elite technology risk/mitigation plan [fall 2010] fall semester 2010
TRANSCRIPT
Elite Technology Risk/Mitigation Plan
[Fall 2010]
Fall Semester 2010
Risk Management – Identify Predominant Risks
• Risk of Inaccurately Calculating and Measuring Radiation using the system
• Risk of Leaking Patient Privacy• Risk of Unprotected Database• Risk of inoperable or Non-responsive System or Database• Risk of Entering Incorrect Information• Risk of Incorrectly tracking insurance information• Training Risks
T.C.A.Houston - Risk Matrix
WATCH FORUNEXPECTED CHANGES
MITIGATION PLAN REQUIRD AND CONTINUAL CHECK ING
ACTIONS TAKENVERY LITTLE PLANNING REQUIRED ACTION PLANS SET IN PLACE
Deg
ree
of
Imp
act
on
th
e P
roje
ct
High
Low
Probability of OccurringLow High
6
2
7
4
The chart shown refers to the Risk Mitigation Plan. The colors are ordered in levels of risk and importance with Red being the
highest risk.
3
1
5
View Details
# Step Description Output Level Status Notes1Risk of Inaccurately Calculating
and Measuring Radiation using the system
Measured radiation levels of patients is of extreme importance. This information is deemed highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire busines and the reputation of the doctors and technicians at risk.
Extreme Risk and High Importance
Pending Not as of yet Risk of unauthorized access
into the database Require every user to have a password and username to access the application
Extreme Risk and High Importance
Pending Not as of yet Risk of loss of data entered
into the databaseRequire user to save all the information immediately after completion
Extreme Risk and High Importance
Pending Not as of yet Risk of invalid input for client's
information by authorized userFormat each field that requires a user input to accept only the desired format
Extreme Risk and High Importance
Pending Not as of yet Risk of natural Disaster -
HurricaneBackups all files and documents using SVN Extreme Risk and High
ImportancePending Not as of yet
Risk of natural Disaster - Sunami
Backups all files and documents using SVN Extreme Risk and High Importance
Pending Not as of yet Risk of natural Disaster -
TonadoBackups all files and documents using SVN Extreme Risk and High
ImportancePending Not as of yet
Risk of fire outbreak Backups all files and documents using SVN Extreme Risk and High Importance
Pending Not as of yet Risk of an authorized user
forgets his password and Username
Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available.
Extreme Risk / High Importance
Pending Not as of yet2Risk of Leaking Patient Privacy Patient privacy is required when dealing with
results of any confidential test that are done. The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit.
Extreme Risk / High Importance
Pending Not as of yet3Risk of Unprotected Database It is definitely important that our client has
security and peace of mid knowing that the database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized.
High Risk / High Importance
Pending Not as of yet4Risk of inoperable or Non-
responsive System or DatabaseBecause all of this information will be routinely used and accessed there is a risk for the system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible.
Moderate Risk/ Moderate Importance
Pending Not as of yet Risk of an authorized user
forgets his password and Username
Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available.
Moderate Risk/ Moderate Importance
Pending Not as of yet5Risk of Entering Incorrect
InformationWe runb the risk of entering the right information for the wrong patient. We need to design the database in a way that makes it as easy and fast as possible to inout correct information. Otherwise we risk the clinic having serious data issues.
Moderate Risk/ Moderate Importance
Pending Not as of yet6Risk of Incorrectly tracking
insurance informationThere is a risk of incorrectly tracking patient insurance information. This could effect the clinic financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized.
Mid-Low Risk/ Moderate Importance
Pending Not as of yet Risk of computer malfunctions Store all backups using SVN on computers in two
different locationMid-Low Risk/ Moderate Importance
Pending Risk of computer malfunctions Store all backups using SVN on computers in two
different locationLow Risk /Lower Importance
Pending Risk of low signal for internet
connectionUse a reliable company that provide internet service. (AT&T)
Low Risk /Lower Importance
Pending Risk of not being able to
access the web application because NO internet service provide is available on the computer
Verify that each computer has at least internet explorer and Mozilla Firefox installed
Low Risk /Lower Importance
Pending 7Training Risks There is a risk of Improperly training each staff
member on how to use the system. This would lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients.
Low Risk /Lower Importance
Pending Not as of yet
Risk of Inaccurately Calculating and Measuring Radiation using the system
Assumption:• We will effectively design a system that accurately organizes and tracks this information.
Potential Risks:• Measured radiation levels of patients is of extreme importance. This information is deemed
highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire business and the reputation of the doctors and technicians at risk.
Plans to Mitigate Risks:• We will allow for a section in the application that will look for errors specifically in this section.
Risk of Leaking Patient Privacy
Assumption:• We will effectively protect this information
Potential Risks:• Patient privacy is required when dealing with results of any confidential test that are done.
The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit.
Risk Assessment:• We will deploy techniques to secure and password protect the web application. We will also
apply user privileges and administrative rights.
Risk of Unprotected Database
Assumption:• We will successfully protect and secure the system designed for TCA Houston
Potential Risks:• It is definitely important that our client has security and peace of mid knowing that the
database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized.
Plans to Mitigate Risks:• Database needs only to be accessible on site. Database needs to be password protected.
Database needs to be backed up in multiple places.
Risk of inoperable or Non-responsive System or Database
Status:• We will execute database performance techniques that should serve as preventative
measures
Potential Risk:• Because all of this information will be routinely used and accessed there is a risk for the
system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible.
Plans to Mitigate Risk:• We will performed useful and effective database tuning and performance techniques.
Risk of Entering Incorrect Information
Assumption:• We will design the system and application in a way that it is easy to properly enter this
information.Potential Risks:• We run the risk of entering the right information for the wrong patient. We need to design the
database in a way that makes it as easy and fast as possible to input correct information. Otherwise we risk the clinic having serious data issues.
Plans to Mitigate Risks:• We will allow as little typing as possible and as many dropdown/button/lists as possible. We
want to try and prevent human error.
Risk of Incorrectly tracking insurance information
Assumption:• We will design the application in a way that will successfully track this information.Potential Risks:• There is a risk of incorrectly tracking patient insurance information. This could effect the clinic
financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized.
Plans to Mitigate Risks:• TBD
Training Risks
Assumption:• We will be able top provide useful and easy to understand training material for staff members.Potential Risks:• There is a risk of improperly training each staff member on how to use the system. This would
lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients.
Plans to Mitigate Risks:• Provide video and text referencing for our client.