1. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 1
ASSIGNMENT 3: BRD and Risk Analysis (Wellness Activity Tracking
System)
JASH MEHTA
GROUP 3
Mentor: Kshitij Chug
Weekly meeting time (Group meeting): Wednesday 3-4pm
Weekly meeting time (Group + Mentor meeting): Wednesday 4-
5pm
Venue: Ice Box, Hinds Hall
2. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 2
Table of Contents
Context………………………………………………………………………. 3
Business Objectives…………………………………………………………. 4
General Requirements for Use cases ……………………………………… 5-22
- Data
- Functional
- Behavioral
- Business Intelligence
- Error Handling
- Notification
- Reporting
Maintenance Requirements………………………………………………… 22
Risk Analysis – Response Table……………………………………………. 23-29
- Risk Response
- Risk Mitigation
Risk Response/Mitigation Requirements………………………………….. 30-31
Key Risk Indicators…………………………………………………………. 31-34
Transition Requirements…………………………………………………… 35
3. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 3
Context:
Healthcare in the USA is going through a serious crisis.
• The spending of the USA on healthcare is 2X per capita than other industrialized nations.
• Medical bills are a major factor in more in more than 60% of the personal bankruptcies in the USA,
75% have health insurance.
• Between 2000 and 2006 health insurance premiums rose 87% and the average wages rose by 3.8%. In
spite of this the USA ranks 37th in healthcare system.
• The fully insured plans are expensive and hence one of the reason for the crisis in healthcare
economy.
• The alternative to fully insured plan is the self-insured plan. In this, the employer retains a portion of
the risk and instead of large premiums the employer pays the administrative bills and stop loss
company’s bills which are generally much lower than the monthly premium of fully insured.
Healthcare self-insurance and consulting Group offer customers with variety of services to our clients.
We encourage many wellness activities, promote self-management through healthcare Apps and
increased patient clinician interaction. Providing such services requires building an IT infrastructure and
systems which can support huge volume of customers.
4. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 4
Business Objectives
With the implementation of tracking system for wellness activities, determining success for wellness
activities, analyzing feedback and health metrics from the customers, analyzing health metrics from
medical information tracking system, our system looks to achieve following business objectives:
To provide IT infrastructure and implementation to track the various wellness activities,
the success in terms of patient participation, satisfaction and engagement.
Enable online portal and Apps for the patients/customers to login, view, browse and
register for various wellness activities
Enable customers to watch the wellness activities through webinars.
To establish an internal tracking system, which enables all the departments to leverage
data from departments and make decisions based on the data.
To use the data from different departments and make plans for wellness activities based
on the information
Let the users register for the wellness activities and this information gets updated in the
system
Let the wellness tracking team access data from medical tracking system and customer
feedback to analyze data and determine the satisfaction and engagement of the customers
5. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 5
Requirements for Use Cases:
Use Case 1: Enter Login Details & Verify
Requirements
Type Description
1.1 Data Requirements - The system shall provide the following text entry fields UserID
and Password
- The system shall provide a drop down to select the type of user
as “Employee”, “Customer”
1.2 Functional Requirements - The system shall provide a login page with User id and password
- The system shall ask the User to either click new user or existing
user
- If new user
The system shall provide form to fill in profile information
of the client such as name, phone number, gender, age
and previous health history.
The system shall provide dropdown’s to select the
relevant patient information such as name, wellness score
and policy number.
- If existing user
The system shall retrieve that specific patient’s profile to
be displayed on the screen
6. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 6
The system shall display the health records of the patient
such as accident history, sickness history and hospital
visits. Also, health metrics such as blood sugar level,
cholesterol, weight etc.
