George Washington University Hospital OCTAVE Allegro Risk Assessment

Subject: Health Care
Type: Analytical Essay
Pages: 6
Word count: 1496
Topics: George Washington, Innovation, Medical Ethics
Text
Sources

Introduction

The recent past has seen a significant increase in information systems security threats. This has also resulted in an increase in the potential threats that currently exist in the healthcare information systems (Samy, Ismail & Ahmad, 2009).Information that hospitals have such as patient records are being digitalized, the fact that further increases the danger of the said information being stolen or compromised. As such, information security has become a priority for managers of health systems across the globe. Despite the priority given to information security, health systems remain exposed to a variety of threats. The common threats include unintentional actions, insider misuse and accidental events (healthinformatics, 2017). Apart from having the potential to damage health information systems severely, the security threats may also lead to compromising of integrity and confidentiality (Narayana Samy et al., 2010). As such, it is important for healthcare organizations to constantly carry out risk assessments of their information assets. There are many tools available for carrying out such assessments, one of them being the OCTAVE Allegro process. The current report presents a risk evaluation and assessment study of the George Washington University Hospital using the OCTAVE Allegro process, the main focus being on the first four steps.

Need a custom paper ASAP?
We can do it today.
Tailored to your instructions. 0% plagiarism.

The OCTAVE Allegro process

The OCTAVE method facilitates the assessing of an entity’s information security needs. Octave Allegro is the latest method under the OCTAVE platform, and its main focus is on information assets. With this approach, an organization identifies its key information assets which are then assessed for threats. The first four steps are establishing of risk measurement criteria, developing of information asset profile, Identifying information asset containers and identifying areas of concern.

The George Washington University Hospital

The George Washington University Hospital is one among the most technologically advanced healthcare providers in Washington DC. The hospital has a wide range of latest medical equipment and has also invested in the latest information technologies. As a result, the hospital has been able to provide advanced and innovative healthcare in an environment that is not only warm but friendly too. The hospital’s mission is “to provide the highest quality healthcare, advanced technology, and world-class service to our patients in an academic medical center dedicated to education and research (gwhospital, 2017).” Just like many other healthcare facilities in the world, the George Washington University Hospital Information System is also exposed to the security threats that have significantly increased in the recent past. As a way of ensuring that any vulnerability to the said threats is discovered and addressed, it is important for a risk assessment study using the OCTAVE Allegro method to be conducted. This paper focuses on the first step of the OCTAVE Allegro process which is establishing risk measurement criteria.

Deadlines from 1 hour
Get A+ help
with any paper

Step 1: Establishing Risk Measurement Criteria

This step involves identifying a qualitative set of measures and then prioritizing the identified measures based on their importance. For George Washington University Hospital, impact areas that have been considered are reputation, safety, and health, productivity as well as legal fines. It is against these impact areas that the risks impact on the hospital will be evaluated. Specific impact areas are further identified for each of the major impact areas. For reputation, key areas that are assessed are reputation from the patient’s perspective, reputation from the staff’s perspective as well as occupancy rates. For safety and health, the impact areas that will be assessed are health, life and safety. Under productivity, the focus will be on the bed turn-over rates and staff hours. Investigations, fines and lawsuits are the areas that will be considered under fines and legal penalties. In terms of prioritization, the impact area given the first priority is reputation. Second priority is then given to safety and health while productivity is given the third priority. Fines and legal penalties are given the fourth priority. The impact areas are prioritized based on the costs they might make the hospital incur and their connection to the different services offered at the hospital. Reputation is given the first priority given the devastating impact negative reputation can have on the hospital’s operations. A bad reputation not only makes the hospital unattractive to patients, but it might also result in increased scrutiny from the authorities. Safety and health is given the second priority since it is one of the reasons the hospital exists. The professionals are meant to ensure the well-being of the patients and the same time ensures that they remain in good health while dispensing their services. The hospital employs highly qualified and hardworking individuals. As a result, it does not have many productivity challenges, hence and that is the reason productivity is given the third priority. George Washington University Hospital has always been keen to operate within the set rules and regulations, meaning that it has faced very few issues when it comes to fines and legal penalties. As such, fines and legal penalties are given the fourth priority. The following tables present the risk measurement criteria for each of the identified impact areas.

