COBIT Analysis For IT Risk Management Of Hospitals And Medical Organizations

Objective of COBIT analysis

Why is COBIT implemented?

For hospitals and medical organizations, risk management typically refers to conditions like immediate response situation. The staff and employees of medical organizations have very less knowledge and experience about IT and high-risk management related to it (Putri, Lestari & Aknuranda, 2017). Their management style is not well planned in case of IT risk assessment and response. Implementing a well-organized and efficient IT based risk management system is utmost important for medical facilities as the IT for such organizations are quite critical and complex in nature (Boži?, 2012). In addition to this, medical staffs do not have adequate knowledge in this field. This is the reason COBIT 4.1 framework has been chosen to analyze the IT risk management and steps required for these within a short time limit.

The risk factors related to any health organizations are typically three types. The medical risk factors, which include situations, like bacterial or information outbreak, medical errors and any problem related to the medical situations (Khther & Othman, 2013). The second in the list is the financial risks like, irregular cash flow, irregular bill clearing or anything related to cost management system. The last in the list is the rules and regulations, which includes matters like electronic statements and intern acceptance (Othman et al., 2013). To manage these risk factors and implement a proper IT base solution is the target of COBIT framework.

Objective of COBIT analysis

The objective of implementing COBIT analysis is to give reasonable affirmation that future objectives can be achieved and any undesirable event can be predicted successful and can be prevented in time. All these can be achieved if the company policies, practices, and organizational formation is reviewed and renewed.  Certain control objectives do exist in IT based governance system, which are helpful to build sustainable administration (Pasquini & Galiè, 2013). This process can be a continuous service if certain control parameters are renewed like communication among departments, improved customer service, implementation of tight data security (Andry & Hartono, 2017). A continuous test of all these parameters are also quite important to keep up with the high-service quality. COBIT 4.1 framework provides guidelines to assess control and rearrange particular IT based processes to enhance the service of a certain organization (Surbakti, 2014).

COBIT 4.1 framework based analysis of the requirements and implementations in City Medical Partners

As per the COBIT 4.1 framework, the requirements, which need to be addressed in City Medical Partners Organization in the planning and organizing phase. The requirements are as follows.

• Communication between administration and other staffs of the hospital is important: it has been found that the lack of timely communication among doctors, nurses and other staffs and the administration is quite weak. This needs to be strengthened. Until now, there had been no official meeting been held due to which many doctors do not even care to inform the top management in case of any medical risk occurs. Such situations need to be addressed and only by a strong inter-departmental communication, this can be done (Batenburg, Neppelenbroek & Shahim, 2014).
• Strong IT based HR department is required: Human resource department is the strongest feature any successful organization will have anywhere. The objective of the HR is not only to maintain the data related to the organization but also to keep update of every new possibilities in the typical sector. Medical Field is no different. IT based HR department of any hospital is able to record current trends of treatment and latest medicines for a certain disease. In City Medical Partners, the HR department should be upgraded with more employees to record and maintain all the information. A proper IT based training is also important, as employees in this department require a good knowledge in the medical regulatory of New Zealand and medical rights of the citizens.
• Strong IT risk assessment team is required: it is not necessary that, only doctors and people related to medical science should be the employees of any hospital (Sadikin, Hardi & Haji, 2014). Like any other organizations, health care organizations do need a strong IT team to keep a watchful eye on the smooth running f any organization. Starting from organizing information of every employee and patients to keeping records of every surgeries performed and medicines provided in sudden cases and maintaining backup of all the records are all responsibilities of the IT team of any Hospital (Mangalaraj, Singh & Taneja, 2014).The City Medical Partners did not have any IT team until now which is why, the organization suffered a lot previously.
• Secure risk management policy should be implemented: in case of any high-risk situation, the fast response can be the key solution to save human life and other resources. There was no major risk management policy existed until now in City Medical Partners organization (Ramadhani, Kurniati & Maharani, 2013). A board combining senior doctors of different departments, administrators must be created. The aim of the board is to jot down strong risk assessment and risk management policies and update them in regular interval.
• Regular training on Regulatory laws: it is the duty of the HR department to keep records of and organize training sessions for doctors, nurses and clerks on the medical rules of medicine administration, performing treatments and human rights of the patients and the employees too. This is important so no case of deviation from nation medical regulatory laws happen in the hospital.
• Firm communication with health insurance providers is important: bill generation and clearance are two of the important tasks the finance department has to perform smoothly. Every patient in the country is supported by a health insurance policy of different insurance providers. At time of admission, a possible estimation of bill is made and provided to the insurance company by the hospital. Unless the hospital has a strong communication with the insurance providers, the bill clearance can be delayed effecting the treatment of the patient. In large scale, this can hamper the reputation of the hospital. The City Medical Partners Organization has faced major issues regarding bill clearance from insurance providers in past. This is why they need a team, which can build and maintain a strong relationship with the insurance companies so that the organization do not face any risk in the finance sector.

