Introduction

Organizations, in particular, health organizations require constant evaluation and monitoring to identify any possible threats that might be prevalent with the systems (Pritchard & PMP, 2014). In this regard, therefore, it becomes imperative for Health Network, Inc. to develop a risk management plan that would help to foresee threat, estimate impacts, and define responses to issues. The purpose of this risk management plan is to determine how risks associated with offering the company’s products- HNetExchange, HNetPay, and HNetConnect will be identified, analyzed, and managed. Besides, the risk management plan will be used as a guideline that offers guidance for the company’s business services that drive quality patient care while fostering a safe environment.Thus, the primary aim of the risk management plan is to offer an ongoing, comprehensive, and systematic approach to reducing risk exposures.

Scope

An individual will develop the risk management plan with a background in information technology with the help of the company’s management(Gibson, 2014).This individual will ensure that risks are actively identified, analyzed, and managed to help minimize their impact. The identification of risks will encompass an evaluation of environmental factors and organizational culture.Risk analysis will involve the assessment of the already identified risks to determine the range of possible project outcomes.  Both the quantitative and qualitative analysis will help to determine the probability and the impact of the risks. Depending on the effect the identified risks are bound to cause, the following strategies will be used to manage the risks: avoidance, and mitigation. Additionally, the plan will cover the different compliance laws and regulations the company must comply and the different roles and responsibilities the concerned relevant parties will play.

Compliance Laws and Regulations

Among the many compliance laws and regulation that Health Network, Inc. must comply is the Healthcare Information Portability and Accountability Act (HIPPA). Through the provisions of HIPPA, Health Network, Inc. will be required to ensure the protection and confidentiality of patient health information. Thus, the company must at all time provide zero breaches of data as this result in legal cases filed against it. Patient information should never be shared with third parties without the consent of the patient. The company must also comply with the Health Information Technology for Economic and Clinical Health Act (HITECH). This Act promotes standardized electronic health records (EHR). Through the provisions of this law, the company will be required to maintain privacy and security concerns of patient data, electronic health record files, and the process through this data and files are shared. Noncompliance to these laws would render the company to face a fine of up to $1.5 million.

Roles and Responsibilities

Every stakeholder in the company has a role to play to ensure that both insider and outsider threats are eliminated or minimized(Gibson, 2014). The over 600 employees working within the company will be required to provide any relevant information that can help to identify, analyze and manage risks. Besides, they have the responsibility of maintaining the codes of ethics and making sure they report any threat that they discover in the organization. The top-level managers have the responsibility of ensuring that the company has complied with all the state laws and regulations (Gibson, 2014).It is also their responsibility to act quickly by providing funds to mitigate risks whenever they are identified. Lastly, the third-party data center hosting vendors has the burden of ensuring that the company’s data and the information is kept safe and that no unauthorized person has access to it.In assessing the threats within a project, the team leaderis responsible for ensuring that quality objectives are established, conduct management reviews, and ensuring resources are provided on time. Information technology members will be involved in ensuring that loopholes in the information technology systems are closed. They will also be involved in developing stronger IT systems that will help in detecting potential data breaches long before they happen. Like IT members, network administrators will be responsiblefor maintaining computer infrastructures with an emphasis on networking to networking to ensure loopholes in systems are completely sealed. The roles ofthephysical security personnel are ensuring no unauthorized personnel gain asses to the companies premises. The legal team will offer guidance on compliance matters while the human resources department will have the responsibility of ensuring the hired employees are qualified and people who can be trusted with the properties of the company.

Risk Mitigation Plan

The problem of the loss of data from the company through the removal of hardware from the systems can be solved by employing specific individuals to monitor the devices from being handled by unauthorized people.  Loss of company assets through theft can be addressed by installation of trackers and cameras which can be able to capture intruders by they can get hold of the assets.  The threat of loss of customers due to production outage can be solved through the creation of awareness and a platform where the customers and patients feel part of the medical facility (Larson, & Gray, 2015). To eliminate the internet threat where the products are accessed the company should create a portal where only the personnel and the company’s customers can view ones they are subscribed into it. Insider threats can be solved by only allowing the informational technology manager to be the only person who can access sensitive information about the company. To deal with the changes in the regulatory landscape the only way to deal with this is by keeping up to date with the changes and making sure that they are followed.

References

Gibson, D. (2014). Managing risk in information systems. Jones & Bartlett Publishers.

Larson, E. W., & Gray, C. F. (2015). A Guide to the Project Management Body of Knowledge: PMBOK (®)           Guide. Project Management Institute.

Pritchard, C. L., & PMP, P. R. (2014). Risk management: concepts and guidance. Auerbach Publications.

Do you need high quality Custom Essay Writing Services?