Technology_Plan

Technology Report Technology Report The following report is an assessment of a clinic located in a small community forty five minutes north of the Twin Cities. Stacy Clinic is located in town, and the clinic has been open for a year. Currently, the clinic has thirty five employees. The report will cover the key technology elements of the Stacy clinic such as secure and effective intranet, legal and regulatory compliance, privacy of patient information, data storage, business continuity, and disaster recovery. Following the report will be a 10 slide presentation covering the technology elements. Effective Intranet Currently, Stacy clinic is operating without an effective intranet system. If an intranet system is created, the system will improve turnaround time for patient and employee information. Currently, communication within the office and other locations is done via memos, phone, e-mail through the internet, and faxes. Communications through fax creates and overflow of calls at the front desk. As a result, calls are not returned and faxes are misplaced and not given to the correct individual. Having an established intranet system in our clinic will allow employees to retrieve the information in a timely fashion and send the information to the correct individual with a speedier turnaround time. Currently, our office has a system where patients can ask general questions about the services we offer. We cannot use this system to keep patient records because the security is poor. As a result, our patient records are not confidential. Creating an intranet system will also be faster than using the internet. There are three elements of an effective intranet; telecommunication, hardware, and software. Each computer has hardware associated with it, which are input devices that take data humans understand and translate the data into offs and ons or zeros and ones. The processing unit defines the data, output devices hold the information in the computer, and secondary storage devices hold data. Software is the second element. This element is important because it tells the hardware what to do. Hardware cannot function without software. There are two types of software; system software and application software. Telecommunications is the third element, which is important because they need to be fast and reliable in healthcare. Telecommunication networks allow computers to interact with people in other locations. Privacy of Patient Information The rules that make up the HIPAA laws protect individual’s health information such as past, present or future mental or physical condition, name, address, birth date and social security number. The main goal of this rule is to protect individual’s health information when the information is needed to provide quality health care in addition to the health and well-being of the public. Due to the diverse public, this rule is designed to cover different uses and disclosures that are being addressed. The HIPAA rule applies to health care plans, and healthcare providers such as the Stacy clinic. Due to the low volume of staff, Stacy clinic faces a serious threat of securing the patient’s medical records. There are technology threats the organization may face such as viruses, crime, unauthorized use of data, and power surges. Data is the most valuable resource in the Stacy clinic. Information such as the doctor’s patients with confidential medical histories is important assets that cannot be replaced. Keeping this type of information secure and correct is very important. This is something the Stacy clinic may have to be aware of. Medical information at the Stacy clinic may be entered incorrectly, which is an issue that can happen and may be a difficult task to overcome. There are security measures management has taken to deter security threats in the clinic. These measures include codes of conduct of restricting access to computers, to encryption-scrambling of data so that it does not make sense (Information Technology for the Health Professions, 2005). Management could restrict access to the computers in the clinic by allowing authorized users to have PIN numbers or passwords to access the computers. Another option for employees could be for the computer rooms to be locked requiring employees to use an ID card or key. These types of measures can help, but may not be foolproof. ID cards can be lost, passwords can be forgotten. The first step toward security is for the clinic to come up with a code of conduct or policy for the employees to follow. In order to be sure records are secured at the Stacy clinic all staff will be aware of the policies in the clinic. There will be training involved with the upcoming policies and code of conduct throughout the clinic to be sure all patients information is kept secured. Data Storage Stacy clinic takes measures to protect the data in the clinic. The types of storage used in the computer system are CD, DVD, flash drive, hard drive. There are different types of data storage called, volatile and non volatile. Volatile storage is the RAM-data gets erased when the computer is turned off and the information goes into the primary memory until the power is turned on An example of the non volatile storage is optical media, and magnetic media-the contents exists when the power is turned off. Stacy clinic uses both types of storage to protect data. In addition to protecting data, the clinic backs up data that could be lost due to a virus, hard drive issue. For example, the hard drive may be old. Also, floppy disks may be temporary data storage versus a permanent because the floppy disks turn bad. Virus protection can protect data from being lost. Floppy disks can be used to back up data in a pinch. CD and DVD’s can also be used to back up data. These types are inexpensive and convenient along with flash drives. Flash drives also have large storage capacities. Stacy clinic takes every measure to ensure data is protected and backed up to avoid lost information. Disaster Recovery Diamond Consulting performed an assessment of recommendations of how Stacy clinic should address the vulnerabilities to reduce the risk of loss. First and foremost, Stacy clinic is recommended to establish a business continuity team. Stacy clinic considers payroll, cash management, billing and purchasing the critical parts of the clinic. The business continuity team will consider the risk and loss of the clinic and come up with strategies to prevent risk and loss of the clinic. One individual preferably a CFO of the clinic should be responsible for all business continuity activities such as IT, clinical, and business. If the three groups work on business continuity strategies independently, the process of coordinating the planning of response activities becomes difficult. Not to mention, sharing common resources and identifying common problems becomes difficult. There are barriers when it comes to IT, clinical, and business groups in different locations. The executive nominated as the business continuity leader can be responsible for all of the business continuity activities. In the event of growth, the executive is responsible to work across other organizations to organize planning activities, and measure the work of each group. Senior Executives can also be appointed to oversee the voice of each group. The third key Diamond consulting is recommending is to conduct a Business Impact Analysis, which is essential for awareness and actions. This type of analysis goes beyond the clinical areas and touches on the entire organization such as Human Resources, Billing, Admissions, and payroll. These areas are critical non-clinical areas. The Business Impact Analysis should establish objectives for recovery time, supporting applications for lost data, what has to happen in order to conduct critical functions. If the clinic ceases operations the Business Impact Analysis will establish the impact this will have on patient care and safety, clinic reputation, financial loss of the clinic, violation impacts, and working around existing manuals. If a Business Impact Analysis is conducted in this manner, the results are predicted at 90 percent. The other ten percent are a surprise. A Business Impact Analysis will be valuable to the clinic. After the BIA is conducted, the results should be discussed with management. In addition, an explanation of how other organizations have structured business continuity is imperative. Key number four is to establish a common platform. Nominating an executive to be responsible for business continuity is important, but establishing a common framework of common terms, team structures and plan formats. This framework allows each group to discuss and understand business continuity and its execution strategies. The fifth key is the payoff of business continuity. Stacy clinic is experienced in working with the fire department, police, and county state health departments in times of need. The benefit of the keys discussed is the integrated response. Each group will understand their responsibilities of the clinic, make a decision, and communicate with others to deliver recovery in a timely fashion. Business continuity plans become more than just an individual in the business. They are the sum of all individuals, and this is what saves people’s lives. Emergency management and IT recovery are important, but they do not protect all areas of the business. The four keys that were discussed are recommendations for Stacy clinic to close that gap and help the clinic recover in an interruption of any kind. The assessment provided the probability and severity levels of environmental vulnerability, utilities and service vulnerability, criminal behavior vulnerability, equipment failure vulnerability, and information security vulnerability. Stacy clinic will adhere to the above recommendations to help keep clientele safe and employees working together to achieve this goal in the time of a disaster.