Risk Analysis and Management Project, Part 3

profileDonald37
Week4.docx

<Project Name>

Risk Management Plan

Version <1.0>

<mm/dd/yyyy>

VERSION HISTORY

Version #

Implemented

By

Revision

Date

Approved

By

Approval

Date

Reason

1.0

Leticia Ratliff

01/24/2019

<name>

<mm/dd/yy>

Initial draft

1.1

<Author name>

<mm/dd/yy>

<name>

<mm/dd/yy>

<reason>

TABLE OF CONTENTS

1 Introduction 1

1.1 Purpose 1

2 r isk Management Procedure 1

2.1 Process 1

2.2 Risk Identification 1

2.3 Risk Analysis 1

2.3.1 Qualitative Risk Analysis 1

2.3.2 Quantitative Risk Analysis 1

2.4 Risk Response Planning 1

2.5 Risk Monitoring and Controlling 1

3 Tools a nd Practices 1

R isk Management Plan Approval 2

Appendix A: References 3

Appendix B: Key Terms 4

1. Introduction

1.1 Purpose

The purpose of this risk analysis and risk management plan is to evaluate the proposed adoption of an electronic health record system with the option for a patient portal within a large physician office. HIPAA/HITECH require that we meet certain standards for the use, security, and privacy of patient information. Risk can be a positive or negative response to the adoption of this system. Some of the positive risks we will face include the incentives offered by the government for adopting such technology and the ability to provide higher quality of care to our patients. Some of the negative risks we face include loss of time and income if the system takes longer than anticipated to put into practice and the potential penalties if any of our employees fail to comply with standards of use and security protocols. This analysis of risk pertaining to the patient portal will explore the issues of information safety and security, as well as accessibility. By the end of this plan our organization should have a better understanding of the regulatory requirements for this type of system as well as the legal and environmental risks associated with it. Addressing the potential for these risks will help us understand how this system will benefit our organization as well as what steps we need to take to make sure this transition a positive one, ensuring our employees are prepared to do their part and comply with the standards set forth through federal regulations.

2. Risk Management Procedure

2.1 Process

[Summarize the steps necessary for responding to project risk.]

2.2 Risk Identification

[Summarize the steps necessary for identifying risk.]

2.3 Risk Analysis

[Summarize the risk analysis process.]

2.3.1 Qualitative Risk Analysis

It will be a crucial step to carry out risk analysis on the project to identify the likelihood of risks occurring and severity of the risks on the project. Risks are the biggest threat to the success of any project. They have a significant impact on the project elements such as scope, budget, schedule, and the resources available. Thus, it would be essential to carry out a risk analysis process to evade risks before they occur and to create strategies that would help in managing the impact of the risks (Aven, 2015). There are two known types of risk assessment which are qualitative and quantitative risk assessment techniques. Qualitative risk assessment method involves assessing the characteristics of risks by checking the probability of a threat to occur and the impact that the risks have on the project in case they take place. It is said to be assessing the characteristics of risk against a scale. One of the most significant advantages of using this method is that it can minimize the level of uncertainty and also helps one to focus on the high-level risks that have a significant impact on the project. This technique is also considered to be cheap and fast.

Having already identified the risks in the project, risk analysis through the qualitative risk analysis technique will involve placing the risks against a descriptive scale to establish the likelihood of the risk occurring and the severity of the threat. The first step will include setting up a probability and impact matrix to illustrate the descriptive scale (Morse, 2016). The model should be based on the risks identified to develop a response to the dangers. The risk probability matrix will be expressed as a percentage, that 0% to 100%, or regarding odds, 1-10. The impact matrix will be rated from low, medium and high depending on the impact of the risk.

One of the risks identified in the project is the potential penalties in case the employees failed to comply with the standards of use and security protocols. The impact of risk is considered to be very high as it will cost the organization a lot regarding the penalties it faces. The organization will be forced to surrender funds meant for other essential activities to pay the fines. The probability of this risk to occur is estimated to be odd of five. The employees will be trained on the various standards and security protocols of the new system, and thus the likelihood of employees failing to comply with the standards and security protocols is very low. Loss of time and income is a risk that is expected to happen if the system takes longer than anticipated to put into practice. This impact of this risk is estimated to be medium. This is because the organization can decide to implement the new system parallel with the old manual system. Thus, it would be possible to mitigate the impact of this risk if the system is applied parallel with the old system. The odds of this risk occurring is estimated to be a 9. One of the actual dangers identified is that the facility will be able to provide high-quality care to the patients. This risk has a high impact on the facility as it means that it will benefit mainly on the perspective of business. They will be able to go a notch compared to their competitors, and they will be able to attract a lot of clients. The probability of this risk occurring is estimated to be an 8 out of 10 when the new system will be introduced in the facility.

2.3.2 Quantitative Risk Analysis

[Describe the quantitative risk analysis process used.]

2.4 Risk Response Planning

[Describe the risk response planning process used.]

2.5 Risk Monitoring and Controlling

[Describe the risk monitoring and control process.]

3. Tools and Practices

[Make reference to the file name containing the risk register for the project.]

Risk Management Plan Approval

The undersigned acknowledge they have reviewed the risk management plan for the <Project Name> project. Changes to this plan will be coordinated with and approved by the undersigned or their designated representatives.

Signature:

Date:

Print Name:

Title:

Role:

Signature:

Date:

Print Name:

Title:

Role:

Signature:

Date:

Print Name:

Title:

Role:

Signature:

Date:

Print Name:

Title:

Role:

Appendix A: References

Appendix B: Key Terms

[Insert terms and definitions used in this document. Add rows to the table as necessary. Follow the link below for definitions of project management terms and acronyms used in this and other documents.]

The following table provides definitions for terms relevant to the risk management plan.

Term

Definition

[Insert term]

[Provide a definition of the term used in this document.]

[Insert term]

[Provide a definition of the term used in this document.]

[Insert term]

[Provide a definition of the term used in this document.]