Privacy Concerns
Probability: Moderate
Impact Level: Moderate
Product Life Cycle: Early
Mitigating Strategy: Promote HIPAA Compliance by providing a traceable record of system activity and obtain HIPPA certification from third party companies.
Since we are using transporting patient records with our MMS system, privacy concerns is a valid risk. Under the guidelines of HIPPA Privacy Requirements, we must follow certain standards set by these laws. Thus, the impact to our product is moderate.
To mitigate this risk, we will incorporate a traceable record of all system user activity, which can meet the healthcare facility obligations to document access by individuals to PHI. Also, we will obtain a HIPPA certification from any of the following third-party companies: Claredi, Edifax, or Foresight.
Security
Probability: Moderate
Impact Level: Moderate
Product Life Cycle: Entire Cycle
Mitigating Strategy: Data Encryption and Validation Server
Security is a considerable risk for our product. Without security, our online database will leak information to any cracker who wishes to learn information on their victim/victims. Also, our actual memory software and mechanisms must be secure to prevent unauthorized access to medical information or changes to it.
In order to bypass any problems with security, we plan to incorporate data encryption on files going to the medical memory. Along with incorporating data encryption, we will provide long-term services in the form of a Validation Server that will make sure that the software being used is by appropriate organizations. As for the physical security, the patients or owners of our devices will be responsible for the Memory Medical physical security.
Training of Personnel
Probability: Moderate
Impact Level: Low
Product Life Cycle: Entire Cycle
Mitigating Strategy: Easy-to-use interface and easy-to-understand guides
It is important to mention training as a risk. It is necessary for doctors and everybody involved in our service to understand how to use our product. The easier usage of our product, the easier for it to be establish itself from other products. Along similar lines, it is important to train all transcribers of medical information thoroughly. They must keep medical information accurate and reliable.
Fortunately, we will be able to mitigate the risk of training. We will provide an easy-to-use interface, i.e. guide on CD, to train personnel included with our software package. Also, with the addition of graphical and technical guides, included in the package, any risk concerning training shall be mitigated.