Introduction
An Intranet is a personal computer network which uses the Internet for allowing the employees of an organization to securely and effectively share the operational systems and information of an organization. Our health care organization consists of a network of 3 doctor’s offices, 15 physicians and 100 staff members who service almost 2000 patients. There are 3 computers in each office out of which 2 are used by doctors and the 3rd is used for scheduling and other administrative duties. A dial up service provides us Internet services and presently we have no Intranet.
Building a secure and effective Intranet
For our organization we need a small yet secure and effective Intranet connection since it is a powerful business tool. Access to information and applications through the Intranet will be restricted to only a limited group of authorized personnel and should employ proper authorization, authentication and secure communication schemes. We can implement non-trusting domains that will make it complicated to flow the identity and security context of a caller all the way to our system’s back-end resources. Sensitive data transferred between the database and web server, and web application and the original user needs to be secured. Since our employees can be entrusted with delegation, we can set a homogenous Intranet connection by using a common authentication mechanism. Since the intranet connection will take place between few computers, we can use inexpensive or free software with our existing hardware (Zedtwitz, 2003).
Legal and regulatory compliance
Legal and regulatory compliances for our health care organization are complex since most of our business operations are governed by state and federal laws. We need our health care attorneys to devote a considerable amount of their practice to the Stark Law, Anti-Kickback and False Claims Act. Legislative and regulative risks have an impact in almost every area of our health care service. Thus, our senior managers, doctors and directors need to be aware of the fact that they are accountable and responsible for managing all types of risks in our organization.
One of the best ways to achieve legal compliance is by carrying out Policy Health Checks and Compliance Audits of our business. Our Compliance program should also include private and public reimbursement and billing issues. It should be able to help the clients with hospital outpatient and inpatient billing, and Medicare payment and coverage requirements. In order to demonstrate our compliance to the regulators we need to assess and mitigate assets and information risks. For our organization to implement legal and regulatory compliance the workforce needs to be educated by training the medical practitioners, managers and other employees (Camillus, 1999).
Privacy of patient information
A number of federal privacy standards have been created for protecting health related information and medical records of the patients that have been provided to doctors and hospitals. Our organization abides by the privacy regulations as provided by the state for ensuring protection of its patients by restricting the manner by which hospitals, pharmacies and health plans utilize the personal medical information of the patients. The patients only after proper identification can access their medical records to amend any errors. Health care providers and doctors need to provide notices to the patients informing them how they might use their personal records. Only after the patients acknowledge the notices sent will the authorized personnel be allowed to use them.
There are also several restrictions on the manner in which the personal records of the patients are marketed since pharmacies and other entities will have to obtain proper authorization before they can disclose the personal information for marketing purposes. However, the doctors can freely communicate with their patients about their treatment options and other disease management programs. Patients can also request their health care providers and doctors to take practical steps so as to ensure that the communications that take place between the patient and the doctor remains confidential. Our employees have been trained in privacy procedures so that so that they can take appropriate disciplinary options whenever necessary (Walburg, 2006).
Data storage
Storing of important data as a means of backup has become an absolute necessity in today’s world in order to protect it from a virus attack on the system or an untimely failure of the hard drive. System data as well as information regarding our patients is very important and we are completely dependent on it for our everyday work. Thus, before any serious problem wipes out all the data in the system it needs to be securely stored or backed up for future use. Data storage either on an external hard drive, CD or DVD has become extremely easy and also very cheap. We can also use a versatile yet flexible backup program for creating a data and file backup of our hard drives.
Since we have only a few computers the entire process will be very cheap and also less time consuming. Nowadays we can also store data online by using the internet. With bandwidth pricing lowering every year and broadband speeds getting faster and faster, we can easily purchase online data storage. Such data storage options has additional facilities since they also function as backup mechanisms and provide us with and efficient method of sharing our data with others through the internet and intranet services (Ginter, 2006).
Business continuity and disaster recovery
In order to prepare our organization for certain disruptive events we need to plan for business continuity and disaster recovery processes. With disaster recovery we will be able to almost immediately resume to our businesses after the occurrence of any disastrous or disruptive event like a terrorist attack, departure of important staff members, earthquake, widespread illness or a malfunction in our computer systems caused by viruses. Business continuity plans are necessary since they suggest to us a complete approach which makes sure that we make money even after a disaster or disruption, no matter of what scale, has taken place. It also helps to tackle problems involving the supply chain partners and other challenges which our business faces from time to time. (Walshe & Smith, 2006)
Conclusion
Our business continuity and disaster recovery plans normally include the manner by which the employees communicate with each other and how they will be able to do their jobs. It also includes certain issues like supply chain logistics, which is very crucial for our business, and also focuses on information technology since it plays a pivotal role in our organization. Since communication forms an important part of our health care services, our business continuity and disaster recovery plans also include the identification of the crucial business units and services along with processes to locate and communicate with employees who are most important for the organization after a disaster has taken place.
References
- Camillus, J.C. (1999). Strategic planning and management control: systems for survival and success. NY: Lexington Books
- Ginter, P.M. (2006). Strategic management of health care organizations. NJ: Wiley-Blackwell.
- Walshe, K. & Smith, J. (2006). Healthcare Management. London: Open University Press,
- Walburg, J. (2006). Performance management in health care: improving patient outcomes: an integrated approach. NY: Routledge.
- Zedtwitz, M. (2003). Management of technology: growth through business innovation and entrepreneurship: selected papers from the Tenth International Conference on Management of Technology. Auckland: Emerald Group Publishing.