Risk Management Plan for Health Network: A Comprehensive Project

Verified

Added on 2023/06/04

AI Summary

This project presents a comprehensive risk management plan for Health Network, addressing existing and potential risks within its information systems. The plan emphasizes compliance with HIPAA and HITECH acts, detailing specific measures for data auditing, backup, disaster recovery, and high-level protection, including data encryption in cloud platforms. It defines roles and responsibilities for risk managers, healthcare managers, the administrative department, and the IT head, focusing on financial safety, patient care, and information security. The plan identifies threats such as communication gaps, missing information, outdated procedures, and hacking attempts, proposing mitigation strategies based on reviewing employee, patient safety, and security events. The goal is to reduce risks to patients, doctors, and staff by implementing preventive and mitigative actions, ensuring data security and operational continuity within Health Network.

Running Head: RISK MANAGEMENT PLAN OF HEALTH NETWORK
Risk management plan
Name of the student:
Name of the university:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1RISK MANAGEMENT PLAN OF HEALTH NETWORK
Table of Contents
1. Scope of mitigation plan.......................................................................................................................... 2
2. Compliance Laws and Regulations that comply with Health Network......................................................2
3. Roles and responsibilities........................................................................................................................ 4
4. Risk mitigation plan.................................................................................................................................. 6
5. References.............................................................................................................................................. 7

2RISK MANAGEMENT PLAN OF HEALTH NETWORK
1. Scope of mitigation plan
The risks that already exists in previous risk mitigation plan are internet threats that might happen
as data of Health Network can now be accessed with the help of internet, data loss due to removal of
hardware from production systems and threats from employees inside Health Network. Additionally,
assets owned by Health Network like laptops and mobile devices can be lost or stolen.
The customers of Health Network might face problem with change in management of the
organization, use of unstable software and natural disasters. As a result, production outages can be
experienced that will lead to loss of customers. Therefore, the senior managing authorities of Health
Network have decided to replace the existing risk mitigation plan with a new one (Grol et al., 2013).
The new risk mitigation plan will be able to eliminate existing risks. This plan would be able to
understand the current situations that exists within the security network of Health Network and would also
be able to put forward certain recommendations in order to overcome the existing risks. This proposed
risk management plan would be able to discuss about the ways in which the security architecture would
be able to secure the data of the company, protect the computer systems from internal threats, check the
situations that could impact the operations within the organisation and would check the network
architecture within the systems.
This mitigation plan also helps in discussing the different kinds of laws and regulations related to
compliance. It also discusses about the people who would be involved within the risk management
scenario and their prescribed roles and responsibilities. The risk management plan would also focus on
the different identifiable threats within the scenario and thus propose certain mitigation steps against
those threats (Abdelhak, Grostick & Hanken, 2014).
2. Compliance Laws and Regulations that comply with Health Network
Healthcare compliance is generally considered to be a general term that is based on certain form
of guidelines, conventions, state and federal laws. There are different practices within clinics that would
be fully dedicates for fulfilling the regulations meant for the protection of the rights of doctors, patients and
staff. These laws and regulations would be able to assure people of their privacy of the personal

3RISK MANAGEMENT PLAN OF HEALTH NETWORK
information. These laws would also assure that the medical information would be presentable according
to proper standards (Seddon & Currie, 2013).
Based on the identified risks on the organization, it could be proposed that Health Network should
accord to the minimum standards based on the protection of the Information Systems within the
organization (Greer et al., 2013). Hence the new Information Systems and the according products within
the organization should comply with the HITECH and HIPAA Acts. These acts help in providing general
minimum standards based on the protection of the health information of the person and the entire
systems (Solove, 2013).
Some of the proposed laws and regulations within the Health Network in compliance with the
HITECH and HIPAA Acts are:
1. Auditing and Backup of Data – It should be checked whether the servers would be able to
run activity log files to the packet layer based within the virtual servers of the individuals. A proper form of
auditing should be performed on the existing network (Rodrigues et al., 2013). Backup of data is the most
important concern. Health Network undertakes the responsibility of their different offered products such as
HNetPay, HNetExchange and HNetConnect, which are mainly responsible for processing payments,
registering information of individuals and serving electronic medical messages. Hence the proposed laws
should be based on securing these vital information (Harvey & Harvey, 2014).
2. Disaster Recovery Requirements – The HIPAA Act should be able to provide high kind of
standards based on protecting the information of the individuals and hospitals during situations of
emergency. Exact and retrievable copies of the health information based on an electronic format should
be available. The disaster recovery process based under the HIPAA Act is an expensive infrastructure
and hence Health Network should comply with such standards (Snedaker, 2013).
3. High-Level Protection – The data that is mainly processed within Health Network is entirely
based on messages that are passed on within the network, the web portal that links doctors and patients
and also a payment portal. Each of these products requires high level of secure services in order to
provide efficiency of security within the networks. Most of these data are passed on the basis of cloud

