LiveWell
is a physiotherapy clinic, which has four branches and recently opened two more branches aiming to cater the diverse needs of the community. They are hoping to provide current and state of the art technology and services to patients. They are focusing on a customer relationship management system to target their customers. The initial few months have been slow for the newly opened clinics but have seen a steady surge in their customer base. The numbers seem to be picking up and the website has been accommodating the current appointments well. Although the company has invested well into the infrastructure, it would like to be prepared for the future to accommodate the increase in patient appointments. Recently they have been plagued with viruses in their main database which corrupted their mailing list and sent incorrect information regarding offers and promotions to its existing patients.
They currently have a centralised database and networked machines used for for all the operations including patient’s data handling and management by admin staff and therapists. There are only a few security measures for the used software and hardware, i.e. login etc, as they feel secure with the physical security such as locks and alarms. The admin is responsible for the entire patient facing communication as this is the only way they can promote services to their patients. The admin team works in shifts as well as the physiotherapists and there is no clear separation of responsibilities concerning communication with the patients and the recommendations made or changed to patients.
They have created a web portal and are hoping to attract new customers. The company would like to increase brand awareness. The latest effort to reach out to a wider market via Google adverts has resulted in new patients showing interest from various geographical locations. As they are a small business and have limited resources and concerned about the stealth viruses and spam etc .
With the influx of new patients, it has been feared by the management that the current systems and addition of web portal makes them more susceptible to attacks, and wouldn’t be able to sustain their service levels well. Therefore, the
LiveWell
clinic’s management are concerned with the compliance, data protection and ethical working. Thus, they require some guidance and recommendations to resolve such issues and would like to call upon your consultancy services to analyse the risks they may face and hope to control them.
Assessment Specifications
This is an individual assessment and the report word limit is 3000. You have been called as a consultant to determine the risks and their impact on their business by performing a thorough risk assessment. They are looking to get clear possible solutions for the risks perceived in the current and near future. You need to perform a risk assessment as the company would like to identify potential risks and their impact on its business and to propose a risk control strategy. They would require you to use this scenario as well as current market research within the healthcare sector to make your assumptions achieving assessment outcomes A, B, C, D and E.
Deliverables:
You must produce a report containing the following features and content:
- A management summary.
- Clearly stated assumptions within the body of the report as well as listed in the appendix.
- Critical evaluation of the threats and vulnerabilities.
- Use of risk evaluation techniques such as weighted factor analysis and risk register to identify and priorities assets at risk.
- Appropriate Control suggestions made, based upon the risk scores.
Report should be supported by appropriate and relevant industry research documented using Harvard style of Referencing (in-text citation).