1.3 Behavioral Requirements - The system shall check the entered data for validation
- The system shall respond by redirecting to the home page
- The system shall respond by prompting the page with error
message
- The system shall provide an interface to update the customer
information
1.4 Business Intelligence - The system shall provide the total number of patients registered
in the wellness tracking application
- The system shall provide the total number of patients from a
specific region
- The system shall provide the total number of patients from a
specific ethnicity
- The system shall provide the total number of patients from a
specific age group
1.5 Error Handling - The system shall display an error message if the user enters
incorrect credentials
- The system shall display an error message if the user submits the
form with incomplete data
7. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 7
Use Case 2: Request or send medical history
Requirements
Type Description
2.1 Data Requirements - The system shall provide the following medical details for the
user:
Height
Weight
Cholesterol level
Blood pressure level
Insulin level
BMI
- The system shall provide historical medical data for the given
time period selected in the drop down box.
2.2 Functional Requirements - The system shall provide a medical history page
- The system shall ask the User to select the time period for which
he/she needs the medical data: for a week, for a month or for a
year
2.3 Behavioral Requirements - The system shall check the entered period data for relevant
medical history
- The system shall respond by showing the medical details of the
patient
8. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 8
- The system shall respond by prompting the page with error
message if no or insufficient data
- If new user
The system shall display the message to show no data
available
- If existing user
The system shall allow the user to select the health
parameter from the drop down box
The system shall display the health records of the patient
2.4 Business Intelligence - The system shall provide the weight of the patient
- The system shall provide the height of the patient
- The system shall provide the blood pressure of the patient
- The system shall provide the insulin level of the patient
- The system shall provide the BMI of the patient
- The system shall provide the Cholesterol level of the patient
2.5 Error Handling - The system shall display an error message if the user selects
irrelevant medical parameter
- The system shall display an error message if the user selects the
future data
- The system shall display an error message to prompt incomplete
data if user fails to choose one
9. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 9
Use Case 3: View and Register for Wellness Activities
Requirements
Type Description
3.1 Data Requirements View and register for Wellness activities has following data
requirements:
-Wellness Activity ID
- Wellness Activity Date
- Wellness Activity Location
- Wellness Activity Registered Customers
- Wellness Activity Expert/Instructor
- Wellness Activity Customers’ Teams
3.2 Functional
Requirements
The system shall:
1. Be able to send notification regarding new activities for
example: Wellness Activity Name, Wellness Activity Time,
Location, expert, customers’ teams
2. The users to enter their health metrics after few days of
wellness activity such as blood sugar level, cholesterol,
weight, mental health etc.
The system shall allow:
1. Allow the registration to be updated in the database
system based on the click of the RSVP button
10. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 10
3.3 Behavioral
Requirements
1. Browse efficiently and effortlessly across the web portal or
Apps
2. The system shall display all the wellness activities to the
user, once the wellness team gives authorization to a
wellness activity to be on the system
3. The system shall send notification automatically to the
users regarding the new wellness activities
4. The system shall allow users to login to register for
wellness activities
5. The users to view notifications regarding new upcoming
events
6. Once the user clicks on ‘register’ button the database
should be updated
7. The system shall allow users to give the overall feedback
for the activity, after the wellness activity is over.
3.4 Business Intelligence 1. The system shall evaluate information regarding the
wellness activity ID
2. system shall provide the information regarding wellness
activity date
3. The system shall provide the information regarding
wellness activity location
4. The system shall provide the information regarding
wellness activity registered customers count
11. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 11
5. The system shall provide the information regarding
wellness activity’s expert or instructor
3.5 Error Handling 1. The system shall display an error message if any user tries
to RSVP a wellness activity if he is not logged in
2. The system shall display an error message if any user tries
to RSVP a wellness activity and he is not eligible to attend
that particular wellness activity
Use Case 4: Update and send Registration date, time and location
Requirements
Type Description
4.1 Data Requirement After getting RSVPs from customers the information for
the wellness activity is updated on the portal:
- Customer ID
- Customer Name
- Customer RVSP status
- RSVP count
- Program Evaluation Feedback
4.2 Functional Requirement The system shall:
1. Be able to update the final date
2. Be able to update the final location
The system shall allow:
12. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 12
1. Send notification to registered customers
regarding final plans: final dates and final location
2. Registered customers to view the final plans: final
date and final location.
