Human Factors And Managing Risk Information Technology Essay

Technologies are advancing at an accelerated pace and are driving the transformation of many areas of society including healthcare. During the upcoming decade, the speed in which technology is moving, the scope and scale of the adoption of health Information Technology will only increase. All these advancements will also bring a new set of risk that will that will need to be address. Monitoring and assessing the impact of these new media, including mobile health, on public health will be challenging not to mention maintaining the privacy of the clients while protecting the infrastructure are risk that we will have to hit head on as technology is taking over the way we communicate and in the way we do our daily routing.

Risk Management plays a major role in producing a secure environment for an organization. By assessing and identifying specific threat that can cause damage to network components, hardware, and personnel, which can prevent the possible threats and establish the most effective corrective measures to avoid possible damage to systems or people.

Healthcare organizations with a poorly defined or incomplete security program may face large list of audit findings and security gaps. Simply throwing money at the problem without a clearly defined strategy will reduce the security budgets, without significantly improving the overall security posture. As the day-to-day operations of today’s hospitals and health care organizations have become more complex, so have the nature of the risks they face. The numerous of functions that must be effectively accomplished to be successful, risks to organizations can be miscellaneous, ranging from financial and operational to a growing amount of regulatory compliance concerns.

The health care sector continues to go through many changes, presenting several new risks and a multitude of complicated regulatory requirements. Risks are around every corner for the health care organizations, from facilities, legislation and regulatory developments to operational and financial concerns. It is sometimes difficult to be aware of emerging and existing risks while maintaining your focus on your organizational strategy, mission and patient care. One of the major risk with companies of such magnitude is the lack of enterprise-wide communication about risk issues is currently limited.

However, every risk matters to organizations as a whole even if individual issues do not seem relevant to certain business functions. Cooperation may be facilitated through a centralized, comprehensive incident management system that facilitates consistency and communication on relevant issues. Areas of risk are identified by investigating and evaluating specific cases, watching for trends, and then identifying indicators for ongoing monitoring. First assistance is given to specific departments to identify and correct environmental conditions and work practices that could result in injury or in initiation of a claim, and information obtained is then disseminated throughout the medical center.

Risk Management Components and Management Support

Protecting the rights of the patience is the key fundamental on the information assurance. Patients need to have the confidentiality that the healthcare provider is taking all the steps necessary to ensure proper handling of their information and that it will be in compliance with regulation dictated by the Federal Drug Administration.

Read also  Coding For Error Detection And Correction Information Technology Essay

Johnson and Johnson Compliance Committee reviews many forms of risk as well as our regulation imposed in the areas of healthcare compliance, government contracting, privacy legislation, quality, environmental health and safety and regulatory compliance. The Compliance Officers ensures that processes and monitoring are in place at the subsidiary and sector level to assess risk, monitor program results and ensure that corrective actions are ongoing.

Johnson and Johnson has followed the key components of Risk Management;

First and foremost the support of Senior Management by developing the awareness with their participation.

Developing the Framework with Policies.

Education and Communication of the policies and awareness education and recognition.

Managing risk at the Strategic Level

Managing Risk at the Business Level

Managing the monitoring process and reviewing the logs created

In all Risk Management policies there are pros and cons to keep in mind. Some risks are worth taken on the eyes of the business side. Managing Risk at the Business Level could jeopardize the security of the company. Quantitative risk assessments are impossible to obtain the actual costs related to an incident making it difficult to quantify the business impact.

Management always considers risk reduction an IT presumption and a non valid metric for the organization. Information Security has to present all their business matters in a form of a business case to protect the company of something that might or might not happen.

“Security risk is not measurable, because the frequencies and impacts of future incidents are mutually dependant on variables with unknown mutual dependency under control of unknown and often irrational enemies with unknown skills, knowledge, resources, authority, motives, and objectives-operating from unknown locations at unknown future times…”

Donn B. Parker titled “Risks of Risk-Based Security” (Communications of the ACM, March 2007, p. 120).

In the other hand, implementing a good risk assessment will only improve the company’s reputation when it comes to facing an audit. A business impact analysis predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. In order to provide a rigid plan, below are highlighted benefits to conduct a Business Impact Analysis (BIA).

Better Understanding

Identifies and quantifies the financial exposures of the business.

Open risk management communication channels between operational and executive management.

Determines requirements for business survival.

Clearer Focus

Provides vital information to make more precise decisions regarding risk retention and risk transfer.

Identifies risk improvement, business resilience and business continuity strategies.

Priorities risk resources, capital expenditure and actions for the business survival.

Greater Resilience

Raises the profile of risk management across the business.

Read also  Understanding The Term Data Processing Information Technology Essay

Drives business continuity management and makes the process more manageable.

