Healthcare Risk Management Report
Purpose (Who, Why)
The purpose of the risk management program is to protect patients, staff members and visitors from inadvertent injury. The program is also designed to protect the organization’s financial assets and intangibles, such as reputation and standing in the community.
The risk management plan is a primary tool for implementing the organization’s overall risk management program. It is designed to provide guidance and structure for the organization’s clinical and business services that drive quality patient care while fostering a safe environment.
The focus of the risk management plan is to provide an ongoing, comprehensive, and systematic ...view middle of the document...
Mitigate: Strong access controls. Base network access on job requirements. Provide reasonable access to facilities. Frequent internal reviews of system and facility access should be completed to ensure that access is controlled.
Social Engineering (UW Medicine Breach)
Risk: Employees may divulge too much information to the public. Social networking sites pose a risk of phishing for sensitive information, pose of risk of data breeches (HIPAA) and of corporate espionage.
Mitigate: Create policies on social network use at the office. Use a firewall and Internet restrictions to prevent access on company resources and time. Provide employee education on what a phishing request is and how to identify one.
Mobile Device Security (Illinois-based Advocate Health and Hospitals Corporation Breach)
Risk: Employee or Employer owned cell phones, smart phones, and tablets connect to networks and have company information on them.
Mitigate: Require a password to access the device. Install GPS on the device to locate it if the device is lost or stolen. Data encryption of e-mail and other company data.
Unpatched Software (CHSPSC Breach)
Risk: Un-patched software leaves programs and systems open to vulnerabilities.
Mitigate: Stay up to date on patches. Secure firewalls in place on organization’s network.
Cloud Computing (Sony Breach)
Risk: If the network fails, the entire system is unavailable for the entire organization. Cloud systems are not maintained in the office and access controls need to be implemented.
Mitigate: Have a business continuity plan in place. Consider the need for redundant systems. Make sure organization understands and has a service level agreement in place. Understand who may have access to your equipment and...