The system shall provide:
1. RSVP count to the wellness planning team
4.3 Behavioral Requirement 1. The system shall provide the wellness team with
the total number of customers who registered for
the wellness activity by aggregating the RSVP
status of all the customers
2. The system shall send final plans (date, time and
location) to the users for wellness activity
planned by triggering an notification to the
registered customers
4.4 Business Intelligence Requirement - The system shall generate the RSVP count
- The system shall only send the final plans to
registered customers
13. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 13
Use Case 5: Display Seminars & feedback forms for online initiatives
Requirements
Type Description
5.1 Data Requirements The feedback form and seminar list are viewed by the clients
after they login to the portal. The seminar list can be viewed
after the client in puts the following data:
Client ID
Login ID
Password
The feedback form is sent to the client based on the following
data:
Client ID
Activity/ seminar ID
Client email ID
5.2 Functional Requirements The tracking system will send in the Client ID and
Activity Id of the client that attended the seminar and
will automatically send the feedback form to the client
extracting the client email ID.
The system shall include the clients RSVP data for the
seminar.
The system shall require Activity ID
The system shall need Client ID
14. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 14
The system requires Login Id and password data from
the login database.
5.3 Behavioral Requirements The system shall evaluate data from the client
database.
The feedback system will compare all the data
gathered from the system with the databases.
After validation of login details the seminars/ activity
list is displayed for the client.
5.4 Business Intelligence The system should evaluate the RSVP rate of the client
per activity and provide with RSVP rate.
The system will display the list of seminars based on
the alerts acquired from the alert system.
5.5 Error Handling The system will not display the list of activities of
seminars if the login credentials are not correctly
validated.
The feedback form will not be accepted if all the
required fields are not filled completely.
5.6 Notification The feedback system will notify the client about the
pending feedback form.
5.7 Reporting The feedback forms are submitted to the wellness department
and saved in a database.
15. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 15
Use Case 6: Display Seminars & feedback forms for online initiatives
Requirements
Type Description
6.1 Data Requirement The system requires the feedback form for the activity to be
submitted. This requires the following data:
Feedback form ID
Activity ID
6.2 Functional Requirements The system shall gather the reports and feedback from
the client such as health metrics post seminar and
overall rating for the seminar.
The system shall analyze the reports and feedback and
send the report to the wellness department for further
critique before the final reporting.
The system shall generate a dashboard to visualize
customers’ attendance and health improvement in
terms health of health metrics
The system will send out a thank you email to the
client after the report is successfully sent out.
6.3 Behavioral Requirements The system shall evaluate the reports submitted by the
clients.
The system shall report the evaluation to the wellness
department.
16. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 16
6.4 Business Intelligence
Requirements
The system will analyze the feedback before uploading
the report on the dashboard.
This will analyze the success of the wellness activities.
6.5 Reporting The system will send out the reports and individual feedback
to the wellness department.
