+1443 776-2705 panelessays@gmail.com


1) For this assignment, you will create a written plan on EHR in a 5-6 page paper and a PowerPoint presentation of 55 slides in detail excluding the title and reference page. Based on the assignment you completed in Week 4, you will now take the system that you selected for evaluation and create an implementation and support plan. You are to serve as the product manager for the given system. It is your responsibility to ensure the success of this system. With an abstract and table of content page Complete the following:

  • Create an implementation plan (development and deployment) for the identified system.
  • In addition to your implementation plan, what is the key performance indicators (KPIs) that you will use to evaluate the success or value of the system?
  • what maintenance aspects must be accounted for to ensure the long-term use of this system.

2) Additionally, build off of what you created in the weeks leading up to this assignment. Create a PowerPoint presentation from your Individual Projects from Weeks 1–5. This PowerPoint presentation should be a presentation to a chief information officer (CIO). For your presentation, create a new division within a health care information technology (IT) organization. You have been given complete control of this division; however, you need to explain to the CIO how one will manage the following:

  • The systems development life cycle (SDLC) (e.g., waterfall or agile)
  • The regulations associated with health care (e.g., Health Insurance Portability and Accountability Act [HIPAA] and meaningful use)
  • Security and recovery (e.g., system security, network security, and data security)
  • System interoperability and organizational interoperability
  • Implementation of the systems that your division is responsible for within the organization (e.g., action plan)
  • Evaluation of your organization and definitions of success, including financial objectives

Note: Use APA 7th edition style to cite at least 6 scholarly sources from the last 5 years.  Consider writing in a third person. 



Agile Methodology in Health Management

Frances Ogbankwa

HCM-690 Healthcare Informatics

December 15, 2021

Having gone through different Agile Methodologies, one would be able to come across one that would be best suited for healthcare management which is the Scrum Approach.

American healthcare difficulties may be alleviated by adopting Scrum practices. Healthcare and its development in the United States have been a major topic of discussion and news in recent years. Healthcare affordability and accessibility are fundamental aspects of civilized society (Jakupovic, 2021). In 1970, the Federal Government spent an estimated $75 billion on healthcare. The value was $3 trillion in 2012, and if present growth rates are maintained, it will be $5 trillion by 2022, and that rise is significant.

Healthcare expenditures are intimately linked to consumer satisfaction in the current healthcare culture. The impact of health technologies on clinical results and the better patient has grown significantly in recent years. To address the demands of a new paradigm, new methodologies are needed. Scrum is being utilized more and more often in the healthcare industry than in the past.

Why Scrum?

· Operational errors in healthcare are currently the third leading cause of death in the United States, behind cancer and cardiovascular disease. More than 500 people die each day from "errors, catastrophes, and illnesses" in hospitals.

· Scrum is money spent on care that was unneeded. According to the Institute of Medicine, it's estimated that one-third of the millions spent on welfare each year is squandered. According to the Journal of the American of Gynecology, $1 billion is spent each year on elective births alone.

· Organizations must adapt quickly and thoroughly to keep pace with ever-changing requirements (Jakupovic, 2021).

· There is a huge need for health information systems, but there are no systems to accomplish this goal.

· There is a need for novel therapies and medications to be researched and developed.

· Some new medical equipment and machinery have not been properly tested for safety issues. Many of them are created using old procedures where design is done first, and testing is done afterward (Jakupovic, 2021).


Scrum has two major advantages over other project management methodologies. In the first place, a Scrum team's projects are more likely to be completed on time and within budget. The second greatest benefit of utilizing Scrum is to keep Scrum teams operating at their peak efficiency (Jakupovic, 2021). Scrum teams plan and manage their funds before beginning every project, effectively using time and money. This reduces the risk of unanticipated costs and delays. Towards the conclusion of each sprint, Scrum teams also test their product before releasing it so that they may detect and repair any probable defects.