COBIT 4.1 framework based analysis of the requirements and implementations in City Medical Partners

COBIT 4.1 framework based planning required for City Medical Partners Organization

Based on the requirements of City Medical Partners Organization, below mentioned planning steps are required for the hospital.

• A High service level framework based IT system must be implemented for the organization which can ensure medical facility for anyone 24 hours a day and 365 days a year. The system should be able to allocate duties of doctors and nurses, perform data collection, management and other tasks automatically.
• Any kind of system lag should not be entertained in an emergency service like medical field. This is why; multiple backup systems should be installed to ensure a smooth operation. No patient should suffer due to lagging system (Krisanthi, Sukarsa & Bayupati, 2014).
• With critical and complicated medical conditions emerging every day, it is important to always update with all the records and updates of worldwide medical field and use them in emergency cases. In City Medical Partners Organization IT, system should be designed in such a way (TARIQ, HAQ & IQBAL, 2013). This is important to ensure fast and well-planned solutions in case of any disaster or high-risk condition. The service should not be hampered at any situation due not enough information and expertise.
• System security for the IT department is most important to ensure data security for the organization (Latif & Hanifi, 2013).
• Organize regular training sessions for physicians and medical staffs is another important thing the City Medical Partners Organization is important.
• Information management is another major aspect the administrators of the organization should plan. It is not helpful if data of all the patients and doctors are piled up. It can create major chaos in the hospital and can result in incorrect treatment and other problems.
• The organization should build a strong IT team to keep a watchful eye on all the actions, data storage and maintenance of the organization. The job role also includes maintaining communication between all the departments and employees (Amid & Moradi, 2013).
• The organization has to implement proper policies regarding data security in their systems. Data theft and hacking can not only affect the system it will also hamper the reputation of the organization.
• A patient-friendly environment in the hospital can improve the popularity of the organization. For example an automatic platform for outdoor patients to access information, regarding doctors available in the hospital and the tests, which are performed in a hospital. Like patients and common people, this is also helpful for the IT department of the hospital to maintain all the data.

Conclusion and Recommendation

City Medical Partners Organization, being a reputed organization has to maintain a high level of performance in their services. In case a lagging attitude in implementing a strong IT based risk management system can hamper the medical service of the company as well as the reputation of the organization. COBIT 4.1 frameworks are used here to clearly point out the requirements of the organizations. This report explains clearly that the medical facility has to implement an IT based system to resolve the entire short comes to maintain a strong position in the market. For an emergency service provider, City Medical Partners Organization should be able to understand the importance of communication within employees and top management. By implementing the results of COBIT 4.1 framework analysis, it is clear that the organization has to implement a thorough solution of IT based framework for a well-planned risk management system.

COBIT 4.1 framework is a typical analysis of the existing IT based system of an organization and analyze the short comes of the system. As per the report, the major problem in the IT based system of City Medical Partners Organization is the lack of communication among departments is hampering the smooth run of the system. In addition to this, the organization has to increase security levels of data safety besides increasing the strength of the IT department. Importance should be given to constant updating of the system to increase knowledge base on recent trends in the medical field and recent laws regarding patient safety and medical practices. The administration of must have to keep an eye on the finance department too, as any risk in this department can hamper the emergency services. The study recommends the City Medical Partners Organization to take immediate actions to enhance the IT based system. This will also escalate the process of treatments giving a boost to the reputation of the organization. Besides the enhancing the IT department, the management should know the importance of regular communication among doctors, nurses and top management. This is required to avoid any situation of medical risk.