Use Case 7: Gather Tracking & Feedback Data
Requirements
Type Description
7.1 Data Requirements The system will have the following data and business intelligence
requirements after feedback:
Employee ID
Activity ID
Feedback ID
Wellness Instructor ID
Feedback forms
Survey forms
Attendance data
Healthcare Applications Data
Value based care data
Patient Engagement data
Data from other initiatives
17. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 17
7.2 Functional Requirements -The system shall access information such as name, frequency of
using app, policy number, client ID from healthcare applications
used by the customer
- The system shall access information such as historical health
metrics such as weight, height, mental stress levels, cholesterol,
blood pressure etc. from medical information tracking system
before the wellness activity
- The system shall access information such as historical health
metrics such as weight, height, mental stress levels, cholesterol,
blood pressure etc. from medical information tracking system
after the wellness activity
- The system shall send attendee’s customer ID to compile
reports and evaluate subsystem
- The system shall send attendee name to compile reports and
evaluation subsystem
- The system shall send activity ID to compile reports and
evaluation subsystem
- The system shall send Wellness Instructor ID to compile reports
and evaluation subsystem
- The system shall send Feedback forms data to compile reports
and evaluation subsystem
- The system shall send survey forms to compile reports and
evaluation subsystem
18. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 18
- The system shall send attendance data to compile reports and
evaluation subsystem
7.3 Behavioral Requirements - The system shall retrieve data from medical information
tracking system for existing employees
- The system shall retrieve data from healthcare applications
only if the employee is an application user for the wellness
activity
- The system shall retrieve data from feedback forms only if
feedback is provided by the employee
Use Case 8: Compile & Evaluate Tracker Data
Requirements
Type Description
8.1 Data Requirements Feedback Pool department compiles feedback data from wellness
activities; as well as value based and patient engagement data
from other SICG systems. The feedback pool system shall gather
the following data:
- Patient ID
- Activity ID
- Feedback ID
- Wellness Instructor ID
- Attendance data
- Feedback forms
19. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 19
- Survey forms
- Wellness Tracker Apps
- Value-based care data
- Patient Engagement Data
- Data from other initiatives
8.2 Functional Requirements - The feedback system shall transfer the compiled feedback data
to the evaluation system after generating unique IDs
- The system shall include feedback ID
- The system shall include the ID of the wellness activity
- The system shall evaluate pre and post activity data from tracker
apps
- The system shall evaluate data such as satisfaction in terms of
health metric improvement (for example: improvement in
cholesterol) from the value based care system.
- The system shall evaluate data such as wellness activity team
performance each week (for example: minutes of running per
team) from the patient engagement tracker system
8.3 Behavioral Requirements - The feedback pool system shall make a compilation of all activity
data
- The Evaluation system shall perform comparison data to evaluate
pre and post activity results
8.4 Business Intelligence - The system shall evaluate information regarding the enrollment
rate of patient per activity
20. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 20
- The system shall evaluate information regarding the attendance
rate per activity to determine patient participation
- The system shall evaluate information from survey and feedback
forms to determine satisfaction rate
- The system shall evaluate information from wellness tracker
apps to determine patient engagement level
- The system shall evaluate by comparison of the data from
patient engagement tracker system with that of the wellness
tracker apps
8.5 Error Handling The system shall display an error message if a feedback document
from the feedback pool has incomplete data
The system shall display an error message if files received from the
feedback pool system are empty
8.6 Notification The feedback pool system shall trigger a notification message to
the evaluation team whenever a new feedback pool of data has
been compiled
8.7 Reporting The evaluation system shall generate a report on wellness activity
success, patient engagement and satisfaction rates.
21. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 21
Use Case 9: Document & Send Evaluation Report
Requirements
Type Description
9.1 Data Requirement After Evaluation of initiatives has been completed,
evaluation reports will be documented. The system shall
have the following data requirement:
- Activity ID
- Patient ID
- Program Evaluation ID
- Program Evaluation Result
- Program Evaluation Feedback
9.2 Functional Requirement - The system shall create documented reports for all
evaluation reports
- The system shall create a dashboard to give a quick
view/display of activity progress
- The system shall generate pictorial representation of
reports in form of graphs and charts
- The system shall send out evaluation reports to the
general SICG database
- The system shall send out comprehensive patient
engagement and progress report to the university
9.3 Behavioral Requirement - The system shall respond to requests for evaluation
reports
22. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 22
- The system shall document every evaluation.
