Scribd Logo
Upload

Welcome to Scribd!

  • Risk Identification For Business

    Uploaded by

    ravan sngh
    60 views11 pages
    The document discusses risks associated with Nova Scotia's fragmented health information systems. 14 key risks were identified through workshops, lessons from other provinces, and surveys. 10 of the risks were considered high priority. These include having patient records in multiple systems, doctors not receiving timely patient information, inability to recover lost patient data, and security/governance challenges of the current systems. A risk identification quadrant shows how the fragmented systems negatively impact patient care. Addressing these risks through an enterprise resource planning project could improve service quality for patients and physicians.

    Original Description:

    this is risk identification for ERM course

    Original Title

    Risk Identification for business

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses risks associated with Nova Scotia's fragmented health information systems. 14 key risks were identified through workshops, lessons from other provinces, and surveys. 10 of the risks were considered high priority. These include having patient records in multiple systems, doctors not receiving timely patient information, inability to recover lost patient data, and security/governance challenges of the current systems. A risk identification quadrant shows how the fragmented systems negatively impact patient care. Addressing these risks through an enterprise resource planning project could improve service quality for patients and physicians.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    60 views11 pages

    Risk Identification For Business

    Uploaded by

    ravan sngh
    The document discusses risks associated with Nova Scotia's fragmented health information systems. 14 key risks were identified through workshops, lessons from other provinces, and surveys. 10 of the risks were considered high priority. These include having patient records in multiple systems, doctors not receiving timely patient information, inability to recover lost patient data, and security/governance challenges of the current systems. A risk identification quadrant shows how the fragmented systems negatively impact patient care. Addressing these risks through an enterprise resource planning project could improve service quality for patients and physicians.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 11

    RISK IDENTIFICATION

    SMBA 6601

    MAY 28, 2019


    PRASHANT SINGH
    SMBA 6601 Risk Identification Singh, 2019

    Contents
    Scope: ........................................................................................................................................................... 2
    Risk Identification: ....................................................................................................................................... 2
    Risk Identification quaqdrant: ..................................................................................................................... 5
    Conclusion: ................................................................................................................................................... 5
    References: ................................................................................................................................................... 6
    Interviewee List: ............................................................................................................................................ 6
    Appendix A .................................................................................................................................................... 7

    SINGH, PRASHANT 1
    SMBA 6601 Risk Identification Singh, 2019

    Scope:
    The health care system in Nova Scotia is facing significant challenges that require changes in how health-

    related services are managed and delivered. The underlying health information systems currently

    deployed in the Province are fragmented and costly to maintain.

    Until now, the Province’s health information systems have been procured and implemented by functional

    need, which has created a complex environment of over hundreds of systems which collect information

    on patients but are unable to share it across the continuum due to excessive integration cost and effort.

    Systems performing similar task are implemented in different zones of Nova Scotia Health Authority. In

    this report a risk identification will be completed for the fragmented systems, which will include the risks

    in the governance/process of various IT systems across Nova Scotia Health authority (NSHA). The risk

    identification scope will also include healthcare service, cost of maintaining the overall systems, security

    risks, customer (Patient) service and supply chain.

    Risk Identification:
    In table 1: risk identification, 14 risks has been identified for the depth of the risk identification process.

    We are using ISO: 9001 for the risk identification process. Each risk is measured on the scale of ‘Likelihood’

    and ‘consequences’, which ultimate provides ‘risk rating’. Likelihood and consequences tables are added

    in the appendix A along with risk assessment matrix. Risk assessment matrix provides us the severity of

    likelihood. Using the risk assessment matrix, appropriate color coding is displayed in the risk assessment

    table column ‘risk rating’. Out of 14 identified risk for the scope of this risk identification project, 10 falls

    into the high risk category that needs immediate attention. Risk of not addressing this immediate risks

    could lead to longer wait time for patient to get treatment, and frustration among physicians. These risks

    are identified by conducting various workshops, reviewing lesson learned from provinces already

    SINGH, PRASHANT 2
    SMBA 6601 Risk Identification Singh, 2019

    implemented such project and surveys. The process used for risk identification was iterative in nature to

    define and capture all risks for the project as shown in image:1 . Patient taking legal course for their

    grievances does bring bad reputation to NSHA. Such issue can be challenged in time or mitigated if proper

    system and care is in place.

    For this project a large sample size of employees were reached out along with patients. However, for the

    scope of this course project, only 14 risks has been taken into consideration. Which doesn’t require all the

    data collected for the ‘One patient, One record’ (OPOR) project. Interviews and information gathering

    sessions has been done with physicians and Project leaders to understand their view regarding the

    documented risks. Members of project team interviewed agree with the risk identification and its severity.

    Image. 1. OPOR project at NSHA

    SINGH, PRASHANT 3
    SMBA 6601 Risk Identification Singh, 2019

    RISK IDENTIFICATION FORM


    LIKELIHOOD CONSEQUENCE RISK
    R# RISK ACTION
    (1-5) (A-E) RATING
    R1 Patient record in multiple systems. 5 C 5C
    R2 Duplicate record in the system. 3 D 3D
    Doctors not receiving patient information in time lead to delayed health care
    R3 service and result in frustration among patient and physician. 4 E 4E
    R4 Patient information lost from individual system cannot be recovered. 4 D 4D
    R5 Security of individual system cannot be implemented and maintained. 5 E 5E
    R6 Patient cannot access all of their health information completely at one time. 4 D 4D
    R7 Governance of such fractured system is difficult and challenging. 3 C 3C
    R8 Process and how to do documentation for all systems is not feasible. 3 C 3C
    Upgrade of multiple system cannot be performed due to cost and
    R9 unavailability of expert resources. 3 D 3D

