Development Of A Safety Running Plan For Georgetown University Medical Center
Securing and principle now a day in this era is as important as maintaining profitability of any organization. When science and technology has wide-spread to every person there are both the aspects that exist.
Purpose of the report
The report explains why we need a safety running plan for a critical system where the data of the patients are stored. A need for the risk running plan along with the contingency plan required for the GUMC which will benefit the organization in many ways. The report is also beneficial for the deployment of the safety system and how to maintain it in the future while the organization is evolving.
Executive Summary
GUMC uses a critical system where the info of the patients are need to be secured by the system. For this type of info system a safety running plan is required where it ensures the integrity of the data of the patients regarding the fact that once the data of the patients have already been stolen. The implementation of the safety running plan is required to secure the data with multiple benefits, the main is data integrity. A safety model which will be following the benefits of the safety running plan and proposing a suitable way for the implementation of the safety running plan.
Discussion on aspect of security running.
Profits of Safety Management Idea
The main benefits of the safety running plan includes the following aspects:
- Improves Risk Running Plan along with reduction in risks occurrence.
- Reduces intervention
- Involvement of employees increasing the awareness among them.
- Improvement in the business community.
- Activates Info Running activities making info more integrated.
- Source of reliability for the involved stakeholders.
- Increases the efficiency of the info stored in the info running system.
Expansion of Security Policy and Security Running Plan
A Safety Model will be implemented for the given scenario of GUMC where the safety policies will be according to that model and revolves around the rules of the model. The safety running plan will be comprised of the following elements:
- Policy Statement: containing vision of the safety being implemented on the info system.
- Compliance with Standards and Applicable Laws: these are according to the organization where the plan will be implemented.
- Running Responsibilities and Commitments: Involves the staff of the organization.
- Threat Analysis and Assessment: Concerns with the risks involved in the system.
- Role of Safety Program Manager: Personal responsible for monitoring the implemented plan.
- Employee Training: Concerns with the training of the users interacting with the system.
Characters and Everyday jobs in terms of governance in general
The roles of the individual playing roles in terms of governance in general concerns two group of people in particular. The first group involves regular employees accessing the info system for submitting or accessing the patient info in the system and maintaining the database for the GUMC. The other group involves the Managers and Supervisors who will be responsible for accessing the info system for analysis etc.
Models relevant for the Expension of a security running plan program.
- Need-to-know, provide only info needed to perform their job• Users are defined by their roles, but individual access is also needed
- Emphasis on privacy
- Closed system Health care records are only accessible to other personnel / organisations / individuals in accordance with a court subpoena, statutory authority, valid search warrant, coronial summons, or other lawful order authorised by legislation, common law or NSW Health policy.
The Health Records and Info Privacy Act 2002 establishes statutory requirements for the storage and safety of health care records, which are also included in the NSW Health Privacy Manual. Personal health info, including healthcare records, must have appropriate safety safeguards in place to prevent unauthorised use, disclosure, loss or other misuse. For example, all records containing personal health info should be kept in lockable storage or secure access areas when not in use.
The legal and Statutory Requirements
The safety model implemented along with the safety running plan involves the participation of GUMC officials and BPSC executives who are responsible for taking over the charge of the project appointed to them. The legal requirements will involve permissions from the GUMC as their data and info systems are concerned. The BPSC legal requirements will involve appointing the team for the concerned project. The suggested info safety system in this report will prove out to be helpful for increasing the reliability of the users along with the expansion in business view.
Risk Assessment Process
Risk running plan is the basic need of GUMC health care department involves too much risk than other institution or body. For that every risk factor should get assessed to avoid any further circumstantial problems.
During the project, possible risks are identified along with their contingency plans. If the risk has occurred it is handled according to the plan already defined for it which saves time and effort. If there are no contingency plan for the risk than only the impact of the risk is minimized to the extent that minimum damage is done to the project.
In patient’s info area chances are full of threats and vulnerability if data is not secure in the adamant way. Endurance of the proper physical safety of electronic devices is needed. Very personal data as date of birth, places, residents and diseases are treatments are recorded in sensitive folders of laptops and computers. So, those should be secured at each second. A contingency planA contingency plan is a plan that is devised for an outcome other than in the usual expected plan. It is often used for risk running in every type of organisation when an exceptional risk that though unlikely, would have catastrophic consequences. Also known as “Plan B”.