9.4 Business Intelligence Requirement The system shall generate progress report for each
tracker ID
The system shall have filter functions to perform BI
generated reports
9.5 Reporting The system shall send out the evaluation results to the
SICG database
Maintenance Requirements
Following are the Maintenance requirements for the system:
- The system shall able to store health metrics which are 3 years older or less
- The system shall allow deleting the health records i.e. health metrics which are 3 years old
- The system shall maintain proper customer records in order to send notifications to proper customers
- The shall allow the customer to unregister themselves for a wellness activity if not able to attend
- The system shall maintain multiple medical records for the same employee at different instances of
time
- The system shall allow administrator to delete old wellness activities from the system, so that it does
not remain still on the website and healthcare Apps
- The system shall track data from related healthcare applications based on the wellness activity
attended by the employee
- The system shall allow tracking of multiple medical records for the same employee
23. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 23
- The system shall allow multiple instances of recorded data for each activity attended by an employee
- The system shall track metrics defined by the wellness activity planner or partner for evaluating
employee satisfaction and success
- The system shall maintain confidentiality of all feedback and medical data of the employee
- The system shall allow only users qualified as administrators to view employee activity attendance
Risk Analysis- Response Table
Risk
ID
Requirement Risk Response/Mitigation
1 The system shall provide a
login page with User id
and password
The system does not
validate the login
credentials
The client forgets the login
credentials
Add code to validate match of
user ID and
Password provided by the user
Add code to auto-generate
secure pin to
user mail account to reset
password
2 The system shall ask the
User to either click new
user or existing user
The system does not
respond with the invalid
prompt
Include triggers in code to
throw error messages
3 The system shall provide
form to fill in profile
information of the client
The admin may misuse this
data for personal gain
Add code to track the adminID
of the person accessing patient
details
24. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 24
4 The system shall provide
dropdown’s to select the
relevant patient
information
The dropdowns may have
missing options or incorrect
options leading to incorrect
information
Design system so that
dropdowns are enabled based
on the patient profile and
health data
5 The system shall retrieve
that specific patient’s
profile to be displayed on
the screen
The admin can pass on
patient information to
outsiders
Add code to track the adminID
of the person accessing patient
details
6 The system shall display
the health records of the
patient
The system may display
outdated health information
of the client
Add code to auto refresh the
cache of the health information
records
7 The system shall provide a
medical history page
The system may display
outdated or incorrect health
history of the client
Add code to refresh the cache
of health records while loading
the home page
8 The system shall ask the
User to select the time
period for which he/she
needs the medical data
The system may have invalid
time periods for the user
Design the system to display
the time period based on the
first user activity in the
wellness programs
9 If new user, the system
shall display the message
to show no data available
They system may let the
user access wrong data
Add code to verify the
correctness of the data with
external db
25. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 25
10 If existing user, the system
shall allow the user to
select the health
parameter from the drop
down box
The system may list
irrelevant health parameters
for the patient
Add code to fetch relevant
parameters based on the user
profile and plan
11 The system shall display
the health records of the
patient
The system may display
outdated health records for
the patient
Add code to verify the
timestamp of the health
records to display the latest
information
12 The system shall allow the
user to register for a
wellness activity
Risk of customer registering
for wrong wellness activity
The user interface of the
system needs to be made
better in order to make it easy
for the customers
13 The system shall secure
the critical health records
of the patient/ customer
Risk of critical medical
information being leaked
Data privacy needs to be very
high. System Security
algorithms need to be
implemented
14 The system shall allow the
user to register for a
wellness activity
Risk of customer registering
for an event that is not
allowed form him/her
The medical records need to be
up to date
15 The system shall allow the
user to browse the
activities efficiently
Risk of customer having
difficulty in finding the
desired wellness activity
The activities need to be
present in a structured order
on the website
26. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 26
16 The system shall allow the
user to register for a
wellness activity
Risk of customer not being
able to RSVP
The RSVP button must function
properly. Needs to be tested by
the testing team.