Several aspects and components must be considered to guarantee the project's success. As a result of scrum methodologies' ability to break down large projects into smaller, more manageable components and teams' more relevant attitude to finishing them, regular monitoring of these items is considerably simpler (Velthuijsen et al., 2015). The needs of a project may change as the project progresses, and so may the project itself. Since Scrum teams operate in sprints, modifications may be applied simply in the following iteration. A Waterfall approach team doesn't have to start from scratch, as is common with those who do.

Challenges for Healthcare

This technique may seem like an ideal answer for all project-related challenges. However, there are some downsides to Scrum. Scrum projects can take longer than expected since there is no set timetable and the work is done according to the sprint cycle. Scrum emphasizes iterative development. At worst, it's a liability. This is a major departure from their previous working style, which might be tough for Scrum teams to adapt to (Velthuijsen et al., 2015). As a result, Scrum masters and project managers have less control over their teams' day-to-day operations, which may be inconvenient for everyone involved. Scrum team members may also have trouble adapting to a new way of working, leading to delays in the project.

The lack of qualifications and expertise may create problems when teams are not properly taught and schooled in Agile and Scrum processes. The quality of the final product might suffer if teams don't test vigorously enough throughout each version. Scrum teams must be dedicated to their project and the Scrum method to operate (Velthuijsen et al., 2015).

When implementing Scrum methodology, it's essential to have a small group. Scrum teams often include four to six people. It might not be easy to communicate effectively with big teams in Scrum. If the team size is too huge, this may be a problem, and it can also cause a lot of irritation among the group members (Kurniawan et al., 2020). Scrum often has issues because the Scrum practices are not adequately applied, and the employees are not properly taught. Scrum techniques may benefit all projects in any business if this obstacle is overcome and communications are improved.

Challenges to be Mitigated

Lack of Documentation

The Agile Manifesto outlines fundamental principles. Values like working software above complete manuals are among them. According to the regulations, this value would seem to conflict with it directly. The FDA mandates that an implantable devices developer record all of the criteria for the software before it is developed. But one of the Agile manifesto's writers Robert Martin advises: "Produce no document unless it's urgent and meaningful." In attaining regulatory compliance, paperwork is substantial, and it is still generated when following the agile approach (Kurniawan et al., 2020). Berard investigated documentation and agile software development. Agile software developers provide exactly what the client wants.

Traceability Problems

Regulatory clearance for medical device project management enterprises requires proof of transparency from the functional specifications to each phase of the construction process. According to the FDA "Guidelines of Software Validation (GPSV), documentation of screening and diagnostic cases must be connected to code. Needs are not established before creation starts, and modifications to requirements are encouraged throughout things. However, traceability may still be preserved after the training set and updates to the requirement gathering are recorded.

A lack of forethought

The Scrum model and other life cycles based on plan-driven software development focused on upfront planning. It's important to have a plan from the beginning of a project to keep it on track. Although agile principles make up-front preparation challenging, it is expected and desired in an agile project (Kurniawan et al., 2020). While this is the case, agile methodologies use strategies such as user stories before a project starts. These are a sort of pre-planning that may help a project get off the ground.

Multiple Releases Under Control

Repetitions are used to break down professional developers produced using agile methodologies. A shippable system is the goal of each iteration for agile teams. Due to regulatory constraints, medical device software developers are prohibited from deploying incomplete software into a live patient setting since safety is crucial for medical device technology (Kurniawan et al., 2020).

Implementation of Scrum

To facilitate teamwork, Scrum was developed as a foundation. When teams practice Scrum like any game (from which it gets its name), they are encouraged to learn from their mistakes, self-organize while working on an issue, and reflect on their successes and failures to improve. For all sorts of cooperation, concepts and lessons from Scrum may be implemented. Developers most often utilize Scrum. That's why Scrum is so well-liked. Scrum specifies a combination of events, tools, and responsibilities that help people manage and organize their work and is often considered an agile project methodology (Edoh et al., 2018).

Following are the keynotes took out after the real-time scrum implementation in a healthcare

· A project owner knowledgeable about the prerequisites and has the authority to set priority areas can be difficult to find. When working on big projects, it is common that the project backlog position must be shared among several people.

