Project Universal Patient Record System Prof. Belton MPM, CIPM Christian Gonzalez, PM Tamika Roland, PC Teria Edwards, QM II
Feb 16, 2016
Project Universal Patient Record System
Prof. Belton MPM, CIPM
Christian Gonzalez, PMTamika Roland, PCTeria Edwards, QM
II
Procurement Planning Vendor Selection Process Negotiation and Award Cost of Quality Induction and Integration Plan Contracting Procurement Flow Chart Risk Management Process Risk Categories Risk Categories Risk Driver Risk Strategy PI Matrix
Table of Content
Risk Register Project Risk Quality Process Quality Assurance Cloud Database Audit Quality Audit Quality Control Chart HR Control Chart Work Cited
Developing specification and formats SOWDescription of work to be doneTimeline of the work to be done Parameters of acceptable quality & the metrics in which they will be measured Strategic planning Focus on external efforts in areas that account for significant spending or high risk
but also on internal processes and constraints workload and customer satisfaction. SWOT pg 350 techniques can be used here.
Supplier selectionTo determine the best Cisco vendor a clear list of information on the project such as
cost quality standards to be implemented expected timeline HIPAA and FIPS PUBS standard would be sent in a rfp. To be sure that our project remains on time and budget we will be doing an automated bidding pg 45 this will enhance competition among the Cisco vendors to ensure the best price for our clients
Procurement Planning
Criteria History with similar projects Business size Recommendations
Vendor Selection Process
Even when the Governing Board has selected a supplier it is important that detailed negotiations are undertaken. This is not just about price.
Purchase to Pay process (P2P) at the outset can reduce costs and risk significantly and that is the Goal of Innovative Contractors for Project UPRS
Negotiation & Award
COQCost of Quality
No goods or services should be ordered of delivered until the contract is signed, but this is not the end.
It is vital that the supplier is properly launched integrated. The P2P process needs to be in place and need to be understood on both the buy-side and the supplier side.
Any service levels that have been agreed need to be measured and (Key Performance Indicators) KPIs put in place. Regular reviews should be established
Induction and Integration
The approach taken to perform the plan contracting process is to collect information from the following project processes and their documents:
The procurement plan The CSOW The project make or buy analysis The PMP
Contracts to be used Purchase Orders Firm Fixed for Hr Fixed Price with Incentive for Cisco T & M
Plan Contracting
Risk Management Process
PMBOK, Risk Management Process 11.1-11.6
Risk Categories
Standards HIPAA FIPS 140.3 ISO27001 Client
Technical Complexity and interfaces Performance and reliability Requirements Technology
Security Servers Network Cloud Facility Human resources
Creeps Scope Feature Hope Effort
Risk Categories
Project Management Team management Communication management Risk management Quality management HR management Planning Estimating Controlling Monitoring
Secur
ity
Techn
ical
Creeps
Stand
ards
PM
Exter
nal
Budg
et
Sched
ule
00.5
11.5
22.5
33.5
4
Cost
CostProb.
