II

Project Universal Patient Record System

Prof. Belton MPM, CIPM Christian Gonzalez, PM Tamika Roland, PC Teria Edwards, QM

Table of Content
Procurement Planning Vendor Selection Process Negotiation and Award Cost of Quality Induction and Integration Plan Contracting Procurement Flow Chart Risk Management Process Risk Categories Risk Categories Risk Driver Risk Strategy PI Matrix

R i Regi r sk ste Pro j ct R i e sk Q u a l ty Pro ce ss i Q u a l ty A ssu ra n ce i C l u d D a ta b a se A u d i o t Q u a l ty A u d i i t Q u a l ty C o n tro lC h a rt i H R C o n tro lC h a rt W o rk C i d te

Procurement Planning

Developing specification and formats SOW Description of work to be done Timeline of the work to be done Parameters of acceptable quality & the metrics in which they will be measured Strategic planning Focus on external efforts in areas that account for significant spending or high risk but also on internal processes and constraints workload and customer satisfaction. SWOT pg 350 techniques can be used here. Supplier selection To determine the best Cisco vendor a clear list of information on the project such as cost quality standards to be implemented expected timeline HIPAA and FIPS PUBS standard would be sent in a rfp. To be sure that our project remains on time and budget we will be doing an automated bidding pg 45 this will enhance competition among the Cisco vendors to ensure the best price for our clients

Vendor Selection Process

Criteria
History with similar projects Business size Recommendations

Negotiation & Award

Even when the Governing Board has selected a supplier it is important that detailed negotiations are undertaken. This is not just about price. Purchase to Pay process (P2P) at the outset can reduce costs and risk significantly and that is the Goal of Innovative Contractors for Project UPRS

COQ
Cost of Quality

Induction and Integration

No goods or services should be ordered of delivered until the contract is signed, but this is not the end. It is vital that the supplier is properly launched integrated. The P2P process needs to be in place and need to be understood on both the buy-side and the supplier side. Any service levels that have been agreed need to be measured and (Key Performance Indicators) KPIs put in place. Regular reviews should be established

Plan Contracting
The approach taken to perform the plan contracting process is to collect information from the following project processes and their documents:

The The The The

procurement plan CSOW project make or buy analysis PMP

Contracts to be used
Purchase Orders Firm Fixed for Hr Fixed Price with Incentive for Cisco T&M

Risk Management Process

P M B O K , R i M a n a g e m e n t Pro ce ss sk 1 1 . 1 -1 1 . 6

Risk Categories

Standards

HIPAA FIPS 140.3 ISO27001 Client

S e cu ri ty

Technical
Complexity and interfaces Performance and reliability Requirements Technology

Servers Network Cloud Facility Human resources Scope Feature Hope Effort

Creeps

Risk Categories

Project Management
Team management Communication management Risk management Quality management HR management Planning Estimating Controlling Monitoring

Risk Drivers
1. New and unfamiliar technology
setting up a HIPAA safe cloud is new to the conglomerate .

2. Inadequate software sizing

if the software can not handle the work load it could crash.

3. Unfamiliar new hardware

the scanners need to be handled properly.

4. Inadequately skilled personnel

interface user must guard their password .

5. Testing facility not available

the testing will be done in the actual offices.

6. Poor technology support

not every office will have up to date operating systems.

7. Inconsistent client involvement

we are dealing with a conglomerate the priority. of this project could change.

8. Vendor/ contract relations

E ffe cti Pro j ct M a n a g e m e n t ve e pg184

Risk Strategy

I p l m e n ta ti n m e o Tra n sfe r M i g a te ti I p l m e n ta ti n m e o E xp l i ot

PI Matrix

Probability (P)
NEARLY CERTAIN = 5 HIGHLY LIKELY = 4 LIKELY = 3 LOW LIKELIHOOD = 2 VERY UNLIKELY = 1

PI Matrix 50 40 30 20 10
VERY LOW = 1

60 50 40 30 20
LOW = 2

70 60 50 40 30
MEDIUM = 3

80 70 60 50 40
HIGH = 4

90 80 70 60 50
VERY HIGH = 5

IMPACT (I)

