Presentation is loading. Please wait.

Presentation is loading. Please wait.

Role-Based Access Control Project

Published byScott O’Brien’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Role-Based Access Control Project"— Presentation transcript:

1 Role-Based Access Control Project
Healthcare Partners Association Role-Based Access Control Project GBA 573 – IT Project Management Amy Page 12 July 2004

2 Overview Role-Based Access Control (RBAC) is a method to control access to resources on an information system. The Health Insurance Portability and Accountability Act (HIPAA) is requiring that organizations secure patient data and limit access to patient data. Healthcare organizations need to ensure patient privacy by limiting the access to healthcare applications and patient records to qualified personnel on a “need-to-know” basis. RBAC is critically important to the security aspects of healthcare organizations. “Should this person (or a person who performs this job function) typically be allowed to access this type of data?” 12 July 2004 GBA 573 Final Project

3 Problem Statement Healthcare Partners Association, with $20 billion a year in revenues and 100,000 employees, must comply with the HIPAA regulations by June 2006 by implementing an access control technology such as role-based access control. As such, Healthcare Partners Association has formed the Authorization Infrastructure Program to implement an RBAC mechanism within its current health information systems. 12 July 2004 GBA 573 Final Project

4 Project Overview Supports the definition of healthcare functional roles and permissions within the Authorization Infrastructure Program Analysis-based Composed of individuals knowledgeable in healthcare workflows Creation of a harmonized list of healthcare permissions along with associated work profiles Derivation of healthcare roles for authorization use within the Healthcare Partners Association health information systems Gotcha - Implementation within healthcare is very challenging with a vast array of healthcare personnel roles and tasks Never been accomplished before 12 July 2004 GBA 573 Final Project

5 Project Analysis: Project Objectives
The targeted objectives are: Adopt a role engineering process to accomplish defining roles and permissions Identify and model healthcare workflows of licensed, non-licensed and non-caregiver healthcare personnel Define healthcare functional roles and permissions for use in the access control portions of Healthcare Partners Association health information systems 12 July 2004 GBA 573 Final Project

6 ROI Analysis: Cost/Benefit Analysis
Costs Definition of the healthcare functional roles and permissions Implementation of the Authorization Infrastructure Program will cost $30 million, $1.2 million allocated to this project Tangible Benefits Measured against the overarching Authorization Infrastructure Program Annual administrative cost savings ranges can be $6.92 per employee Average annual savings related to improved employee productivity are estimated at $74 per employee Intangible Benefits More fine-grained access control due to improved management of assignment of permissions using roles Reduces excessive assignment of permissions Assignment of users to roles can be done by administrative/clerical personnel vice security 12 July 2004 GBA 573 Final Project

7 ROI Analysis: Cost/Benefit Analysis
Setup $18,600 Licensed HC Personnel $516,300 NonLicensed HC Personnel $106,500 NonCaregiver HC Personnel $502,560 Delivery to Authorization Infra Program $2,400 Authorization Infrastructure Program $28,853,640 Total Cost $30,000,000 Benefits Administration savings ($6.92/employee per year) $692,000 Increase in employee productivity ($74/employee per year) $74,000,000 Total Benefits $74,692,000 ROI  4.8 months! 12 July 2004 GBA 573 Final Project

8 Project Design: Requirements Analysis
The Healthcare RBAC Project has the following requirements: Perform analysis of the workflows of licensed healthcare personnel (e.g. physician, registered nurse) Perform analysis of the workflows of non‑licensed healthcare personnel (e.g. nurse’s aide, phlebotomist) Perform analysis of the workflows of non‑caregiver healthcare personnel (e.g. clergy, admission clerk) Create a healthcare scenario roadmap detailing the functional roles and permissions associated with healthcare personnel Use a database for all data collection 12 July 2004 GBA 573 Final Project

9 Project Design: Risk Management Plan
A comprehensive analysis of all risks with an assessment of their likelihood of occurrence and expected consequences A mitigation plan is established for each item identified as a risk. Developed and implemented under the leadership of the RBAC Project Manager Risks continuously tracked and reported on at each monthly Progress Review 12 July 2004 GBA 573 Final Project

10 Project Design: Risk Assessment
Risk Description/Text Description Risk Exposure Risk Evaluation Trigger Mitigation R1 Licensed subteam will not meet schedule due to regular job duties. 108 5 Some project team members are not dedicated personnel. Line up alternates. R2 Non-licensed subteam will not meet schedule due to regular job duties. 12 1 R3 Non-caregiver subteam will not meet schedule due to regular job duties. 41 Total 161 12 July 2004 GBA 573 Final Project

11 Project Design: Communications Plan
Used as needed Weekly Conference Calls Used for management updates and technical interchange Monthly Progress Reviews Used for top-level management review and update Groove Collaboration Tool Used for collaborative work and development of artifacts RBAC Website The RBAC website is located on the Internet at Issues Database GUI-based tool created in Groove for issues tracking 12 July 2004 GBA 573 Final Project