· The project roadmap must be comprehensive and accurately calculated when there is a critical deadline. Even if one has very little data about a project's requirements, it's better to have a guesstimate than not have a guesstimate. This data and the team's speed are critical for the discharge planning stage (Edoh et al., 2018).

· With numerous remote teams, Scrum is ideal for implementation. It was beneficial for team unity and interaction to have resources in the Netherlands and India in each Scrum team. Hardware requirements that can be purchased at a low cost can be used for interaction.

· When starting a dispersed project, it's a good idea to hold an initial meeting in person to establish team practices.

· A completely separate team can better handle work that doesn't fit well into a Scrum Sprint (e.g., chasing down key people, interconnecting with other client debts). These teams can concentrate on developing the software. Technical writers can help with this, even with various communication costs (Edoh et al., 2018).

· Customers may still demand detailed records, even if it is not necessary for computer programming. However, in a Scrum project, user stories cannot be replaced. The cost of reconciling prerequisites in two places must be involved in planning.

· Automatic vehicle testing is essential to avoid slowed down by correlation bugs as software is released in stages. The project will add for itself before the project is finished.


Edoh, T. O., & Dehou, G. J. M. (2018). A multimodal speech-based Scrum Board for Agile Healthcare Inclusion of Traditional Healers in Rural Healthcare. In IREHI.

Kurniawan, F. F., Shidiq, F. R., & Sutoyo, E. (2020). WeCare Project: Development of Web-based Platform for Online Psychological Consultation using Scrum Framework. Bulletin of Computer Science and Electrical Engineering1(1), 33-41.

Jakupovic, A. (2021). Implementation of the Scrum method in a healthcare project: A case studied at Region Västra Götaland.

Velthuijsen, H., Balje, J., & Carter, A. (2015, October). Agile development as a change management approach in Healthcare Innovation Projects. In 3rd Understanding Small Enterprises (USE) Conference 2015.


Running Head: HIPAA 1


Health Insurance Portability Accountability Act

Frances Ogbankwa

HCM 690 Healthcare Informatics Capstone

Health Insurance Portability and Accountability Act (HIPAA) recommends that the patient has the right to disclose or share his medical information with anyone. A patient has the full right to view his medical records, and that right is given to him by the HIPAA (Moore et al., 2019). When a patient asks for his medical records, the hospital or the staff cannot prohibit the patient from seeing its medical record. Patients often like to see their medical records, this it gives them an idea of having the knowledge to know what is wrong with them and examine how well the doctor has treated the presented health issue.

Although the patients have full right to their own medical records, there are still some situations where the doctors prohibit the patient from accessing their complete record. In such situations, the doctors find it best if the patient does not see their complete record. If there is some information in the record that could potentially be harmful to the patient if known, but in some cases it would be most beneficial to give them full information.

There are multiple situations where the information is harmful to the patients, especially in psychotherapy; the doctor notes are often not shared with patients as doctors think it may be injurious to a patient who is already contemplating suicide (Rapaport et al., 2016). In addition to that, sharing some information can also lead to patients self-diagnosing and going against the doctor's advice.

Medical Cyber-Physical Systems (MCPS) sets up a carefully organized framework for medical devices that are life-based, interactive, and considered to be combined with patient care. These framework conditions are gradually being used in the clinic to take patients in complex medical situations in the long run. The need to design a complex MCPS that is protected and executable varies, including framework programming, interoperability, setting up discrete decision support, and achieving key levels of validation in self-determination, security, and affirmation. It brought difficulties (Nair et al., 2019).

The two most important changes in medical devices are the deep reliance on software, the usefulness of networks, and the wide accessibility of organizational availability. Previous improvements mean that the product has always played a major role in the general safety of the device. The latter says that cyber medical gadgets do not act as an independent device that can be independently planned, validated, and used to treat patients as a distributed framework that simultaneously reviews and controls many parts of a patient's physiology. It comes from the facts. With a combination of embedded medical software and hardware, new systems management capabilities, and elements of the human body that are confused, today's medical cyber-physical systems are a special class of Cyber-Physical Framework (CPS) (Rahaman et al., 2018).

