The purpose of this assignment is to analyze how an organization’s quality and improvement processes contribute to its risk management program.
This assignment builds on the Risk Management Program Analysis â€“ Part One assignment you completed in Topic 1 of this course.
Assume that the sample risk management program you analyzed in Topic 1 was implemented and is now currently in use by your health care employer/organization. Further assume that your supervisor has asked you to create a high?level summary brief of this new risk management program to share with a group of administrative personnel from a newly created community health organization in your state who has enlisted your organization’s assistance in developing their own risk management policies and procedures.
Compose a 1,250?1,500 word summary brief that expands upon the elements you first addressed in the Topic 1 assignment. In this summary brief, address the following points regarding your health care organization and its risk management program:
Explain the role of your organization’s MIPPA-approved accreditation Â Â Â Â Â body (e.g., JC, ACR, IAC) in the evaluation of your institution’s quality Â Â Â Â Â improvement and risk management processes.
Describe the roles that different levels of administrative personnel Â Â Â Â Â play in healthcare ethics and establishing or sustaining Â Â Â Â Â employer/employee-focused organizational risk management strategies and Â Â Â Â Â operational policies.
Illustrate how your organization’s risk management and compliance Â Â Â Â Â programs support ethical standards, patient consent, and patient rights Â Â Â Â Â and responsibilities.
Explain the legal and ethical responsibilities health care Â Â Â Â Â professionals face in upholding risk management policies and administering Â Â Â Â Â safe health care at your organization.
Relate how your organization’s quality improvement processes support Â Â Â Â Â and contribute to its overall journey to excellence.
Risk management Program Analysis
Risks can be experienced in any organization regardless of the sector in which it belongs.
However, these risks can be managed effectively through a risk management plan. In this case, a
risk management plan refers to the documentation of the risks an organization is likely to
experience, the potential damages likely to be caused, and the appropriate methods designed to
address such issues (Force, 2018). Based on the current advancing level of technology, the risks
likely to be experienced in various organizations are associated with technological equipment
and devices. For example, Harris County Hospital (HCH) has been experiencing several
technology-related risks, such as system failure and access to patient information by
unauthorized individuals leading to information loss (Abraham et al., 2019). Such an
organization can develop a technology-related risk management plan to enable new employees to
avoid such risks, thus preventing the loss of critical patient information. Therefore, the
organization selected is Harris County Hospital, while the risk management plan chosen involves
a technology-related risk management plan focusing on patient information loss through system
failures and access to databases by unauthorized individuals.
Summary of the Risk Management Plan
The technology-related risk management plan has been developed for the new employees
in HCH since the facility has been losing much information recently, leading to significant
challenges in healthcare service delivery. In most cases, technology-related failures are
experienced when new employees are hired in the facility and assigned to different roles without
sufficient training on handling various technological devices and equipment (Force, 2018). In
this case, the role of the risk management team is to ensure that the new employees are familiar
with the risks likely to be experienced in the organization, their potential damages, and how to
mitigate them. Therefore, the risk-targeted in this plan involves preventing patient information
loss through system failures and access to databases by unauthorized individuals. The reason for
selecting the organization and the risk management plan is to secure patient information from
being lost and prevent unauthorized access to the databases.
The Standard and the utilized Administrative Steps and Processes
In healthcare organizations, there are no chances for trial-and-error practices since the
facilities deal with human lives. Any risk that can be experienced in a healthcare facility can
contribute to the loss of lives or deteriorated health conditions among patients (Force, 2018).
Therefore, taking various precautions and measures to mitigate the occurrence of risks is critical.
During risk management in a healthcare organization, the standard steps recommended include
risk identification, risk assessment, risk mitigation, contingency planning, as well as review and
monitoring (Force, 2018). On the other hand, the risk management team in HCH has considered
the same steps in risk management to ensure that there is effectiveness and efficiency in the
practice. The standard and the utilized risk management steps considered are as follows.
Step-1 Risk Identification
Risk identification is considered to be the first step in managing risk (Force, 2018). HCH
starts with this step as per the recommended standard steps. During this step, the risk
management team usually attempts to identify the risks likely to be experienced in the facility.