Impacts operational and strategic planning through improved awareness of exposures.

Integrated findings into your enterprise risk management and corporate governance framework.

The Business Impact Analysis and Risk Assessment involve several steps:

Assess threats and risks

Inventory Corporate Assets

Identify Threats / Risk to specific to assets

Identify Existing Mitigation

Summarize the Operational Analysis

Assess data center vulnerabilities

Conduct an audit of the Data Center

Conduct probability assessments

Assign value to IT assets

Plan Against Downtime/Loss of Asset

Conduct a Business Impact Analysis

Determine cost versus risk tradeoff

Conduct ROI Studies

Maintain risk plans

Create Asset-Specific Risk Reports

Document, Track and Manage Risks

While identifying the key components of a Risk Management Program, training and education has been marked as one the most critical components. Security awareness training was identified as a major benefit to the company and was designed to change behavior and reinforce good security to minimize the risk of a breach. In the healthcare organization the compliance officer reviews the company safety and training measures to ensure they are in accordance with the Occupational Health and Safety Administration (OSHA).

The rules of HIPAA impose regulations on the Department of Health and Human Services (DHHS) to assure confidentiality and privacy of healthcare information that is electronically collected and maintained. Confidentiality of information is generally threatened by the risk of unauthorized access when is storage as well as the risk of interception while in transit. Since Email has become an organization medium of communication, a secure delivery of information becomes crucial for healthcare providers.

Listed below are HIPAA calls for civil and criminal penalties imposed:

Fines for violation could be up to $25,000 for multiple incidents in a calendar year

Fines up to $250,000 and/or imprisonment up to 10 years for known misuse of individually identifiable health information.

These penalties make it hard for anyone to assume the role of the compliance manager when you don’t have the full cooperation of the Senior Management.

Recommendations and Updates to Risk Management Program

Because all of our stakeholders depend on a safe and secure environment, one way we can improve the risk management at Johnson and Johnson is by understanding the importance of identifying and managing the risks. A risk for insignificant that might by seen on the eyes of the business, could end up been the biggest threat to the organization. Johnson & Johnson have branches in area propitious to bad weather that can become a major disaster for the companies; jeopardizing the production of one of their core products.

Extreme weather, such as a hurricane or flood, is the most significant possible impact to our business since it could cause the closure of a manufacturing facility, disruption in the supply chain or loss of product inventory. Climate change could also affect the availability of raw materials for Johnson & Johnson’s products.

Read also  Ethical And Legal Concerns Of Carnivore Systems Information Technology Essay

We (Information Technology Department) to minimize the impact caused by natural disaster, we have developed a plan to backup our data to the cloud. As part of the Disaster Recovery Plan (DRP) which consists of defining rules and process to ensure that the critical business processes will continue to function if there is a failure in one or more processes or in telecommunication resources in which the facility depends on.

Cloud computing is the delivery of IT infrastructure assets such as server capacity and software applications over the internet on a utility basis. It offers convenient and timely access to a shared pool of resources like servers, printers, storage and much more.

Healthcare IT infrastructure is highly complex. This is due to the fact that organizations have taken extra steps to safeguard patient’s vital data and it makes HIPAA compliant. It’s also imperative that information stored in data storage is available through right channels and to the right parties, enforcing a greater degree of control over all channels of operation.

Disaster recovery is one of a number of interconnected and overlaps business disciplines that involves in protecting the corporate assets. Information security defines the structure for protecting the corporate information resource, from the hardware to the network infrastructure, from the software to the process administration.

As the healthcare industry moves towards the adoption of electronic health records the need for a solid disaster recovery planning becomes more important. Due to the nature of the business, health care organizations must maintain a high degree of system and network availability and thru the cloud we will be able to maintain services across the organizations.

Conclusion

Protecting the rights of the patience is the key fundamental for healthcare companies. Johnson & Johnson Information Technology Department have made Information Assurance with Risk Management a top priority. Healthcare industries must comply with government regulations, their facilities must meet the minimum requirement to handle and prevent any type of intent for a security breach. Any risk for insignificant that it might be seems, needs to be looked at and have the means to resolve and protect the information in place.

Business impact analysis, companies need to distinguish between technical and business impacts. That is where many companies fail at this point because they perform their business impact without taking in consideration the technical aspect of the company.

We develop a Risk Management plan will ensure all the procedures and policies are up to date with the plan and the assignment that all stakeholders need to perform.

Disaster could happen anytime, as a good plan for disaster prevention and recovery, we need to:

Identify and evaluate the potential level and areas of business disaster

Identify the impact of disaster

Prioritize your business operations

Formulate recovery strategies

Test the plan

Review and update every six months.

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)