Medical Cyber-Physical System (MCPS) is a healthcare information system implemented in multiple organizations. It is easily one of the most popular healthcare information systems present right now. And this is the type of healthcare system implemented in my organization. This is the healthcare system we will apply to the HIPAA audit today. An audit is a process that includes evaluating any procedure or any tool, technology, or system to decide whether it is working properly or not. An audit tells you whether an organization is performing the job efficiently and whether it has allocated its resources properly in places where it will reap the maximum benefits for the organization.

An audit is a process that is carried to find faults, limitations, shortcomings, and wrongdoings in any process, organization, and technology. An audit is an official inspection of organization activities and processes which details how an activity should be carried out and how it is being carried out in real-time. It is used to showcase the stark differences between the set procedures and the real procedures being applied in the organization. An audit is a process that can be seen in any organization. And it is also seen in the medical and healthcare field. A medical audit is a process that reviews and details how well the medical procedures are being performed and how efficiently the procedures can be improved so that the results are made better. It is an inspection procedure used to improve the quality of healthcare.

HIPAA audit is carried out to analyse whether the healthcare and medical information systems comply with the HIPAA ordinance and how well these information systems are coping with securing the information and managing it properly. With increased risks and threats every day, patient information has become more sensitive with each passing day. Data leaks and privacy invasions are becoming a normal thing in healthcare. In such an aspect, it is becoming tremendously difficult for a healthcare information system to keep patient information safe and secured.

It is important to run a HIPAA audit on the Medical Cyber-Physical System (MCPS) system as well as these devices also store a lot of personal information about patients. Hence, it becomes tremendously important to apply HIPAA audits on MCPS devices. It is important to ensure that an information system follows HIPAA Title 2. This title 2 is a privacy rule which focuses on Protected Health Information (PHI). This rule indicates the protection and safety of personal health information stored in these information systems.

When performing the audit of the healthcare information system, it is important to ensure all the recent updates and changes made in HIPAA. The most recent change made in HIPAA policies and compliance rules is made through the Health Information Technology for Economic and Clinical Health Act (HITECH), which was a part of the American Recovery and Reinvestment Act (ARRA) of 2009. Under this recent change, the HIPAA right of access was updated and modified. Now HIPAA allows the patients to obtain a copy of their health records in an electronic format (Rosenbloom et al., 2019). Before this feature was not available to the patients, HIPAA only allowed for patient information to be given in a patient record file. But this recent change made it possible for HIPAA to allow patients to collect their data from their physicians and healthcare systems in the form of electronic data as well. This is how HITECH changed HIPAA with the new regulation.

To successfully pass a HIPAA audit, it is extremely necessary that an organization follows certain rules and fulfil some requirements to ensure that a company has all its healthcare systems secured and protected. Six basic steps prepared an organization for a HIPAA audit. The first step that an organization needs to follow to be successful in a HIPAA audit is to prepare the staff of that organization for HIPAA. These steps include training your staff about what HIPAA is, its compliance requirements, and how to achieve those requirements. If the staff is not properly trained, those requirements cannot be properly met, and the organization will fail the HIPAA audit compliance checklist. The organization can also document the training session it provides to its employees to show the Office of Civil Rights (OCR) that their organization is dedicated to ensuring HIPAA compliance (Dobran, 2018). The organization can also make special policies that only cater to the HIPAA compliance audit.

The next crucial step to be performed is risk management. That organization must perform risk analysis before a HIPAA audit. A HIPAA risk analysis is performed to analyse the system properly and to check whether there is any risk that the organization is exposed to. It discloses all the risks in the company, and the risk management process is then used to eradicate and handle those risks. Risk management is a process that details a plan to handle risk and ensure the organization is ensured. This step also ensures that the organization creates security documents and compliance rules state reports.