For effective and efficient identification of the risks, the risk management team usually
collaborates with the informatics team to carry out an information systems audit. This practice
assists in understanding the most common mishaps and methods through which patient
information is accessed through unauthorized routes.
Step-2 Risk Assessment
After identifying a risk that is likely to occur, the risk management team assesses the
potential damage that may be caused by the issue (Force, 2018). The bigger the damage, the
more urgency, and attention given to the risk to mitigate it. Based on the damage likely to be
caused, several potential solutions are proposed for the most appropriate one to be selected. For
example, some solutions proposed to prevent the loss of patient information through
unauthorized access may include securing databases with passwords and creating an information
Step 3- Risks Mitigation
During this step, the most appropriate solution among the proposed ones is chosen
(Force, 2018). For example, the solution to prevent unauthorized access to patient information
may involve securing the databases with passwords or security keys. On the other hand, the
appropriate solution to avoid the loss of patient information may involve creating an information
Step 4- Contingency Planning
This step involves planning for or implementing the most appropriate proposed solution
(Force, 2018). If the proposed solution involves securing the databases with security keys or
passwords, they are created during this step. On the other hand, if the proposed solution involves
creating an information backup system, it is created during this step.
Step 5- Review and Monitoring
This is considered to be the last step in risk management. The step can be conducted as
one or broken into two (Force, 2018). During this step, the entire process is first reviewed to
understand whether there are any errors experienced. If there are no errors, the process is
monitored to track the progress on whether it is effective or ineffective.
The Key Regulating Agencies and Organizations
There are several agencies that regulate patient information in healthcare organizations.
The most critical ones involve the Health and Human Services (HHS) department and Health
Information Technology for Economic and Clinical Health Act (HITECH) (Kim & Lee, 2020).
The HITECH was developed in 2009 to ensure that patient health information is always
protected during healthcare service delivery (Kim & Lee, 2020). Besides, the HHS department
ensures that all matters associated with patient safety are well safeguarded. Therefore, the two
agencies play a critical role in risk management associated with preventing patient information
loss through system failure or unauthorized access.
Evaluation of the Risk Management Planâ€™s Compliance with the Set Standards
The risk management measure recommended to prevent patient information loss through
system failure involves creating a backup system. Besides, the recommended methods to prevent
unauthorized access to patient information involve using security keys and passwords (Cohen &
Mello, 2019). HCH has been utilizing the two approaches after experiencing patient information
loss for a long period. The two measures taken have played a significant role in patient safety
and improving knowledge and skills among new employees. Therefore, HCH complies with the
set standards for risk management on system failure and patient information safety.
Based on the risk management plan developed, various recommendations can be made.
The first recommendation involves creating backup systems among healthcare facilities where
patient information can be lost easily. The second recommendation involves securing databases
with security keys and passwords to ensure that there is no unauthorized access to patient
information. Through such recommendations, the set standards can be complied with. Besides,
patient safety can be enhanced by protecting patient information.
A risk management plan can be developed in different areas of operation in an
organization. One of the areas that can be considered is technology, as in the case of HCH. The
facility has developed a technology-related risk management plan focusing on patient
information loss through system failures and access to databases by unauthorized individuals.
The facility has used the standard steps for managing risks, which involve risk identification, risk
assessment, risk mitigation, contingency planning, as well as review and monitoring. Since the
plan has been effective, other facilities experiencing the same risk can adopt the strategy.
Abraham, C., Chatterjee, D., & Sims, R. R. (2019). Muddling through cybersecurity: Insights
from the US healthcare industry. Business horizons, 62(4), 539-548. https://etarjome.com/storage/panel/fileuploads/2019-09-22/1569154858_E13549-e-tarjome.pdf
Cohen, I. G., & Mello, M. M. (2019). Big data, big tech, and protecting patient
privacy. Jama, 322(12), 1141-1142. 10.1001/jama.2019.11365
Force, J. T. (2018). Risk management framework for information systems and
organizations. NIST Special Publication, 800, 37.
Kim, H., & Lee, J. (2020). The impact of health IT on hospital productivity after the enactment
of the HITECH Act. Applied Economics Letters, 27(9), 719-724.
Purchase answer to see full