hassle of manually storing the
patients’ records and monitoring it. Both the hospital and the patients will access this health
record system. The records are uploaded and transferred to and from the system electronically
and the patients’ data is stored over a common database of the hospital with the application of
cloud storage. This proposed system will make the process of data keeping simpler, easier and
less time consuming. This will be beneficial for the patients as well since they would not have to
carry the manual records of their previous medication in case they see a new professional.
However, there are certain risks associated with the implementation of the project. These risks
are needed to be eliminated or acknowledged in order to implement the system successfully. The
risk management strategy financial and security risks of the project is elaborated in the following
paragraphs.
2. Project Overview and boundaries of the Project
The in patient data storing system for hospitals, named as ‘My Health record System’ is
to be implemented to automate the system of manual recordings. This system is designed with an
objective of storing and accessing patients’ record electronically. The records and patients details
are stored are at first uploaded into the system. The patients and the doctors have to register into
the system in order to access the data thus ensuring the privacy of data (Woods et al. 2013). The
data is stored in the cloud thus offering unlimited data entries and storage.

5
RISK MANAGEMENT IN ENGINEERING
However, there are certain limitations in this system. The data is to be stored in cloud,
thus certain security issues arises with the data security (Kulkarni et al. 2012). Moreover, there is
a risk of data loss in case of system failure and that would result in a huge problem. The
uploading of the data is needed to be done very carefully as that would be the only copy of the
patients’ record in the hospital.
3. Establishing the Context
For implementing the risk management strategy using AS/NZS ISO 31000:2009, the
context of the risk are necessary to be defined (Ernawati and Nugroho 2012). The contexts are to
be identified carefully in order to ensure an effective risk management plan. This includes
establishment of internal, external, stakeholders and risk management context of the plan. These
contexts are established in the following paragraphs (McNeil, Frey and Embrechts 2015).
3.1. Internal Context
With the emergence of digital world, people are keener on using internet to make their
work easier. This idea has been implemented by the project “My Health Record System” for
automating the storage and transfer of the patients’ data admit7ted in the hospital. This record
will include every detail such as the name, address, medical details and prescribed medication of
the patients. Both the professionals and the patients can access this record.
The financial context of the business covers the responsibilities of designing the system,
Initial investment for the up gradation process, uploading and archiving the previous records into
the new system, and re investment strategy. Fluctuation in the finances of the hospital will
resonate into every part of the business, which is needed to be tracked by the project manager
and the project sponsors (Hopkin 2017).

6
RISK MANAGEMENT IN ENGINEERING
Designing a secure system is another internal context of this project. Maintaining the
confidentiality of the information is necessary for the hospital in order to earn the patients’ trust,
which is essential for business perspective.
The various department of the hospital that are involved with the designing and
development of this project are as follows-
1) Operations Department
2) Clinical department
3) Billing Department
4) Patients’ discharge department
Information from all these departments is necessary for manual input of the previous
patients’ data into the new system.
The project teams involved in developing this system are listed below-
1) Designing team
2) Coding team (for database designing and coding)
3) Testing team
4) Project management team (which includes the project manager and the business nalyst
of the project)
Lastly the patients whose information is to be stored within the health record system are
also part of the internal context of the project under consideration.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
RISK MANAGEMENT IN ENGINEERING
3.2. External Context
The external context of this project has a direct influence on the internal environment of
the hospital. By implementing this project successfully and developing the “My Health Record
System”, the hospital will have a positive impact on the other hospitals for implementing this
idea and adopting the change. This will provide fresh business to the hospital by gaining more
patients as everyone would love to have an electronic version of data storage instead of the
traditional and manual way of data storing (Sadgrove 2016). However, with the implementation
of this project, the other hospitals might be negatively affected by the competition resulting from
the implementation of “My Health Record System”
3.3. Risk management Context
For this particular project, the risk management context focuses on managing only the
financial and security risks associated with the implementation of the project. The primary goal
of this study is to access and analyze relevant risks associated with the project and treat them
accordingly (Lam 2014). The goals of the risk management plan are listed below-
1) Reduce the risk of project failure in its first year of implementation.
2) Establishing and building a system that fits the purpose of providing a better service to
the patients of the hospital.
3) Ensuring that the business perspective of the project and its performance is aligned
with the primary objective of the system.
4) Evaluate the risk involved in storing of patients’ information in cloud.
3.4. Risk Criteria