Purpose of Contingency Plan or Risk Running
The main purpose of contingency plan or risk running is to avoid the forthcoming problems of the individual entity and run the organisation smoothly in case of any disaster. No one can predict the future, but the ability should not go for ever by any unforeseen disaster. It protects the resources, minimises customers inconvenience, upgrade the fruitfulness of the plan identifies key staff, assigning the key staff as per their responsibility. Contingency plans can be categorised as per employee’s skill to perform.
Plan Expension and implementation
Developing a contingency or emergency plan evolves with the deriving the nature of organisation. For example, GUMC requires the health care contingent plan. Every organisation refers their different set of uncertainty. We can't compare the provision from each other. Set goals to attend the special operation. Identify each required process and documents to perform all the risk running plans.
Benefits of the contingency plans are as follows
Minimises loss of production
When business or health organisation suffers a disruption whether it is power outage or a natural disaster, a contingent plan helps minimization of loss of the production. A contingency plan may consist a rerouting of data, emergency generation of power escape routes for employees and supervisory duties for contingency team member.
Prevents promote action
When a disaster occur people panic if they do not have clear plan already ready to manage the aghast situations. Sudden eruption can ruin the situation. A well-documented emergency plan allows employees to move quickly into recovery mode rather than waiting for instructions.
Comprehensive scope
Though managers and upper employees possess the emergency plan, they are not always comprehensive. Devising the contingency plan is a methodical process. Analysing the process to meet the uncertainties can lead other different repercussions, these things always should be kept in mind.
Vulnerability and threats of the health care systems
The increase of the mobile devices, embedded devices, virtualization software, and social media customization of it are the top five safety threats for the health care institutions or hospitals
. Mobile Services has made our health care system more on verge of scare. Scanning or checking of all the devices are not physically possible at any cost. So being aware of the circumstances that can happen should be planned in the provision of making the prior emergency plan. Providing anywhere anytime network access is also needed to meet emergency and chaos. But regular vigilance is needed at any cost.
Embedded devices has made the norm so avoiding them is impossible. as tablets and mobile devices with wide are and free accessible Wi-Fi including medical scanners, patients monitoring systems and imaging devices-become more and more common embedded connectivity makes tracking monitoring and managing enterprise productivity easier with the helping reduced error. Incorporate a safety solution that will protect integrity to protect to critical data.
Major health care data breaches are also the utmost threat for the health care organisations. According to the major health care data breaches reported during the past year, the most common threats to documents secrecy and safety included the data theft, unauthorised access, improper disposal of data loss, hacking IT incidents are more, Building once the ethical and social goodwill is very difficult in the market of any kind of profit seeking organisation whether it is health care or any other but losing it any flick of moment is too easy. If such scam is happening with the health care institutions then it can get a more than a murky turn. People will lose their hope and wellness at any cost.
Info security also plays a vital role. Losing patients personal info can lose because a major threat to their treatment. Hacker can misuse the interpersonal data of the patient to misguide the treatment to malpractice on name of the health care department. Patients treatment and their cost of treatment can also get embezzled by the hackers. so the sensitive data should be any way concealed by many protecting layers in GUMC.
A very blazing example of the accident of the data breach is, A 2013 data breach at the university of Washington medicine medical group compromised about 90000 patients records and resulted in a us$ 750000, fine from federal regulators. In 2015 the UCLA health system, which includes a number of hospitals, revealed that attackers accessed a part of its network that handled info of 4. 5 billons patients data.
When it comes to the responsibility it is exactly the shared responsibility of both the patient and health carers to obey all the rules and regulations of confidentiality policy. Patients also should take care of their personal belongings at the hospital premises and while visiting doctor or registering they should not panic and give their verbal info’s to unwanted fellows and unauthorised personnel. After occurrence of any problem they should immediately report to hospital authority. Hiding the facts also can lead to a serious repercussion.
In a nutshell both people and authority all should pay a responsible role to protect and safety.