Project Universal Patient Record System

Prof. Belton MPM, CIPM

Christian Gonzalez, PMTamika Roland, PCTeria Edwards, QM

II

Procurement Planning Vendor Selection Process Negotiation and Award Cost of Quality Induction and Integration Plan Contracting Procurement Flow Chart Risk Management Process Risk Categories Risk Categories Risk Driver Risk Strategy PI Matrix

Table of Content

Risk Register Project Risk Quality Process Quality Assurance Cloud Database Audit Quality Audit Quality Control Chart HR Control Chart Work Cited

Developing specification and formats SOWDescription of work to be doneTimeline of the work to be done Parameters of acceptable quality & the metrics in which they will be measured Strategic planning Focus on external efforts in areas that account for significant spending or high risk

but also on internal processes and constraints workload and customer satisfaction. SWOT pg 350 techniques can be used here.

Supplier selectionTo determine the best Cisco vendor a clear list of information on the project such as

cost quality standards to be implemented expected timeline HIPAA and FIPS PUBS standard would be sent in a rfp. To be sure that our project remains on time and budget we will be doing an automated bidding pg 45 this will enhance competition among the Cisco vendors to ensure the best price for our clients

Procurement Planning

Criteria History with similar projects Business size Recommendations

Vendor Selection Process

Even when the Governing Board has selected a supplier it is important that detailed negotiations are undertaken. This is not just about price.

Purchase to Pay process (P2P) at the outset can reduce costs and risk significantly and that is the Goal of Innovative Contractors for Project UPRS

Negotiation & Award

COQCost of Quality

No goods or services should be ordered of delivered until the contract is signed, but this is not the end.

It is vital that the supplier is properly launched integrated. The P2P process needs to be in place and need to be understood on both the buy-side and the supplier side.

Any service levels that have been agreed need to be measured and (Key Performance Indicators) KPIs put in place. Regular reviews should be established

Induction and Integration

The approach taken to perform the plan contracting process is to collect information from the following project processes and their documents:

The procurement plan The CSOW The project make or buy analysis The PMP

Contracts to be used Purchase Orders Firm Fixed for Hr Fixed Price with Incentive for Cisco T & M

Plan Contracting

Risk Management Process

PMBOK, Risk Management Process 11.1-11.6

Risk Categories

Standards HIPAA FIPS 140.3 ISO27001 Client

Technical Complexity and interfaces Performance and reliability Requirements Technology

Security Servers Network Cloud Facility Human resources

Creeps Scope Feature Hope Effort

Risk Categories

Project Management Team management Communication management Risk management Quality management HR management Planning Estimating Controlling Monitoring

Secur

ity

Techn

ical

Creeps

Stand

ards

PM

Exter

nal

Budg

et

Sched

ule

00.5

11.5

22.5

33.5

4

Cost

CostProb.

1. New and unfamiliar technology setting up a HIPAA safe cloud is new to the conglomerate .

2. Inadequate software sizing if the software can not handle the work load it could crash.

3. Unfamiliar new hardware the scanners need to be handled properly.

4. Inadequately skilled personnel interface user must guard their password .

5. Testing facility not available the testing will be done in the actual offices.

6. Poor technology support not every office will have up to date operating systems.

7. Inconsistent client involvement we are dealing with a conglomerate the priority. of this project could change .

8. Vendor/ contract relations

Risk Drivers

Effective Project Management pg184

Risk Strategy

Implementation •Transfer•Mitigate

Implementation •Exploit

Probability (P) PI Matrix

NEARLY CERTAIN = 5 

50 60 70 80 90

HIGHLY LIKELY = 4 40 50 60 70 80

LIKELY = 3 30 40 50 60 70

LOW LIKELIHOOD = 2 

20 30 40 50 60

VERY UNLIKELY = 1 10 20 30 40 50

  VERY LOW = 1 LOW = 2 MEDIUM = 3 HIGH = 4 VERY HIGH = 5

  IMPACT (I)

