Risk Management Plan for Health Network Inc. - Management Project

Verified

Added on 2023/06/03

AI Summary

This project presents a draft of a risk management plan designed for Health Network Inc., aiming to replace its outdated management approach and address emerging market threats. The plan focuses on identifying and mitigating existing and potential risks, particularly those related to IT infrastructure and data privacy, emphasizing compliance with regulations such as HIPAA and GDPR. It outlines roles and responsibilities for risk management, including the development of methodologies to assess financial expenditures due to data loss, leveraging commercial insurance policies, and evaluating operating procedures. The plan also includes mitigation strategies for issues like data theft, natural disasters, and internet threats, aiming to ensure customer satisfaction and maintain the company's profitability through enhanced security measures and proactive risk management practices. Desklib offers a variety of resources, including past papers and solved assignments, to aid students in understanding and applying risk management principles.

Running head: A DRAFT OF RISK MANAGEMENT PLAN: HEALTH NETWORK, INC.
A Draft for Risk Management Plan: Health Network, Inc.
Name of the university
Name of the student
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1A DRAFT FOR RISK MANAGEMENT PLAN: HEALTH NETWORK, INC.
Introduction
The purpose of this risk management plan is to assist the company, Heath Network Inc., to
get rid of its archaic management plan in order to combat market threats. The objective behind
reconsidering the management policy is to treat existing risks and recognise new threats. Additionally,
it will provide strategic solutions to mitigate them.
Scope
This plan can be applied to any fictitious organisations dealing with health services, who are
struggling to fight against market threats and looking for a better management to recover from
ongoing crisis.
Compliance laws and regulations
As understood from the scenario, products are related to IT infrastructure and carries high risk
in terms of privacy (Webb et al., 2014). Web contents of a particular organization must be in safe
hands and for that, a company must comply with privacy policies. A company needs a secured IT
infrastructure not only to comply with legislation yet these are important in order to maintain company
reputation.
 IT security rules improves the infrastructure of corporate security in terms of keeping the
patients’ information and business data private.
 Considering the frequent loss of important business data regarding sales, monetary exchange
from the system, developed security measures prevent online threats of spams.
 Improved security policy and infrastructure is the reason why customers trust an organization
with their personal data (Zhang et al., 2015).
 The control over entire system increases and the cases of employees’ mistakes or practice of
stealing company property can be reduced.
 General data protection regulation has been structured to protect the rights of citizens of EU
from online breaches. It can be applied to every organization dealing with personal
information of citizens even if it is not located at EU (Maldoff, 2017).

2A DRAFT FOR RISK MANAGEMENT PLAN: HEALTH NETWORK, INC.
 As described in Chowdhury et al., (2013), Health insurance portability and accountability act
secures several rights of patients availing healthcare services and sharing personal data with
companies like Heath Network Inc.
Roles and responsibilities
 The risk manager with additional help from senior management team and executives jointly
develop and maintain methodology to identify financial expenditure caused due to the loss of
data and electronic devices.
 With the help of commercial insurance policies, RM can think of internal savings and reducing
the operational costs.
 Risk management and insurance budgets must be prepared after analysing all the potential
threats, so that the amount can be claimed.
 Operating procedures must be evaluated to measure risks before entering into any new
projects.
 The management team must assist by providing necessary information to look after the lose
or potential sectors carrying threats.
 Supervisors may follow strict routine of monitoring operations to avoid such situation and can
arrange occasional meetings and training sessions on risk management.
Risk mitigation plan
Loss of company data due to theft issues of hardware, company owned mobile phones and
laptops are major issues. Company resources are being spent due to the lack of proper security
measures. Revised risk management plan will claim the amount from the penalised employee of
outsider as well as legal steps will be taken. Although, natural disasters cannot be controlled; change
management plan needs to be implemented without bothering customers’ interest as company’s
profitability depends on their satisfaction. Internet threats can be avoided with application of it security
regulations like HIPPA and GDPR.

3A DRAFT FOR RISK MANAGEMENT PLAN: HEALTH NETWORK, INC.
References
Chowdhury, O., Gampe, A., Niu, J., von Ronne, J., Bennatt, J., Datta, A., ... & Winsborough, W. H.
(2013, June). Privacy promises that can be kept: a policy analysis method with application to
the HIPAA privacy rule. In Proceedings of the 18th ACM symposium on Access control
models and technologies (pp. 3-14). ACM.
Maldoff, G. (2017). The risk-based approach in the GDPR: interpretation and implications. IAPP
https://iapp. org/media/pdf/resource_center/GDPR_Study_Maldoff. pdf. Accessed, 12.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for
information security risk management. Computers & security, 44, 1-15.
Zhang, H., Chen, G., Ooi, B. C., Tan, K. L., & Zhang, M. (2015). In-memory big data management and
processing: A survey. IEEE Transactions on Knowledge and Data Engineering, 27(7), 1920-
1948.