1. New and unfamiliar technology setting up a HIPAA safe cloud is new to the conglomerate .
2. Inadequate software sizing if the software can not handle the work load it could crash.
3. Unfamiliar new hardware the scanners need to be handled properly.
4. Inadequately skilled personnel interface user must guard their password .
5. Testing facility not available the testing will be done in the actual offices.
6. Poor technology support not every office will have up to date operating systems.
7. Inconsistent client involvement we are dealing with a conglomerate the priority. of this project could change .
8. Vendor/ contract relations
Risk Drivers
Effective Project Management pg184
Risk Strategy
Implementation •Transfer•Mitigate
Implementation •Exploit
Probability (P) PI Matrix
NEARLY CERTAIN = 5
50 60 70 80 90
HIGHLY LIKELY = 4 40 50 60 70 80
LIKELY = 3 30 40 50 60 70
LOW LIKELIHOOD = 2
20 30 40 50 60
VERY UNLIKELY = 1 10 20 30 40 50
VERY LOW = 1 LOW = 2 MEDIUM = 3 HIGH = 4 VERY HIGH = 5
IMPACT (I)
PI Matrix
Risk Register
Risk ID Risk Elements Priority
Ranking Examined Responsible Likely Actions Approved Sign Off
1 SECURITYRISK
MANAGEMENT, HR MANAGEMENT
HIGH YES EVERYONE 0.8 MONITOR & CONTROL YES PS
2 SCOPE CREEP
PMP, COMMUNICATION
MANAGEMENT SCOPE
MANAGEMENT
HIGH YES TAMIKA ROLAND 0.6 COMMUNICATE YES PM
3 HR
HR MANAGEMENT,
RISK MANAGEMENT
HIGH YES TERIA EDWARDS 0.6 MONITOR &
CONTROL YES PC
4 ScheduleTime Management,
Risk & Cost Management
HIGH YES Chris Gonzalez 0.4 Monitor & Control YES PS
5 StandardsQuality
Management, Risk Management
HIGH YES Teria Edwards 0.6 Implement & inspect YES PM
6 Budget Cost and Risk Management HIGH YES Chris Gonzalez 0.5 Monitor &
Control YES PS
Project RisksRisk ID Risk Description Probability Impact Score
01 Security Unauthorized personnel access the database .80 .90 .72
Project Impact: Breach of patient information, lawsuits Mitigation: tier base security levels, encrypted servers with locks, Certified access certificates, location based access onlyOwner: Tamika Roland
02 Scope creep The project diverts from its baseline .60 .90 .54Project Impact: loss of project time, additional costs, Mitigation: Weekly scoping meetings, monitor scope & work
throughout projectOwner: Christian Gonzalez
03 HR The human resources give out their database pass code .60 .90 .54
Project Impact: Lawsuit against the hiree and cost for assisting patients
Mitigation: Certified access certificate, location based access only
Owner: Teria Edwards
05 Schedule The 23 week schedule is insufficient.40 .80 .32
Project Impact: Delay while request additional time is processed, Failed project
Mitigation: Research and retrieve SME’s for launching phase
Owner: Christian Gonzalez
04 Standards The new HIPPA standards change the requirements of the project. .60 .80 .42
Project Impact: Delay in the project to add the new requirements Mitigation: Meet FIPS 140.3 standards and pass SAS 70 inspection
Owner: Christian Gonzalez
Quality Processes
Elements that impact Project Quality
• Deliverable(product)• Management Processes• Quality planning• Quality assurance• Quality control• Corporate culture
Monitor and control tools and techniques 11.6.2.2 Risk Audit-examines and document the effectiveness of risk
responses in dealing with identified risk
Database Audit Cloud database audit SAS 70 audit( system security audit)
HR audit Performance audit (WPI)
The Deming Quality Approach Seven Deadly Diseases
B2B and B2G Focus Deming’s Fourteen Points
The Deming Cycle
Quality Management Pg 19
Quality Assurance
Quality Process
Database Audit
SAS Audit testStarts with; Creation of 6 user logins (2 doctors, 2 nurses, 2 heath care providers) Creation of 2 full access login Creation of a patient record templatePhysical system check Walk through to check the hardware security Check the documentation to verify what security has been
incorporated into the database and locate it.System check Login with a full access login Introduce the Information Security Management System Plan-Do-Check-Act (PDCA)-model for the ISMSPlan - Establish the ISMS
Do - Implement and operate the ISMSCheck - Monitor and review the ISMSAct - Maintain and improve the ISMS
User interface check Login to the database Login as a nurse Login as a doctor Login as a health care Look at the patient records to see what information can be seen for
each user.Multiple location test Same as user interface check but it is done from another location
Quality Audit
Quality Control Chart
Performance +3 Maximum +6s
HR Control Chart
Keys Standard Deviation
process, using a standard procurement, and will know that they are dealing with a professional organization.. "Procurement Process." Purchasing Insight for Purchase to pay,
electronic invoicing, the procurement process, the purchasing process and dynamic
discounting.. N.p., n.d. Web. 3 Nov. 2011. <http://purchasinginsight.com/resources/the-procurement-process/>.
http://www.hipaa.com/2011/08/get-ready-now-for-toughened-hipaahitech-act-privacy-and-
security-rules-and-enforcement-and-big-noncompliance-fines/
http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/SORHome.aspx
http://www.journalofaccountancy.com/Issues/2010/Aug/20103009.htm
Work Cited