Risk planning and Management

Risk planning and Management
Student’s name
Institution affiliation
 
Risk Planning and Management
The healthcare records are prone to various risks. They must be protected to ensure that the patient confidentiality is maintained. The outline will discuss the survey and legal requirements, the risk profile and a mitigation plan.
Survey, legal and regulatory applicability
It’s a legal requirement that the information regards the client be protected by means. Essentially, healthcare organizations globally are required to identify the ePHI created maintained and received by any other organization to ensure that a smooth process of risk management within the health care is maintained. In the United States, for instance, the management and protection of patient records are covered under the “Health Insurance Portability and Accountability Act of 1996 (HIPAA) security regulations” CITATION Kri18 l 1033 (Lee, 2018). Essentially, the act explains that patient records or information produced being saved or transferred in an electronic form must be protected. All the data regarding any particular information must be kept safe. Failure by any organization to protect the patients’ records may attract a penalty as to the regulations of the law. The firm lacks a backup for the data and relies on a single server. There are risks that may cause the company to go contrary to the provisions of the law thus, a risk assessment and a clear plan of neutralizing the risks must be set.
Risk profile
In determining the risk profile, three methods are used to acquaint oneself with the risks.

They include the Top-10 profiling, risk map, and heat map profilingCITATION Sma04 l 1033 (Smallwood, 2004). Typically, this paper will use the top-10 profiling
Loss of data- loss of data especially of the clients has been common in some hospitals. Now, when the information is left in the hands of a single server, there is a risk of losing the data when something affects that server. In addition, if the server experiences breakdown for a longer period, access to the existing data may be difficult. Furthermore, without a backup, the retrieving of the information may be difficult
Access by unauthorized people- the other risk is the access by unauthorized people. Different people may access a single server if the person held responsible for maintaining it is careless. Apparently, there may be cases of authorized people accessing a company’s server especially when the employee within that unit is not loyal and has secret ambitions.
Data hacking- In the 21st century, data hacking has been a threat to electronic protected health information. The hackers are using that information for malicious activities which makes it a risk. When the data is stored on a single server, it will be prone to hacking. A single server may not have security protocols that are difficult to break thus causing a risk to the stored information. Furthermore, when the data is hacked, the hacker may take it as leverage to seek compensation since the firm has no backup. In addition, the hackers alter may alter the information stored causing inaccuracies of the information stored.
Malware attack- sometimes, its advisable to protect data by installing an anti-virus. In a single server, ignoring to update the security features is a common mistake. Thus, a malware may be deliberately installed and compromise with the data that is in the database. The risk has been assessed and the as the COO, the issue should not be underrated.
Financial losses- when the firm has been breached and attacked by hackers, the chances that the affected patients seeking compensation are high. In addition, the legal processes that arise may cause financial damage to the firm. Typically, the firm has a religious background that may ruin if the law is not followed. The company will end up experiencing losses that would have been prevented. Notably, hackers who hold data as leverage may also seek money in exchange for the lost data which is a risk that the firm may not take at the moment.
Mitigation plan
The mitigation plan will comprise of a solid plan for solving the risks mentioned in the risk profiling section. First, the company will have to create a backup plan for the existing data. Essentially, a plan to back up the data will act as a security measure in case that data is breached or lost. Secondly, the firm will set up measures to improve the security control measures. In this regard, experts in information technology will be employed to ensure that the security protocols are tightened. The experts may be rooted from a strong religious faith who is committed to performing their duties diligently. They will additionally be responsible for monitoring of the systems and seal any security loopholes. Thirdly, the company must set up a way of updating an anti-software program automatically. Primarily, the plan is to ensure that malware attack is blocked before it affects the stored data. Finally, the firm will educate the employees on the patient electronic health records. The education could be done on church seminars and conferences with many people attending. With this, it’s likely that the information will spread even to the patients. The move will ensure that they are up to date with the current technology, which will minimize accidental data leakage.

Reference
BIBLIOGRAPHY l 1033 Lee, K. (2018, February 2). Health. Retrieved from TechTarget: http://searchhealthit.techtarget.com/photostory/450298830/HIPAA-violation-examples-The-five-most-common-mistakes/3/ePHI-Healthcare-risk-management-and-risk-analysis-mistakes
Smallwood. (2004). Risk Assessment and Strategic Planning. Information Governance, 43-51.