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4RISK MANAGEMENT PLAN OF HEALTH NETWORK
infrastructure. Hence the data transferred within the cloud should be safeguarded with proper methods of
encryption (Kagan, Thornton & Cunningham, 2017).
There should be a close view over the different security policies and processes in regards with
the data of the patients and doctors. These practices of securing the data should be in compliance with
the Security Rule of HIPAA. This form of attention would be able to allowing the individuals to understand
about the options based on data restrictions within the information systems. These defined laws would be
able to monitor the systems based on providing fast alerts and lock down the systems in cases of threats
and attacks.
4. Data Encryption in Cloud Platforms – The security rules embedded within the HIPAA Act
would be able to address certain kinds of specifications in regards to the encryption of the health
information within the storage systems. The generated files within the hospital networks should be
properly encrypted with high kinds of technologies such as 256-bit AES algorithms (Demirkan & Delen,
2013).
3. Roles and responsibilities
There could be different forms of risks within the Health Network. These risks could be in relation
with the staff, patients, doctors and various other sector of the concerned organization. Hence it would be
extremely necessary for the Health Network organization to have a dedicated community of risk
managers. They would be responsible for assessing the information systems within the organization,
develop and thus implement newer kinds of strategies (Abdelhak, Grostick & Hanken, 2014). They would
also be responsible for monitoring the risk management plans. There are many important priorities within
the healthcare organization, which includes financial safety, patient care and information security of the
various kinds of documents.
Different risk managers based within the domain of Information Security of the organisation would
be hired and thus trained for the purpose of handling the various kinds of issues faced by the
organisation. The primary roles of the risk managers within the Health Network would be:
 Protection of Financial, Insurance and Management of Claims within the organization.

5RISK MANAGEMENT PLAN OF HEALTH NETWORK
 Managing of the several events and incident risks.
 Perform a high level of clinical research based on the information systems that store the
important data of the organisation.
 Prepare the organisation for facing different situations of emergencies.
The Health Network should also hire Healthcare Managers. They would hold the responsibility of
identifying the approachable risks that might affect the healthcare information systems. They should also
be able to perform evaluation on the risks within the information systems. They would also be responsible
for the reduction of injuries to the patients, staff members and other visitors within the organisation
(Nelson & Staggers, 2016). They should work together with the risk managers in a proactive manner and
thus react accordingly for preventing the incidents or minimizing the damages that might be followed after
an unforeseen incident.
The administrative department within the organization would also be responsible for handling the
different situations of risks and should also perform certain functions:
 They should identify and facilitate the education of staff within Health Network at their initial
orientation. They should also provide training sessions based on Risk Management Program,
Identification of Potential Risks and thus provide Reduction Strategies and Expectations.
 They should provide assurance about the identified strategies.
 Identify the risks and develop improvement of the risk management scenarios.
The IT head within the organization should also hold the responsibility of viewing the entire IT
systems and the developed strategies, which should be implemented within the organizational IT
systems. They should directly interact with the security managers and other departments about the needs
and in other cases of emergencies. Hence they should try to implement such kind of systems, which
would prove to be beneficial for the systems. The Health Network offers certain products, which majorly
deals with the records of the patients and payment details. Hence the main role of the various
departments should be focused on the need of development of secure IT systems that would be able to
demonstrate a full secure system (Raj-Reichert, 2013).

