Failure Modes and Effects Analysis

Description of a Process 

Electronic Health Records (EHRs) are a critical component in health care delivery. In my organization, patients walk in to receive treatment and have their details electronically recorded by a receptionist. Physicians and nurses add information about the client by accessing the database when providing their care. In turn, billers access the full information of the patient to prepare invoices that they would send to insurance firms for reimbursements. The receptionist and other staff might be called by physicians to help provide comfort to patients and help out with the process of documentation if the clinicians are short-staffed. The freedom and authority that non-clinicians such as receptionists and billers have been given with respect to access to patient information threaten patient confidentiality and privacy. There is no limited access that would protect health records to prevent breaches. According to ( Miotto, Wang, Wang, Jiang, & Dudley, 2018), i nformation may be stolen, distorted, or completely destroyed for personal use against a patient. Their lack of proper security of patient records is a violation of the HIPAA laws and may attract legal lawsuits and reduce trust from patients who would, in turn, affect the hospital’s revenue flow. 

Potential failure Modes, Effects, and Mitigation Techniques 

One potential failure mode is that there is a likelihood of the staff leaking critical information due to their freedom of access to the data. The effect of the failure is that leaking of patient information would reduce the trust patients have with the facility. In turn, they will be unable to provide all information regarding their health to physicians thereby limiting the quality of care they could receive ( Moore & Frye, 2019) . The second potential failure mode is that the facility also risks having damaging lawsuits from patients that would destroy their reputation due to their violation of HIPAA laws. They may be forced to either not use the EHRs or upgrade the system. The other impact is that the lawsuits may be costly to the institution and create losses, especially since there may be a reduce the flow of patients due to their tainted reputation ( Moore & Frye, 2019). The negative cash flow of the hospital would make them unable to run their operations smoothly and improve the overall patient outcomes. 

The hospital could ensure that they give different levels of authorizations to its staff to prevent unauthorized access to the health records. Nurses and physicians should have the highest level of clearance where they are given access to patient information for the purpose of research or improving their health. As mandated by HIPAA laws, hospitals should use suitable methods of protecting patient records by limiting the access of the information to the staff ( Edemekong & Haydel, 2019) . For instance, physicians and nurses should have the highest access to all patient information while receptionists only get access to demographic data. Billers should also have limited access to information and only get what they require for processing invoices. The hospital should also train all members on how they should protect patient data and not delegating their roles to others. For instance, physicians should not delegate their functions of documenting critical information to non-clinicians who might leak the information to others. The staff should also be educated on how to use passwords and set their computers at an angle that would limit others from viewing the records ( Edemekong & Haydel, 2019) . Also, software that limits access to staff members who have no authorization should be used to improve the overall safety of the records from people with the wrong intentions. 

Risk Priority Numbers 

On a scale of 1 to 10 in the leaking of health records, the rare of severity (SEV) is 8, its likelihood of occurrence (OCC) is 8, and the detectability is 3 because it would be difficult to pinpoint the exact culprit since anyone can access the records. The total Risk Priority Number (RPN) would be 192 (8*8*3). In the risk of having costly legal lawsuits, the severity would be ranked at 8, occurrence rate at 7, and detectability at 3. Therefore, the Risk Priority Number would be 168 (8*7*3). In this regard, there is a higher possibility of the institution having cases of leaked patient information to others due to unlimited authorization of access. 

The organization is not prepared for the process to fail due to the potential risks in the processes of documentation. Their detectability level is significantly low at level 3. This means that they have a slim possibility of identifying or knowing whether the failure will occur or not. A low detectability level is an indication that the organization’s level of preparedness is not high. For instance, it is difficult to know the individual culprit responsible for the failure. This also shows that there is a little chance of the institution knowing whether it might be sued for mishandling of patient information or not. Similarly, the high Risk Priority Number is an indication that the hospital has not done anything to prevent the risk. As a result, the threat remains high and may increase further if the hospital does not take the recommended actions. In this regard, the organization is not prepared for the process. 

References 

Edemekong, P. F., & Haydel, M. J. (2019). Health Insurance Portability and Accountability Act (HIPAA). In  StatPearls [Internet] . StatPearls Publishing. 

Miotto, R., Wang, F., Wang, S., Jiang, X., & Dudley, J. T. (2018). Deep learning for healthcare: review, opportunities, and challenges.  Briefings in bioinformatics ,  19 (6), 1236-1246. 

Moore, W., & Frye, S. (2019). Review of HIPAA, part 1: history, protected health information, and privacy and security rules.  Journal of nuclear medicine technology ,  47 (4), 269-272.