For a medical institution, IT can have advantages besides risk factor. If implemented properly, IT can reduce the risk factors in considerable level, yet it can be a high-risk parameter in opposite condition. COBIT is a highly beneficial framework for any medical establishment to properly implement the IT or Hospital Information System (HIS) and avail risk management (Zhang & Le, 2013). This is because employees of any medical organization do not have adequate knowledge regarding how to handle IT related risk. COBIT framework is the best solution to cop up in such situation and identify the necessary steps, which need to be implement properly for risk management in hospitals. The report will explain the implementation of COBIT to analyze the IT-related risk assessment at City Medical Partners, which is situated in New Zealand.

The risk factors and COBIT control parameters for medical organizations

Identifying the risk factors and COBIT control parameters for medical organizations are quite a task for many specialists however, in case of City Medical Partners Organization, it is apparently an Easy one as the new Chief Information Officer (CIO) of the organization, Jim Foley, has previous experience of utilizing COBIT framework. He understands the importance of data protection and IT risk parameters. In addition, he has sound knowledge regarding the regulatory rules and regulations of Data protection and health organizations in New Zealand. The aim of this report is to identify the IT risk factors of the hospital and suggest regulatory actions, which will be beneficial for the organizations.

Reference:

Amid, A., & Moradi, S. (2013). A Hybrid Evaluation Framework of CMM and COBIT for Improving the Software Development Quality. Journal of Software Engineering and Applications, 6(05), 280.

Andry, J. F., & Hartono, H. (2017). Performance Measurement of IT Based on COBIT Assessment: A Case Study. Jurnal Sistem Informasi Indonesia, 2(1).

Batenburg, R., Neppelenbroek, M., & Shahim, A. (2014). A maturity model for governance, risk management and compliance in hospitals. Journal of Hospital Administration, 3(4), 43.

Boži?, V. (2012, June). Risk management in informatization. In Central European Conference on Information and Intelligent Systems Pg (pp. 337-493).

Khther, R. A., & Othman, M. (2013). Cobit framework as a guideline of effective it governance in higher education: a review. International Journal of Information Technology Convergence and Services, 3(1), 21.

Krisanthi, G. T., Sukarsa, I. M., & Bayupati, I. P. A. (2014). Governance audit of application procurement using COBIT framework. Journal of Theoretical and Applied Information Technology, 59(2), 342-351.

Latif, A. A., & Hanifi, N. (2013). Analyzing IT Function Using COBIT 4.1–A Case Study of Malaysian Private University. Journal of Economics, Business and Management, 1(4), 406-408.

Mangalaraj, G., Singh, A., & Taneja, A. (2014). IT governance frameworks and COBIT-a literature review.

Othman, M., Ahmad, M. N., Suliman, A., Arshad, N. H., & MARA, N. (2013). Towards COBIT-based Framework to Govern Flood Management. In PACIS (p. 118).

Pasquini, A., & Galiè, E. (2013). COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process. Proceedings of FIKUSZ, 13, 67-76.

Putri, M. A., Lestari, V. A., & Aknuranda, I. (2017, January). Audit of Information Technology Governance Using COBIT 4.1: Case Study in PT. XY. In Int. Conf. Ind. Internet Things (ICIIOT), Bandung, Indonesia (pp. 1-7).

Ramadhani, D. P., Kurniati, A. P., & Maharani, W. (2013). IT governance analysis of XYZ hospital based on COBIT 4.1. In The Proceedings of The 7th international conference on information and communication technology and systems (ICTS).

Sadikin, M., Hardi, H., & Haji, W. H. (2014). IT governance self assessment in higher education Based on COBIT case study: University of Mercu Buana. Journal of Advanced Management Science Vol, 2(2).

Surbakti, H. (2014). Cobit 4.1: A Maturity Level Framework For Measurement of Information System Performance (Case Study: Academic Bureau at Universitas Respati Yogyakarta). International Journal of Engineering, 3(8).

TARIQ, M. I., HAQ, D. I. U., & IQBAL, J. (2013). SLA Based Information Security Metric for Cloud Computing from COBIT 4.1 Framework. International Journal of Computer Networks and Communications Security, 1(3), 95-101.

Zhang, S., & Le, F. H. (2013). An Examination of the Practicability of COBIT Framework and the Proposal of a COBIT-BSC Model. Journal of Economics, 1, 5.