Posts Tagged ‘Risk’

Health care management is lot about analyzing and assorting risk possibilities that can threaten or disrupt the infrastructure and workability of an institution. Unlike other sectors health care industry cannot work on compromises. It has to constantly upgrade itself for better deliverance and to tackle several managerial issues.

 The security factor counts high when it comes to health care management. Several Acts and declarations passed by the federal government deals with protection of risks against:

  • Malfunctioning of computing system because of a malware/ virus
  • Unprecedented accidents like fire
  • Theft of information by employee
  • Unintentional damage to hardware and software
  • Removal of data and records etc

Apart from the aforesaid factors it is also necessary to understand how a management is liable to protect personal information of a patient. Infact with several data breach incidents that has been lately filed in news columns, patients are enquiring about their rights to data protection and are also taking legal aid from professional attorneys in order to safeguard their interests during data breach. This awareness has in turn boosted administrative set up to implement proper protection programs to reduce security threats.

 Some points have been enlisted below that can help medical care units/ organizations reduce security breaches:

  •  Appropriate training for concerned executives is a must. People who are in charge of such security acts should be efficiently trained in soft skill application. Emergency restorative plans should be pre-formulated along with adequate recruitment of trained personnel.
  •  Risks should be analyzed on the basis of Private Health Information Act. Negligence should not be tolerated and an employee should be reprimanded of bad/ indifferent/ ignorant conduct.

 While the above two points illustrates much on employee performance and conduct from hereon we will discuss how important it is to engage technical security tools to properly systemize and mitigate system failure risks.

  •  HIPAA and HITECH has enumerated strict compliance protocol that needs a company to observe severe technical back up plans either or restorative purpose or for performing a calibrating task. NPDB usage has become popular with hospitals and medical centers. They enable remote access, proper data storage and data transfer in a secured manner. Also installing robust anti-virus protection, anti-spam, firewall, VNP and IDS programs are a must when handling security system integral to an industry.
  • Planning a cost effective budget regarding maintenance and security needs is a must. Manual work would probably take much more time and money than technical operatives.
  • Finally having a risk management plan is essential to cope with loss or theft of PHI and NPP.

Security is all about strategically implementing multiple layers of defense to protect the most critical assets.    Security should be managed just like any other company resources.

Let’s say you have two local servers sitting in your office.  One is hosting your ecommerce website and another one is hosting your email.  Business hasn’t been that good but none the less company owner have asked you to implement security in your network.   He has also approved a budget of $1000 to buy new equipment and seek additional help from consultants like Fixtro.

Most managers will try their best to find the most qualified IT consulting company to perform this job under$1000 budget in reasonable time frame.   This may be good business tactic but it’s not a strategic approach to secure your network.

Here are 4 basics steps that can help you get the most out of your security budget.

Step #1 Define Your Most Critical Assets and Assign a Dollar Value

You need to clearly state what is that’s worth protecting.   Understand the consequences your company will face in case this asset is compromised.   Put a dollar value on this asset so that higher management can understand the true economical value of this asset.  Make sure to indicate complete replacement value instead just hardware or software replacement cost.   For example, Accounting Professional (CPA, EA or Tax Attorney)  trying to protect their customer information might want to include the cost of recreating customer database, preparing duplicate tax returns, informing customer about data breach,   and any additional cost of recovering the data.

Do you know what your most critical asset? How much is it worth?

Step # 2 Understand the Risk Your Critical Data Faces

You take many risks on daily basis.  Chances are you are taking some sort of risk as you are reading this blog.   You ignore these risks without ever thinking about them.  However, you cannot leave the security of your most critical asset to chances.  You must understand the risk your asset is facing.

You can start by making a list of sources you want to protect your asset from.  List should include internal and external sources.
External sources of intrusion in the Tax Professional Firm may be include malware download from website on internet,  virus coming from email attachment, or hacker attempting to access internal database.  Internal risk could include disgruntle employee stealing information, accidental leak of password, or employee spelling beans on social networking sites such as facebook.

Your business experience will help you in laying out the potential sources of risk your business faces but I strongly recommend that you seek help from professionals who can help you indentify risk that may otherwise be overlooked.

Can you list 10 immediate risks your critical assets are facing right now?

Step # 3 Rank & Compare Your Risk

Not all risks are equal and therefore you may decide to deal with one risk and leave another one alone.  But how do you know which risk is the most important?

Risk is defined as threat times the vulnerability.  Frequency of particular risk is known as threat and the likelihood of success of a particular risk against your organization is known as vulnerability. This equation gives you a nice number to help your rank your risk.

Risk = Threats X Vulnerability

Step # 4 Manage Your Risk

Organization can reduce its risk by managing vulnerability.  For example, you can reduce the risk of virus attacks by implementing good email protection and virus protection on your computers.  You can further reduce this risk by training employee about IT protection.  You can reduce your risk from outside hackers by installing good gateway protection, adding end point security and regularly patching your computers.

However, how you manage your risk usually comes down to your budget.   Question you need to ask is how much security can you buy for X dollars.   Please note, I didn’t say how many features or security devices or security solutions you can buy for X dollars.

Let’s say, you install a, state of the art, best in IT Security World,   $1000 security device. Will that solve your security problem?  Well, if your computers are not regularly patched, you increase the frequency of risk and therefore increase your overall risk in spite of having a great security device.

You should invest your budget in a fashion that helps you reduce your overall risk to most critical assets.

Tell me if you agree or disagree with my security management ideas.  Tell me what security challenges your businesses are facing and how you are dealing with them.