6RISK MANAGEMENT PLAN OF HEALTH NETWORK
4. Risk mitigation plan
Risk Management could be defined as the process of the reduction of risks within the healthcare
organization that might pose harm to various individual patients, doctors and other staff within the
organization. This form of plan would encompass the different activities that would surround the
prevention and migration of certain events for the purpose of reducing poor form of outcomes. The risk
management plan makes the high use of data generated within an organization. Hence, this data would
be perform certain evaluation of the systems and would also catch certain form of situations of high risks
that might be posed to the organization (Lundgren & McMakin, 2018).
The risk management plan would help in identification of threats that are often posed with the use
of information systems within the Health Network organization. Some of the vital form of threats that could
be identified with the help of this plan are:
 Gaps within communication between the emergency department and the different surgical units.
 Missing information within the electronic health records.
 Outdated procedures, policies and expired protocols.
 Hacking of computers and information systems for gaining confidential information.
Based on the identification of the threats within the organization with the help of the risk
management plan, it could be discussed that the Health Network should have a proper team who would
hold the responsibility of performing a review of the systems within the organization. The mitigation of the
identified threats and risks could be reduced based on reviewing the collected from employee events,
patient safety events and security events (Coronado & Wong, 2014). Mitigation could be defined as the
form of process based on evaluation of data based on assessing data and identified situations of risks.
The risk management team should follow a particular plan in order to find out the exclusive needs for
proceeding with the task of mitigating the unusual circumstances. The mitigation plan should be able to
provide a wide range of options based on handling the potential forms of threats.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7RISK MANAGEMENT PLAN OF HEALTH NETWORK
5. References
Abdelhak, M., Grostick, S., & Hanken, M. A. (2014). Health Information-E-Book: Management of a
Strategic Resource. Elsevier Health Sciences.
Coronado, A. J., & Wong, T. L. (2014). Healthcare cybersecurity risk management: Keys to an effective
plan. Biomedical instrumentation & technology, 48(s1), 26-30.
Demirkan, H., & Delen, D. (2013). Leveraging the capabilities of service-oriented decision support
systems: Putting analytics and big data in cloud. Decision Support Systems, 55(1), 412-421.
Greer, S. L., Hervey, T. K., Mackenbach, J. P., & McKee, M. (2013). Health law and policy in the
European Union. The Lancet, 381(9872), 1135-1144.
Grol, R., Wensing, M., Eccles, M., & Davis, D. (Eds.). (2013). Improving patient care: the implementation
of change in health care. John Wiley & Sons.
Harvey, M. J., & Harvey, M. G. (2014). Privacy and security issues for mobile health platforms. Journal of
the Association for Information Science and Technology, 65(7), 1305-1318.
Kagan, R. A., Thornton, D., & Cunningham, N. A. (2017). Motivating management: Corporate compliance
in environmental protection. In Crime and Regulation (pp. 203-230). Routledge.
Lundgren, R. E., & McMakin, A. H. (2018). Risk communication: A handbook for communicating
environmental, safety, and health risks. John Wiley & Sons.
Nelson, R., & Staggers, N. (2016). Health Informatics-E-Book: An Interprofessional Approach. Elsevier
Health Sciences.
Raj-Reichert, G. (2013). Safeguarding labour in distant factories: Health and safety governance in an
electronics global production network. Geoforum, 44, 23-31.
Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security
and privacy requirements of cloud-based electronic health records systems. Journal of medical
Internet research, 15(8).

8RISK MANAGEMENT PLAN OF HEALTH NETWORK
Seddon, J. J., & Currie, W. L. (2013). Cloud computing and trans-border health data: Unpacking US and
EU healthcare regulation and compliance. Health policy and technology, 2(4), 229-241.
Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. Newnes.
Solove, D. J. (2013). HIPAA turns 10: analyzing the past, present, and future impact.