    R10 Recovery of the data is not possible in case a system is non-functional/ fails. 4 E 4E
    All systems are not accessed by different zones within NSHA due to various
    R11 limitation such as licensing et all. 4 C 4C

    R12 Systems are operational even though their lifespan has expired. 5 E 5E

    R13 Security risk of patient data is high risk if data is not managed efficiently. 5 E 5E

    R14 Legal issues related to wrong information to patient/ physicians. 5 E 5E


    Table 1: Risk Identification

    SINGH, PRASHANT 4
    SMBA 6601 Risk Identification Singh, 2019

    Risk Identification quaqdrant:


    Heath care risk Quadrants diagram is divided based on the system at NSHA and how patient care

    (Customer serivce) is related to each other. Understading that the aim of this project is to identify risk

    which needs to impact negatively, hence all the circles representing risks from ‘risk identification table’

    are in quadrant 3 and 2. From this quadrant diagram, we can observe that fracture system is directly co-

    related to the negative customer service (Patient care). Negative customer service will also include

    physicians as fractured system does frustrate them and hinder their ability to deliver quality patient care

    in a timely manner.

    Image2: Health care risk quadrant

    Conclusion:
    In this risk identification task, a lot of information was gather that helped narrow down top 14 risks. The

    risks are of high importance in the current era as systems at NSHA has not been updated over a long

    period of time. There is a need of Enterprise Resource Planning (ERP) project to address these issues as

    Alberta Health had done couple of years back. There will be many benefits with the ERP, however the
    SINGH, PRASHANT 5
    SMBA 6601 Risk Identification Singh, 2019

    one benefit based on Alberta health implementation will be higher quality of service to patient, which

    can lead to less frustration among patient and physicians.

    References:

    1. Alberta, The office of the Auditor General of. 2017. "Better Healthcare for Albertans."
    2. Conan, Denis. 2018. Introduction to design patterns for middleware. CCN/CSC7321. http://www-
    inf.it-sudparis.eu/COURS/CSC7321/Diapos/designpatternmw-diapos.pdf.
    3. Niedermann, Biesdorf and Florian. 2014. "mckinsey." mckinsey. 07. Accessed 2019.
    https://www.mckinsey.com/industries/healthcare-systems-and-services/our-
    insights/healthcares-digital-future.
    4. Nova Scotia Health Authority (NSHA), IMIT. 2017. "One Patient One Record Project team."
    Internal. Nova Scotia Health Authority.
    5. How to Use a Risk Assessment Matrix [with Template]. (n.d.). Retrieved from https://i-
    sight.com/resources/risk-assessment-matrix
    6. ISO 9000 Introduction and Support Package:
    a. Guidance on the Concept and Use of the Process
    b. Approach for management systems, ISO/TC 176/SC 2/N 544R3
    • ISO 9001:2008
    • ISO 9001:2015
    7. “Implementing the Process Approach”, Core Business Solutions, Inc., March 31, 2008.
    8. The Process Approach: Adding Business Value and Minimizing Risks; David Muil, Intertek.
    9. Heidi Walsh-Sampson, Enterprise Risk Management, in-class lectures(summer-2019)
    10. Bajner, Jeff GoldsmithRichard. “5 Ways U.S. Hospitals Can Handle Financial Losses from
    Medicare Patients.” Harvard Business Review, 11 Nov. 2017, hbr.org/2017/11/5-ways-u-s-
    hospitals-can-respond-to-medicares-mounting-costs.

    Interviewee List:
    Walter Cobb, ICTS Manager
    Forrest King, Project Manager
    Vikram, NSHA Analyst
    Ashish Nandal, NSHA
    Shashank Singh, IBM (Patient)
    James Wilson (Patient)
    Arpan Patel, SAP consultant
    Allura Mackay, SAP consultant
    Maggie Mackay, co-op student
    Few interviewee does want to be named.

    SINGH, PRASHANT 6
    SMBA 6601 Risk Identification Singh, 2019

    Appendix A

    Likelihood Severity Risk Rating


    Unlikely (1) Insignificant (A) Low
    Seldom (2) Marginal (B) Medium
    Occasional (3) Moderate (C) High
    Likely (4) Critical (D) Extreme
    Definite (5) Catastrophic (E)

    Table 2: Risk scoring chart

    SINGH, PRASHANT 7
    SMBA 6601 Risk Identification Singh, 2019

    RISK ASSESSMENT MATRIX

    Low risk.
    Low risk. Low risk. Low risk. Medium risk.
    Unlikely No
    No further No further No further Further action
    (1) further
    action action action optional
    action

    Medium Medium
    Low risk. Low risk. risk. risk. High risk.
    Seldom
    No further No further Further Further Further action
    (2)
    action action action action necessary
    optional optional
    Medium Medium High risk.
    Low risk. risk. risk. Further
    Occasional Extreme risk.
    No further Further Further action
    (3) Act now
    action action action necessar
    Likelihood

    optional optional y
    Medium
    High risk.
    Medium risk. risk. Extreme
    Likely Further Extreme risk.
    Further action Further risk.
    (4) action Act now
    optional action Act now
    necessary
    optional

    High risk.
    Medium risk. Extreme Extreme
    Definite Further Extreme risk.
    Further action risk. risk.
    (5) action Act now
    optional Act now Act now
    necessary

    Insignificant Marginal Moderate Critical Catastrophic


    (A) (B) (C) (D) (E)

    Consequence
    Table 3: Risk identification matrix

    SINGH, PRASHANT 8
    SMBA 6601 Risk Identification Singh, 2019

    Survey results 1

    SINGH, PRASHANT 9
    SMBA 6601 Risk Identification Singh, 2019

    Survey result 2

    SINGH, PRASHANT 10

    You might also like