Managing Risks in a Hospital

589 Words2 Pages
Managing Risks Hospitals have hazards of ID theft, inadequate or false financial disclosure, theft of personal and identifiable health information, law suits from the loss of health information, losses from fraud, and damages to the business image from all these hazards. There are standards that govern the internal controls of hospitals and control how information is used, disclosed, and safeguarded. If the hospital is a public entity, it will fall under the Sarbanes-Oxley Act of 2002 that governs how financial statements are presented (Saranes-Oxley Essential Information). The FACTA and the ITPEA are two laws that govern the protection of identity of personal information (Holtfreter, 2006). And, HIPAA governs the safeguarding and use of identifiable health information (Health Information Privacy). The risk of fraud is managed by system safeguards of firewalls, intrusion detection, usernames and passwords, and access controls that control what information users are allowed to access based on their individual job duties. Users login to the system using passwords and usernames. They are only allowed to access the information they need to perform their individual job duties. The organizations also utilize separation of duties with monitoring for errors done by still other positions. For example, as the Accounts Payable and Accounts Receivable Clerks enter transactions into the system, Accountants reconcile the accounts for errors. The CAO then monitors the overall
Open Document