Risk Register
Risk ID Risk Elements Priority Examined Ranking Responsible Likely Actions Approved Sign Off

SECURITY

RISK HIGH MANAGEMENT, HR MANAGEMENT

YES

EVERYONE

0.8

MONITOR & CONTROL

YES

PS

SCOPE CREEP

HR

PMP, HIGH COMMUNICATION MANAGEMENT SCOPE MANAGEMENT HR MANAGEMENT, HIGH RISK MANAGEMENT Time Management, HIGH Risk & Cost Management Quality Management, HIGH Risk Management

YES

TAMIKA ROLAND

0.6

COMMUNICATE YES

PM

YES

TERIA EDWARDS Chris Gonzalez

0.6

MONITOR & CONTROL

YES

PC

Schedule

YES

0.4

Monitor & Control YES

PS

Standards

YES

Teria Edwards

0.6

Implement & inspect

YES

PM

Budget

Cost and Risk Management

HIGH

YES

Chris Gonzalez

0.5

Monitor & Control YES

PS

Project Risk 01 Risk ID Impact: Breach of patient information, lawsuits Security Unauthorized Description personnel access the database

Project Risks

Owner Mitigation: .80 : Tamika Roland Probability tier base security levels, encrypted .90 Impact .72 Score servers with locks, Certified access certificates, location based access only

Project Impact: creep of project time, additionalits 02 Scope loss The project diverts from costs, baseline

Owner Mitigation: Weekly scoping .60 : Christian Gonzalez meetings, monitor scope & .90 .54 work throughout project

Project Impact: Lawsuit against the resources cost for assisting patients Certified access certificate, location based 03 HR The human hiree and give out Owner Mitigation: .60 : Teria Edwards .90 .54 their database pass code access only

04

Standards

The new HIPPA standards change .60 the requirements of the project.

.80

.42

Project Impact: Delay in the project to add the new requirements : Meet FIPS 140.3 standards and pass SAS 70 Mitigation inspection Owner: Christian Gonzalez 05 Schedule The 23 week schedule is insufficient .40 .80 .32

Project Impact: Delay while request additional time is processed, Failed Research and retrieve SMEs for launching Mitigation: project phase Owner: Christian Gonzalez

Quality Processes

Elements that impact Project Quality Deliverable(product) Management Processes Quality planning Quality assurance Quality control Corporate culture

Quality Assurance

Monitor and control tools and techniques 11.6.2.2 Risk Audit-examines and document the effectiveness of risk responses in dealing with identified risk

Database Audit
Cloud database audit SAS 70 audit( system security audit) Performance audit (WPI)

HR audit

The Deming Quality Approach Seven Deadly Diseases Demings Fourteen Points The Deming Cycle
B2B and B2G Focus

Quality Management Pg 19

Quality Process

Database Audit

Quality Audit
SAS Audit test Starts with; Creation of 6 user logins (2 doctors, 2 nurses, 2 heath care providers) Creation of 2 full access login Creation of a patient record template Physical system check Walk through to check the hardware security Check the documentation to verify what security has been incorporated into the database and locate it. System check Login with a full access login Introduce the Information Security Management System Plan-Do-Check-Act (PDCA)-model for the ISMSPlan - Establish the ISMSDo - Implement and operate the ISMSCheck - Monitor and review the ISMSAct - Maintain and improve the ISMS User interface check Login to the database Login as a nurse Login as a doctor Login as a health care Look at the patient records to see what information can be seen for each user. Multiple location test Same as user interface check but it is done from another location

Quality Control Chart

HR Control Chart

Performance +3 Maximum +6s

Key s Standard Deviation

Work Cited

process, using a standard procurement, and will know that they are dealing with a professional organization.. "Procurement Process." Purchasing Insight for Purchase to pay, electronic invoicing, the procurement process, the purchasing process and dynamic discounting.. N.p., n.d. Web. 3 Nov. 2011. <http://purchasinginsight.com/resources/the-procurement-process/>.

http://www.hipaa.com/2011/08/get-ready-now-for-toughened-hipaahitech-act-privacy-and-security-rules http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/SORHome.aspx http://www.journalofaccountancy.com/Issues/2010/Aug/20103009.htm