University Health Care System 1 HTM 660 Systems Management and Planning May 2014.
-
Upload
marianna-franklin -
Category
Documents
-
view
213 -
download
1
Transcript of University Health Care System 1 HTM 660 Systems Management and Planning May 2014.
![Page 1: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/1.jpg)
University Health Care System
1
HTM 660 Systems Management and Planning
May 2014
![Page 2: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/2.jpg)
Introduction/PurposeBackground
Process UtilizedChart linking projects to HCO’s strategies and goals
Prioritized Portfolio with BudgetTactical Plan
Questions & Answers
2
![Page 3: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/3.jpg)
Introduction/Purpose /Background
The project steering committee is requesting approval for the acquisition of FireEye security system.
Objective - In order to prevent future data breaches that our organization has recently experienced when thousands of patients health records were accessible online, our project will focus on acquiring a high level software security application called FireEye.
The software product, FireEye, will meet all of the needs of the project.
3
![Page 4: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/4.jpg)
Project Steering Committee
4
• CIO• CFO• CNA• Project manager• Representatives from nursing, medical assistants, and office manager. • IT support will be engaged in the last phase of implementation.
![Page 5: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/5.jpg)
Background
• HIPPA Violation• Post Breach Response• Record $4 Million Settlement• Preventative Action Plan
5
![Page 6: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/6.jpg)
Scope of Work
FireEye: 95% of All Networks are Compromised (FireEye.com)
•Upgrade Current Security System
•Server Upgrade
•Integration Timeline
•Project Measurement and Budget
•Maintain -
•Speed,
•Accuracy
•Protection for clinicians and patients data
6
![Page 7: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/7.jpg)
Scope of Work Continued
7
• Timeline - 1 Year 3 Phases Fiscal Year 2015
• Department Needs - Representatives from all sectors
*Our project team is dedicated to deliver advanced data threat protection of patients health information by acquiring FireEye throughout the University Health Care system.
![Page 8: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/8.jpg)
8
•Ensure communication modes and data storage points, including web browsing, email, content security, endpoint security, and forensic analysis are secure.
•Develop New Protocol - Firewall Virus scanner Reporting
•Universal adoption of FireEye technology in every hospital and medical center, which would enable a uniform standard of security across the healthcare system.
•Measured - Decrease % Leaks Increase Security Decrease Organizational Liability Increase % Leaks Identified at Stage 1
Deliverables
![Page 9: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/9.jpg)
9
• High % of staff who use the system successfully Low incidence of lost data
• Physical modes of security can still be implemented: Security guards monitor computers All employees must change passwords every three months All staff must file a report for every breach
• Finally, these reports must be filed to HIPAA authorities within a timely manner of the incident.
• FireEye is believed to be a means to make EHR data more secure and breaches more easily identified.
Deliverables Continued
![Page 10: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/10.jpg)
10
Timeline
Task Deadline
Analysis and contracting September-15-2014
Hard ware and software installation October-01-2014
Registration interface November-03 -01
Update HER system Decamber-01-14
Staff Training December -15-14
System set up January -05-2015
IT staff training January-12-2015
Go live date January -20-2015
![Page 11: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/11.jpg)
11
Budget Highlight
Project Name Operating Cost
Capital budget $100,000
Software $30,000
Hardware $15,000
Access points $10,000
Operation Maintenance cost $10,000
First year services $15,000
Security guard on computer $6,500
Simulation test (trial period) $5,000
Staff training $8,500
![Page 12: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/12.jpg)
Major Stakeholders
•Project Manager
•Project Steering Committee
•C Level Executives
•Current IT Staff
•New IT Staff
•FireEye Vendor Solutions Team
12
![Page 13: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/13.jpg)
13
•All hospital executives (CEO, CIO, CFO) are responsible for making policies to keep the system compliant with HIPAA regulations.
•The entire IT department must develop and maintain a tightly monitored electronic information system employing a firewall, antivirus software and a two-factor authentication access.
•Finally, all hospital staff, all the way down to the custodial staff, must remain vigilant of their own and others’ behavior. Any unauthorized verbal or written sharing of patient information must be immediately reported, and the offending employee given a warning or reprimanding.
*The system encourages proper resources be maintained post procurement of information systems. Without access to support, the possibility of a fall could occur.
Project Support and Authority
![Page 14: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/14.jpg)
•University Health Care employees are willing to change business operations
to take advantage of the functionality offered by the new FireEye security
technology.
•Management will ensure that project team members are available as
needed to complete project tasks and objectives.
•The project team will participate in the timely execution of the FireEye
Project Plan (i.e., focus meetings when required).
14
Assumptions and Dependencies
![Page 15: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/15.jpg)
15
•Failure to rollout new security system within the time specified in the project
timeline will result in project delays.
•Project team members will adhere to all project guidelines.
•Mid and upper management in including nurse management leaders will foster
support to the project goals and objectives.
•The FireEye Project Plan may change as new information and issues are revealed.
Assumptions and Dependencies Continued
![Page 16: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/16.jpg)
Constraints
16
• Project funding sources are limited.
• Due to the estimated budget cost resource availability is inconsistent.
• Internet connections could be affected due to slower rate of connectivity because of the new implemented security system.
![Page 17: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/17.jpg)
Known Risks
17
• Cost - $100,00 per Installation
• Operating Costs & Hidden Costs
• Additional Risks Unknown
*Furthermore, access is never 100% secure. The system is designed to be highly accessible to authorized figures, but must be closely guarded against unauthorized use. If a password leaks, a logged in computer is left unattended or any patient information is written on paper and left unattended, this could constitute a security breach, even with FireEye. If any part of confidential patient information (no matter how small) is leaked, it constitutes a breach of patient privacy.
![Page 18: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/18.jpg)
Procurement Items
18
• Identifying relevant information systems
•Conducting a risk assessment
• Implementing a risk management program
•Acquiring IT systems and services
•Creating and deploying policies and procedures
![Page 19: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/19.jpg)
Creating and Deploying Policies and Procedures
19
• All policies and procedures will receive a refresh post acquisition allowing staff time to assimilate to new critical measures.
• New items will align with HIPPA regulations and also take into account any new software or hacking awareness learnings from recent retail data breaches in a sister industry.
• Content has the ability to be procured and distributed in a wide ranging variety across the internet and the challenge will be to learn from those around us in creating a new set of privacy policies and procedures to protect patients.
![Page 20: University Health Care System 1 HTM 660 Systems Management and Planning May 2014.](https://reader035.fdocuments.us/reader035/viewer/2022072017/56649efe5503460f94c129a3/html5/thumbnails/20.jpg)
Q/A
Thank You
20