The next necessary step is to choose a security and privacy officer. It is one of the basic requirements of HIPAA that every business must have a dedicated security and privacy officer who should be responsible for securing and maintaining the privacy of PHI. This officer will be responsible for deciding on third-party vendors, and he will discuss the security management with an OCR. The fourth necessary step is to review policy implementation. As discussed above, companies need to make security and privacy policies in the organization. But making policies is not the only task; implementing those policies properly is also extremely important. The business must ensure that the employees follow those policies and whether they are according to needs.

Afterward comes the step of conducting an internal audit for the company. It is the best way to ensure that the company follows proper HIPAA compliance rules before the OCR audit. Taking assistance from a company that performs audits can be beneficial in finding out shortcomings in your organization. It is also important to check all your policies and see their impact on the organization. Finally, the last step is to create a remediation plan to ensure that the company keeps on finding risks and managing HIPAA compliance rules even after the audit. This plan will ensure that the HIPAA rules are always being followed and privacy and security are always maintained.

Gap analysis compares actual performance with the desired and predicted performance of an organization. This process is carried out to identify the lack of resource allocation, planning, capabilities, and structures that make the company fall behind on its desired goals and potential. The gap analysis is prepared to analyse and detect an organization's parts that need special attention and have multiple faults. This kind of analysis proves extremely helpful in the process of audit. This prepares the system for an extensive audit and can help find shortcomings in the system beforehand. It allows companies to see where they are now and where they want to be in the future.


Dobran, B. (2018). HIPAA Compliance Audit: Expert Security Guide to Stay Compliant. Retrieved from Pheonix Nap: https://phoenixnap.com/blog/hipaa-compliance-audit

Moore, W., & Frye, S. (2019). Review of HIPAA, Part 1: History, Protected Health Information, and Privacy and Security Rules. Journal of Nuclear Medicine Technology 47 (4), 269-272.

Nair, M. M., Tyagi, A. K., & Goyal, R. (2019). Medical Cyber-Physical Systems and Its Issues. Procedia Computer Science Volume 165, 647-655.

Rahaman, M. O., Shuvo, A., & Kashem, M. (2018). CYBER-PHYSICAL SYSTEMS FOR HEALTHCARE. International Journal of Advanced Research (IJAR).

Rapaport, L. (2016). Patients can't always access complete medical records, doctors say. Retrieved from Reuters: https://www.reuters.com/article/us-health-hipaa-charts-idUSKCN0YE2PY

Rosenbloom, S. T., Smith, J. R., Bowen, R., Burns, J., Riplinger, L., & Payne, T. (2019). Updating HIPAA for the electronic medical record era. Journal of the American Medical Informatics Association, Volume 26, Issue 10, 1115-1119.


Healthcare Data Security Plan

Frances Ogbankwa

HCM 690 Healthcare Informatics Capstone

Table of Contents

Introduction 3 Healthcare Data Security Plan 4 Risk Analysis for all Systems 5 Cloud Security Implementation 5 Check Accessibility Performance 5 Third Parties Management 6 Risk Assessment Development 6 Interoperability Challenges 6 Evaluating Vendor Systems 7 Mitigation Strategies with Recovery Plan 7 References 9


Taking the seriousness of the condition home is evidence that all aspects of this demanding culture require collecting large amounts of individual data. There is always an opponent ready to develop a strategy and defeat you. Although medical institutions have confidential data, compliance and safety are not usually a priority in this area – their emphasis is on patient care, which must be the case. However, part of this care is to protect the patient's “personally identifiable information” (PII) and “protected health information” (PHI). However, in the end, numerous healthcare professionals and institutions let things get in the way of throwing the dice. The medical forms filled by patients are fertile ground for criminals to capture IDs. Most healthcare consumers are aware of this but still do, believing that their provider has all the right systems in place for protecting their information. If patients lose confidence in the PII and PHI protection techniques, they may lose confidence in the entire service provided by the provider.

Cyberattacks, hacker attacks, and data leaks are increasingly serious problems in the healthcare sector. “In 2019, there were more than 1,500 data breaches and more than 165 million sensitive data in the United States (Clement, 2020). Medical institutions have access to a massive amount of private data, which makes cyber security, privacy and security a preference”.

