CALL FOR PAPERS

ASHRM is seeking new articles for its Journal of Health Care Risk Management. 

More Info

ASK US ABOUT

How our JCAHO to COBIT mapping guidelines can improve your survey results.

Using our simplified checklist approach to document business associate risk assessments.

New Resources

DEA eRx Rule
Quick summary of new e-prescribing rule for controlled substances  

More Info

Mar 23 -- Jun 1
Bill Pankey, Tunitas Group will lead the San Francisco ISACA Chapter CGEIT Class

More Info

Apr 21 -- Jun 23
Bill Pankey, Tunitas Group to mentor a SANS Forensics and Incident Response- Advanced Hacking Mentoring Class

More Info

 

New Webcasts

May 20
Healthcare IT Balanced Scorecard

Jun 10  
Assessing Indidividual Harm for HITECH Breach Notification Decisions

Jul 15  
Extended Enterprise Risk Management

More Info

 

 

Risk Management

Healthcare organizations routinely encounter risks that jeopardize the health and well being of patients as well as the financial status of the organization.  

Risks arising from clinical operations and medical malpractice are generally well recognized, as are risks associated with billing errors, fraud and abuse claims, and workers compensation.  Untill recently, the risks associated with data management and information technology have been overlooked or written off as merely IT problem.

Healthcare organizations that overlook the impact of data management and IT risk often fail to recognize the potential impact of system disruption, data corruption, accountability errors, and poor data quality on the organization’s workflows and healthcare business processes.  This situation results, in part, from an IT security organization that imperfectly understands the healthcare business functions or the ways in which IT errors impact core healthcare operations.  The disconnect is exacerbated when the IT manager focuses on the security concerns of confidentiality, integrity, and availability while avoiding broader issues of information effectiveness, efficiency, reliability and compliance.  The IT risk manager's toolset seems meager when applied in an IT centric, bottom-up, CISSP Book of Knowledge approach.  The cost of treating IT risk solely from an IT perspective leads to an imbalance in the risk identification and analysis results.  IT risk exposurs is overestimated while business impact is underestimated.  

The Tunitas Group risk management approach is top-down, driven by our indepth understanding of healthcare business processes and our ability to engage healthcare business managers and IT staff in risk management discussions.  Contact us for a Tunitas Group IT risk management fact sheet:

Tunitas Group Expertise

Tunitas Group consultants have considerable training and experience in the identification, analysis and treatment of IT-related, healthcare business risk and are certified in IT and Healthcare Risk Management domains, including ISACA CGEIT, CISA, CISSP, CPHRM.