8
RISK MANAGEMENT IN ENGINEERING
As this report mainly focuses on the financial and security risk of developing a new
system in hospitals, the risk criteria will also be addressed only on basis of financial and security
issues in the system (Christoffersen 2012).
The following points are needed to be considered in establishing the risk criteria.
1) A method of determining the degree of threat in storage of patients’ personal
information in cloud and prioritizing those threats
2) The amount of available resources in treating the risk if faced
3) Setting up a tolerability benchmark
3) The probable impact of immediate and delayed risks in the system
These points aim at:
1) Helping the project manager in effective decision making
2) Considering various scenarios and their impact on achieving the objective of the
project
3) Allocating resources at the initial stage of development in order to bypass high-level
risks
4) Providing a clear and simple tool for clear and essential communication
The internal goals of the hospital in developing the in patient data storing system are as
follows-
1) The project must comply with the government regulations and laws

9
RISK MANAGEMENT IN ENGINEERING
2) Profit must not be less than 6%
3) The system implementation should not lead to the over budget of the project
4) The system should be developed in such a way that it will be opened for further
advancements if required
5) Zero turnover rates in order to avoid unnecessary costs rising from training the staffs
in using the new system.
4. Stakeholders
The detailed analysis of the stakeholders involved in this project are elaborated in the
following paragraph (Harrison and Wicks 2013)-
4.1. Stakeholder Identification
The following are the identified stakeholders of the project under consideration (Pacheco
and Garcia 2012) -
The Hospital Owner
The Project manger ( the project deals with designing the health record system)
Project Team
Sponsors
The Billing department of the Hospital
The patients
Table 1: The list of stakeholders involved in the project
4.2. Stakeholder Analysis

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
RISK MANAGEMENT IN ENGINEERING
Detailed analysis of the identified stakeholders are elaborated in the following table
(Lienert, Schnetzer and Ingold, 2013)-
Stakeholder Influence/Interest
The Hospital Owner Responsible for setting up the objectives of the
project
The Project manger ( the project deals with designing
the health record system)
Responsible for planning and executing the
project according to the specified objectives
Project Team Responsible for the implementation of the
project within the specified time
Sponsors Responsible for managing the economical
aspects of the project and is the source of
funding for the project
The Billing department of the Hospital Responsible for providing necessary details of
the patients to be uploaded into the new system
The patients Responsible for supporting the project by
agreeing to store their personal information and
health records into a common database of the
hospital.
Table 2: Representing the Stakeholders’ Analysis
5. Communication and Consultation
Engaging the stakeholders through an appropriate communication and consultation plan
is necessary to address the stakeholders’ interest and concerns. This project is a medium sized

11
RISK MANAGEMENT IN ENGINEERING
project and hence it is essential to recognize the potential risks associated with the opening up of
a new system and build awareness in regard to the significance of the ‘My health Record
System’ (Lundgren and McMakin 2013).
An effective Communication plan eliminates the conflict of interest and decision among
the project stakeholders and therefore it is very essential for a smooth implementation of the
project (Lando 2014).
In order to develop an effective communication and consultation plan, a proper analysis
of the power and the interest of the stakeholders in necessary to consider (Fassin 2012). The
group of stakeholders who have less power or interest on this project would be least pronounced
in the communication and the consultation plan. While the group of stakeholders who have high
power and interest over this project should be specifically and formally addressed and included
in the communication and consultation plan through proper email. Mass communication should
be made with this group as this group of stakeholder has higher interest in the project. They
should be informed about the project progress in daily basis. The stakeholders included into this
group are the hospital authority and the owner. Stakeholders that have low interest over the
project can be notified about the project progress less often.
6. Four Risk assessment Methods
The four relevant risk assessment methods are elaborated in the following paragraphs-
6.1. Risk Identification
For the purpose of risk identification in developing this system, two methods were
primarily undertaken, brainstorming and checklist (Kerzner 2013).