“The Health Insurance and Liability Act (HIPAA) sets standard privacy policies to secure patients' medical records and other personal health information (PHI). HIPAA offers security policies that are specific to electronic PHI. Healthcare institutions need to comprehend that “healthcare data security” is more than just “consistency'': it should be the foundation of the hospital's patients' application because it is necessary to maintain consumer confidence and the health of organizations (Mooney, 2019).

Healthcare Data Security Plan

The escalation of electronic medical records (EMRs), together with current leaks in "patients' personal health information" and personal identification information, has emphasized the requirement for online security in clinics. Although EMR security measures have been incorporated into the 1996 Health Insurance Transfer and Liability Act (HIPAA), human error and "our approach will not happen" are factors that hinder real security. HIPAA security policies need special measures for ensuring "confidentiality, integrity and security," such as passwords and PINs, to restrict authorized individuals from accessing patient information. Or encrypt stored data not to be read or comprehended unless someone can "decrypt" it through a special key that is merely accessible to regulated persons. However, the bill does not guarantee that hospital systems or individual practices will not be affected by an ever-changing threatening environment.

The main idea of the network is to divide data according to their importance. Think about the hospital's payment system. Radiology departments need to use X-rays, imaging, and other diagnostic tests, but they do not need to access patients' credit card information unless they send their invoices. It is important to dismantle the network and use policies to restrict the access required for specific operations.

Classification is to classify the request and then assess whether it is accepted. “This stage of protection is more beneficial in preventing workers from accessing identified infected websites, or preventing viruses from scattering across the network, or even preventing them from updating. In many instances, this is the essence and realm of how the NextGen firewall will be easy to access for anyone”. These classifications facilitate content, not web pages, to be blacklisted. This means that the firewall is now learning “how to block or not block your request in a way” that provides a minimum of false positives and frustration to users. Although the Intrusion Detection System (IDS) has only three characters, it is detrimental to the world for hackers. IDS stands for "Intrusion Detection System," as the name implies. The system detects and records any suspicious inbound and outbound patterns and sends alerts. Such techniques are very influential against many attacks because they can detect identified attack trends and provide managers with the key data needed to reduce the recurrence of such attacks in the future.

How do healthcare institutions prevent data leaks and cyberattacks? It first establishes an IT security system approach with a cohesive security mechanism (Brady, 2018). Healthcare institutions must adopt a synchronized and coherent way to protect patients' data securely. Here are five steps that can be taken into consideration when constructing comprehensive data protection and security plan for healthcare patients:

Risk Analysis for all Systems

“Healthcare institutions must comply with HIPAA safety regulations. Operational risk analysis is necessary “to determine when and where security risks exist and their likely effect” on the three main objectives of health information security; confidentiality, honesty, and accessibility of ePHI (Information Security, 2020).

By determining all ePHI-containing systems, organizations will monitor patient information effectively.

Cloud Security Implementation

The Microsoft 365 cloud builds security and enables real-time communication that all healthcare professionals know, communicates with patients, and increases operational efficiency (Williams, 2019). Cloud security enables flexibility and custom control.

Check Accessibility Performance

The organization must decide who has access to programs and systems. Identify careless users and ensure that they receive appropriate training.

Third Parties Management

It is a mistake to think that a third party is responsible for the agency's data. Healthcare institutions will ensure that appropriate security and surveillance controls are in place to ensure IP restrictions, data backup, encryption, etc., to ensure that “there is no risk of data leakage."

Risk Assessment Development

According to HIPAA notification rules, parties must perform a risk assessment to determine the possibility of damage to health information (Fairwarning, 2018). The aim is to determine whether the data breach is the most reported in the Charter. The Agency must ensure that it complies with HIPAA regulations and policies.

Interoperability Challenges

Collaboration is a major issue for decision-makers, patients, and providers. According to (Monica 2017), the following are the four main challenges to achieving real synergy: Developing a standardized approach to identifying patients. By developing standard methods for identifying patients, the organization can ensure that the exchanged medical information is completed accurately and efficiently. Patie