12 Project Development: WBS
12 July 2004 GBA 573 Final Project

13 Project Development: WBS (cont.)
12 July 2004 GBA 573 Final Project

14 Project Development: Staffing
Project is unique in that – Primarily an analysis of healthcare workflows Domain experts from various healthcare disciplines are required Healthcare personnel greatly vary in cost 12 July 2004 GBA 573 Final Project

15 Project Development: Implementation Method
The Healthcare RBAC Project will use a role engineering process based upon the scenario-driven process as defined by Neumann and Strembeck. The role engineering process is defined as: Identify and Model Usage Scenarios Derive Permissions from Scenarios Refine the Scenario Model (Iterative), as necessary Define Tasks and Work Profiles Derivation of a Preliminary Role-hierarchy Define the RBAC Model G. Neumann and M. Strembeck. A Scenario-driven Role Engineering Process for Functional RBAC Roles, June 2002. 12 July 2004 GBA 573 Final Project

16 Project Development: Implementation Method
12 July 2004 GBA 573 Final Project

17 Testing/Documentation
No testing is required since this is an analysis project Peer reviews and approval of all deliverables is required Mandatory that the licensed, non-licensed and non-caregiver domain experts review all other deliverables, such as the Healthcare Scenario Roadmap Deliverable peer reviews will be accomplished using the Peer Review Process as defined by the organization 12 July 2004 GBA 573 Final Project

18 Final Analysis The Healthcare RBAC Project…
Is critical to the success of the Authorization Infrastructure Program Will enable the Authorization Infrastructure Program to complete its integration with the health info systems Return on investment within 4.8 months and will continue to have cost savings associated with the implementation of RBAC for years to come But… High-risk item  completing the analysis of the licensed healthcare personnel Imperative that the RBAC Project Manager continuously monitor the progress of the project and proactively recruit alternates for the licensed healthcare subteam 12 July 2004 GBA 573 Final Project

19 Questions? 12 July 2004 GBA 573 Final Project

Download ppt "Role-Based Access Control Project"

Similar presentations

Increasing Capital investments

Increasing Capital investments
Project Management Concepts

Project Management Concepts
Facilitated by Joanne Fraser RiverSystems

Facilitated by Joanne Fraser RiverSystems
Enabling Access to Sound Archives through Integration, Enrichment and Retrieval WP1. Project Management.

Enabling Access to Sound Archives through Integration, Enrichment and Retrieval WP1. Project Management.
Project Management Process. Project Complexity means that: a team of people are needed to supply expertise the work needs to be broken into manageable.

Project Management Process. Project Complexity means that: a team of people are needed to supply expertise the work needs to be broken into manageable.
Project Cost Management Estimation Budget Cost Control

Project Cost Management Estimation Budget Cost Control
Staffing And Scheduling.

Staffing And Scheduling.
Project Integration Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 4 th Edition, Project.

Project Integration Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 4 th Edition, Project.
Project Management Process Project Description Team Mission/ Assignment Major Milestones Boundaries Team Identification Measures of Success Roles & Responsibilities.

Project Management Process Project Description Team Mission/ Assignment Major Milestones Boundaries Team Identification Measures of Success Roles & Responsibilities.
4. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the elements of project management and the responsibilities of a.

4. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Explain the elements of project management and the responsibilities of a.
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.

Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
IS&T Project Management: Project Management 101 June, 2006.

IS&T Project Management: Project Management 101 June, 2006.
©© 2013 SAP AG. All rights reserved. Project Management Scenario Overview Planning Project Scenario Explorer Open Legend Project Manager Scenario Description.

©© 2013 SAP AG. All rights reserved. Project Management Scenario Overview Planning Project Scenario Explorer Open Legend Project Manager Scenario Description.
Project planning. Software project management Informal definition of management – The art of getting work done through other people Software project management.

Project planning. Software project management Informal definition of management – The art of getting work done through other people Software project management.
1 M&S Teachers Seminar: Project Management Presented by: Paul E. Paquette September 26, 2013.

1 M&S Teachers Seminar: Project Management Presented by: Paul E. Paquette September 26, 2013.
Network security policy: best practices

Network security policy: best practices
Chapter 9. Intro  What is Project Management?  Project Manager  Project Failures & Successes Managing Projects  PMBOK  SDLC Core Process 1 – Project.

Chapter 9. Intro  What is Project Management?  Project Manager  Project Failures & Successes Managing Projects  PMBOK  SDLC Core Process 1 – Project.
® IBM Software Group © 2006 IBM Corporation PRJ480 Mastering the Management of Iterative Development v2 Module 3: Phase Management - Inception.

® IBM Software Group © 2006 IBM Corporation PRJ480 Mastering the Management of Iterative Development v2 Module 3: Phase Management - Inception.
Learning with a Purpose: Learning Management Systems Patti Holub, Director District Initiatives and Special Projects Miguel Guhlin, Director Instructional.

Learning with a Purpose: Learning Management Systems Patti Holub, Director District Initiatives and Special Projects Miguel Guhlin, Director Instructional.
Chapter : Software Process

Chapter : Software Process

Similar presentations

Ads by Google