PI Matrix

Risk Register

Risk ID Risk Elements Priority

Ranking Examined Responsible Likely Actions Approved Sign Off

1 SECURITYRISK

MANAGEMENT, HR MANAGEMENT

HIGH YES EVERYONE 0.8 MONITOR & CONTROL YES PS

2 SCOPE CREEP

PMP, COMMUNICATION

MANAGEMENT SCOPE

MANAGEMENT

HIGH YES TAMIKA ROLAND 0.6 COMMUNICATE YES PM

3 HR

HR MANAGEMENT,

RISK MANAGEMENT

HIGH YES TERIA EDWARDS 0.6 MONITOR &

CONTROL YES PC

4 ScheduleTime Management,

Risk & Cost Management

HIGH YES Chris Gonzalez 0.4 Monitor & Control YES PS

5 StandardsQuality

Management, Risk Management

HIGH YES Teria Edwards 0.6 Implement & inspect YES PM

6 Budget Cost and Risk Management HIGH YES Chris Gonzalez 0.5 Monitor &

Control YES PS

Project RisksRisk ID Risk Description Probability Impact Score

01 Security Unauthorized personnel access the database .80 .90 .72

Project Impact: Breach of patient information, lawsuits Mitigation: tier base security levels, encrypted servers with locks, Certified access certificates, location based access onlyOwner: Tamika Roland

02 Scope creep The project diverts from its baseline .60 .90 .54Project Impact: loss of project time, additional costs, Mitigation: Weekly scoping meetings, monitor scope & work

throughout projectOwner: Christian Gonzalez

03 HR The human resources give out their database pass code .60 .90 .54

Project Impact: Lawsuit against the hiree and cost for assisting patients

Mitigation: Certified access certificate, location based access only

Owner: Teria Edwards

05 Schedule The 23 week schedule is insufficient.40 .80 .32

Project Impact: Delay while request additional time is processed, Failed project

Mitigation: Research and retrieve SME’s for launching phase

Owner: Christian Gonzalez

04 Standards The new HIPPA standards change the requirements of the project. .60 .80 .42

Project Impact: Delay in the project to add the new requirements Mitigation: Meet FIPS 140.3 standards and pass SAS 70 inspection

Owner: Christian Gonzalez

Quality Processes

Elements that impact Project Quality

• Deliverable(product)• Management Processes• Quality planning• Quality assurance• Quality control• Corporate culture

Monitor and control tools and techniques 11.6.2.2 Risk Audit-examines and document the effectiveness of risk

responses in dealing with identified risk

Database Audit Cloud database audit SAS 70 audit( system security audit)

HR audit Performance audit (WPI)

The Deming Quality Approach Seven Deadly Diseases

B2B and B2G Focus Deming’s Fourteen Points

The Deming Cycle

Quality Management Pg 19

Quality Assurance

Quality Process

Database Audit

SAS Audit testStarts with; Creation of 6 user logins (2 doctors, 2 nurses, 2 heath care providers) Creation of 2 full access login Creation of a patient record templatePhysical system check Walk through to check the hardware security Check the documentation to verify what security has been

incorporated into the database and locate it.System check Login with a full access login Introduce the Information Security Management System Plan-Do-Check-Act (PDCA)-model for the ISMSPlan - Establish the ISMS

Do - Implement and operate the ISMSCheck - Monitor and review the ISMSAct - Maintain and improve the ISMS

User interface check Login to the database Login as a nurse Login as a doctor Login as a health care Look at the patient records to see what information can be seen for

each user.Multiple location test Same as user interface check but it is done from another location

Quality Audit

Quality Control Chart

Performance +3 Maximum +6s

HR Control Chart

Keys Standard Deviation

process, using a standard procurement, and will know that they are dealing with a professional organization.. "Procurement Process." Purchasing Insight for Purchase to pay,

electronic invoicing, the procurement process, the purchasing process and dynamic

discounting.. N.p., n.d. Web. 3 Nov. 2011. <http://purchasinginsight.com/resources/the-procurement-process/>.

http://www.hipaa.com/2011/08/get-ready-now-for-toughened-hipaahitech-act-privacy-and-

security-rules-and-enforcement-and-big-noncompliance-fines/

http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/SORHome.aspx

http://www.journalofaccountancy.com/Issues/2010/Aug/20103009.htm

Work Cited