elite technology risk/mitigation plan [fall 2010] fall semester 2010

Elite Technology Risk/Mitigation Plan

[Fall 2010]

Fall Semester 2010

Risk Management – Identify Predominant Risks

• Risk of Inaccurately Calculating and Measuring Radiation using the system

• Risk of Leaking Patient Privacy• Risk of Unprotected Database• Risk of inoperable or Non-responsive System or Database• Risk of Entering Incorrect Information• Risk of Incorrectly tracking insurance information• Training Risks

T.C.A.Houston - Risk Matrix

WATCH FORUNEXPECTED CHANGES

MITIGATION PLAN REQUIRD AND CONTINUAL CHECK ING

ACTIONS TAKENVERY LITTLE PLANNING REQUIRED ACTION PLANS SET IN PLACE

Deg

ree

of

Imp

act

on

th

e P

roje

ct

High

Low

Probability of OccurringLow High

6

2

7

4

The chart shown refers to the Risk Mitigation Plan. The colors are ordered in levels of risk and importance with Red being the

highest risk.

3

1

5

View Details

# Step Description Output Level Status Notes1Risk of Inaccurately Calculating

and Measuring Radiation using the system

Measured radiation levels of patients is of extreme importance. This information is deemed highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire busines and the reputation of the doctors and technicians at risk.

Extreme Risk and High Importance

Pending Not as of yet Risk of unauthorized access

into the database Require every user to have a password and username to access the application


Pending Not as of yet Risk of loss of data entered

into the databaseRequire user to save all the information immediately after completion


Pending Not as of yet Risk of invalid input for client's

information by authorized userFormat each field that requires a user input to accept only the desired format


Pending Not as of yet Risk of natural Disaster -

HurricaneBackups all files and documents using SVN Extreme Risk and High

ImportancePending Not as of yet

Risk of natural Disaster - Sunami

Backups all files and documents using SVN Extreme Risk and High Importance

Pending Not as of yet Risk of natural Disaster -

TonadoBackups all files and documents using SVN Extreme Risk and High

ImportancePending Not as of yet

Risk of fire outbreak Backups all files and documents using SVN Extreme Risk and High Importance

Pending Not as of yet Risk of an authorized user

forgets his password and Username

Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available.

Extreme Risk / High Importance

Pending Not as of yet2Risk of Leaking Patient Privacy Patient privacy is required when dealing with

results of any confidential test that are done. The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit.

Extreme Risk / High Importance

Pending Not as of yet3Risk of Unprotected Database It is definitely important that our client has

security and peace of mid knowing that the database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized.

High Risk / High Importance

Pending Not as of yet4Risk of inoperable or Non-

responsive System or DatabaseBecause all of this information will be routinely used and accessed there is a risk for the system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible.

Moderate Risk/ Moderate Importance

Pending Not as of yet Risk of an authorized user

forgets his password and Username

Recommend User to use their names as Username and create a simple password they can remember. Also an option to reset password would be available.


Pending Not as of yet5Risk of Entering Incorrect

InformationWe runb the risk of entering the right information for the wrong patient. We need to design the database in a way that makes it as easy and fast as possible to inout correct information. Otherwise we risk the clinic having serious data issues.


Pending Not as of yet6Risk of Incorrectly tracking

insurance informationThere is a risk of incorrectly tracking patient insurance information. This could effect the clinic financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized.

Mid-Low Risk/ Moderate Importance

Pending Not as of yet Risk of computer malfunctions Store all backups using SVN on computers in two

different locationMid-Low Risk/ Moderate Importance

Pending Risk of computer malfunctions Store all backups using SVN on computers in two

different locationLow Risk /Lower Importance

Pending Risk of low signal for internet

connectionUse a reliable company that provide internet service. (AT&T)

Low Risk /Lower Importance

Pending Risk of not being able to

access the web application because NO internet service provide is available on the computer

Verify that each computer has at least internet explorer and Mozilla Firefox installed


Pending 7Training Risks There is a risk of Improperly training each staff

member on how to use the system. This would lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients.


Pending Not as of yet

Risk of Inaccurately Calculating and Measuring Radiation using the system

Assumption:• We will effectively design a system that accurately organizes and tracks this information.

Potential Risks:• Measured radiation levels of patients is of extreme importance. This information is deemed

highly sensitive for Texas Cardiology Associates. Overexposure to radiation as well as too many test involving radiation can have serious long term effects. We would like to keep track of how many times a patient has had test involving radiation as well. The risk of inaccurately puts the entire business and the reputation of the doctors and technicians at risk.

Plans to Mitigate Risks:• We will allow for a section in the application that will look for errors specifically in this section.

Risk of Leaking Patient Privacy

Assumption:• We will effectively protect this information

Potential Risks:• Patient privacy is required when dealing with results of any confidential test that are done.

The system MUST be secure against unauthorized access to this confidential action. If not the entire clinic could be jeopardized and could be penalized. Their is a risk of a heavy lawsuit.

Risk Assessment:• We will deploy techniques to secure and password protect the web application. We will also

apply user privileges and administrative rights.

Risk of Unprotected Database

Assumption:• We will successfully protect and secure the system designed for TCA Houston

Potential Risks:• It is definitely important that our client has security and peace of mid knowing that the

database and information is secure and accessed by clinic staff ONLY. The information in this type of database that deals with healthcare cannot be jeopardized.

Plans to Mitigate Risks:• Database needs only to be accessible on site. Database needs to be password protected.

Database needs to be backed up in multiple places.

Risk of inoperable or Non-responsive System or Database

Status:• We will execute database performance techniques that should serve as preventative

measures

Potential Risk:• Because all of this information will be routinely used and accessed there is a risk for the

system being too slow or down. This would cause a problem because then patients would suffer longer waiting times and there may be some confusion or loss of information regarding a patient. Information needs to be readily accessible.

Plans to Mitigate Risk:• We will performed useful and effective database tuning and performance techniques.

Risk of Entering Incorrect Information

Assumption:• We will design the system and application in a way that it is easy to properly enter this

information.Potential Risks:• We run the risk of entering the right information for the wrong patient. We need to design the

database in a way that makes it as easy and fast as possible to input correct information. Otherwise we risk the clinic having serious data issues.

Plans to Mitigate Risks:• We will allow as little typing as possible and as many dropdown/button/lists as possible. We

want to try and prevent human error.

Risk of Incorrectly tracking insurance information

Assumption:• We will design the application in a way that will successfully track this information.Potential Risks:• There is a risk of incorrectly tracking patient insurance information. This could effect the clinic

financially and cause a hassle or slow process while these errors or beinf resolved. We do not want to hinder the cashflow of the business in any way so we want to make sure insurance information is correctly and efficiently organized.

Plans to Mitigate Risks:• TBD

Training Risks

Assumption:• We will be able top provide useful and easy to understand training material for staff members.Potential Risks:• There is a risk of improperly training each staff member on how to use the system. This would

lead to errors and extended waiting time during business hours which would in effect allow them to see fewer patients.

Plans to Mitigate Risks:• Provide video and text referencing for our client.

elite technology risk/mitigation plan [fall 2010] fall semester 2010

Documents