Worksheet 1

Worksheet 1Risk measurement Criteria- Reputation
Impact AreaLowModerateHigh
Reputation from the patient’s perspectiveThe hospital’s reputation among patients suffers very little negative impact. Very little or no effort at all necessary for reputation to recoverReputation of the hospital among patients suffers considerable damage. Patient become suspicious of the hospital and chose to be referred elsewhere. Admission rates start declining by between 1% and 5%. Costs required for reputation to recover not less than $ 150,000Severe damage of the hospitals reputation among patients. Many patients chose to seek healthcare services elsewhere and those present start refusing the doctors’ recommendations. Total costs for reputation to recover is over $ 500,000
Reputation from the staff’s perspectiveHospitals reputation among healthcare professionals working within the hospital and other staff members suffers very little negative impact. Very little or no effort at all necessary for reputation to recoverReputation of the hospital among healthcare professionals working within the hospital and other staff members is significantly damaged. Physicians start quitting the organization, with turnover rates increasing by between 1% and 5%Reputation of the hospital among healthcare professionals working within the hospital and other staff members is severely damaged. A sizeable number of professional are considering leaving the hospital. Number of those seeking to work at the hospital also declines by a considerable margin
Other: Occupancy ratesThe rate declines by less than 1.5%The rate declines by between 1.5% and 5%.Occupancy rate declines by more than 5%

Worksheet 2

Worksheet 2Risk measurement Criteria- productivity
Impact AreaLowModerateHigh
bed turn-over ratesA decrease in the hospital bed turnover rates by less than 3%A decrease in the bed turnover rates by between 3 and 6%A decrease in the bed turnover rates by more than  6%
staff hoursLabor costs increase by less than $120,000 as a result of staff work hoursLabor costs increase by between $120,000 and $ 600,000 as a result of staff work hoursLabor costs increase by more than $ 600,000 as a result of staff work
Other   

Worksheet 3

Worksheet 3Risk measurement Criteria- safety and health
Impact AreaLowModerateHigh
healthVery little degradation in the staff as well as clients’ health with the recovery period not exceeding 2 days. Associated costs less than $120,000Considerable but treatable degradation in the staff as well as clients’ health with the recovery period of between 2 and 7 days. Associated costs between  $120,000 and $600,000Severe degradation in the staff as well as clients’ health with the recovery period of more than 7 days. Associated costs for recovery more than $600,000
LifeNo significant threat to the life of clients and staff members. Absence of regulatory responseThe lives of clients and staff members threatened. Recovery possible after treatment and regulatory response is just but minimalClient and staff members lives are lost. Regulatory response is quite significant, with the hospital incurring significant costs
safetyThe safety of staff members and clients under scrutiny. Regulatory response is absentThe safety of clients and staff members is significantly affected. Regulatory response is just but minimalThe safety of staff members and clients is violated. Regulatory response is quite significant and even involves investigations

Worksheet 4

Worksheet 4Risk measurement Criteria- fines and legal penalties
Impact AreaLowModerateHigh
InvestigationsNo questions from investigating authoritiesRecords or information requested by investigating authoritiesIn-depth investigation initiated by the investigating authorities
finesFines levied do not exceed $120,000Fines levied are between $120,000 and $400,000Fines levied are more than $400,000
lawsuitsLawsuits filed against the hospital cost not more than $ 120,000Lawsuits filed against the hospital cost between $120,000 and $750,000Lawsuits filed against the hospital cost more than $750,000

Worksheet 5

Worksheet 5IMPACT AREA PRIORITIZATION WORKSHEET
PriorityImpact Area
4Fines and legal penalties
1Reputation
3Productivity
2Safety and health
guarantee
Essay writing service:
  • Excellent quality
  • 100% Turnitin-safe
  • Affordable prices

Did you like this sample?
  1. Gwhospital.(2017). About George Washington University Hospital. Retrieved from https://www.gwhospital.com/about
  2. Health informatics.(2017). Top 4 Threats to Healthcare Security. Retrieved from http://healthinformatics.uic.edu/resources/articles/top-4-threats-to-healthcare-security/
  3. Narayana Samy, G., Ahmad, R., & Ismail, Z. (2010). Security threats categories in healthcare information systems. Health informatics journal, 16(3), 201-209.
  4. Samy, G. N., Ahmad, R., & Ismail, Z. (2009). Security threats in healthcare information systems: A preliminary study.
Related topics
More samples
Related Essays