17 The system shall send
notification to the
customers regarding the
new wellness activities
plan
Risk of final plans not
reaching the customer
The database needs to be
updated for registered
customers. If the database is
not updated properly then the
risk persists
18 The system shall allow the
user to register for a
wellness activity
Risk of customer registering
for wrong wellness activity
The user interface of the
system needs to be made
better in order to make it easy
for the customers. The system
shall allow the user to
unregister for wrong event
then register for correct event.
19 The system shall allow the Risk of customer having
difficulty in finding the
desired wellness activity
The activities need to be
present in a structured order
on the website
20 The system shall send final
plans to the customers
who Registered for the
wellness activities.
Risk of final plans not
reaching the customer
The database needs to be
updated for registered
customers. If the database is
not updated properly then the
risk persists
27. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 27
21 The client fills the feedback
form for the activity he
attended.
The client may not fill the
form and ignore it.
The system does not record the
feedback till the client doesn’t
submit the form. The feedback
form is sent in maximum of
three times.
22 The client fills the form and
submits the form to the
system.
The file transferred contains
incomplete data.
The system performs a
mandatory check on the form
after the client hits the submit
button.
23 The system displays a list
of activities for the clients.
The list is incomplete, and
has wrong data.
The system has to be manually
updated by the web developer.
24 The system will evaluate
the feedback given by the
client using analytics.
The analytics may not be
right as the client may have
given random responses and
it might not be genuine.
The system cannot do anything
about the responses of the
client. So nothing can be done
to eliminate the risks.
25 The evaluation report is
sent back to the wellness
department.
The evaluation report may
have incomplete data about
the analysis.
The system has to check the file
before uploading it on the
dashboard and sending it to the
wellness department.
26 The feedback system shall
transfer the compiled
feedback data to the
The content of the
transferred file is
incomplete
The system shall perform a
quick check for mandatory
columns to ensure they are
populated, and if they are not,
28. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 28
evaluation system after
generating unique IDs
the system shall display an
error message.
27 The evaluation system
shall include feedback ID
The feedback ID is not
included in the compiled
data file
The system shall send a request
for the feedback ID
28 The evaluation system
shall include the ID of the
wellness activity
The ID of one or more
wellness activity is omitted
in the compiled data file
The system shall send a request
for the missing activity ID
29 The evaluation system
shall evaluate data from
feedback forms
Some feedback forms might
have missing data
The evaluation system shall
send a notice to the feedback
system about missing data
30 The evaluation system
shall require patient’s pre
wellness activity data
Pre-wellness activity data
might not be up to date
The system shall perform a
date range check
31 The system shall evaluate
pre and post activity data
from tracker apps
Some pre or post activity
data might be missing or
incomplete
The evaluation system shall
send a notification to the
feedback pool system about
missing data
32 The system shall evaluate
data from the value based
care system
Value based data might be
outdated
The system shall perform a
date range check
33 The system shall evaluate
data from the patient
Patient engagement tracker
data might not be up to date
The system shall perform a
date range check
29. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 29
engagement tracker
system
34 The system shall create
documented reports for
all evaluated reports
Some evaluated reports
might be omitted and not
get documented
The system does a check for
number of evaluated reports
versus number of documented
report
35 The system shall create a
dashboard to give a quick
view/display of activity
progress
Update to dashboard might
not be frequent hence
outdated information might
get displayed
The system ensures that a time
stamp and date is clearly
displayed after every
dashboard update
36 The system shall generate
pictorial representation of
reports in form of graphs
and charts
Generated graphs and/or
charts might not display
data for all key evaluated
results
The system shall present a
priority check list to display key
results on first reports page,
with option to view other
reports with less priority
37 The system shall send out
evaluation reports to the
general SICG database
The report documented file
might get corrupted
The system shall send out a
notification about possible
upload of corrupted file
38 The system shall send out
comprehensive patient
engagement and progress
report to the university
Confidential information
might be leaked
The system shall have a
designated email address with
different access code through
which evaluated reports can be
sent and accessed.
30. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 30
Risk Response/Mitigation Requirements
Following are the requirements risk assessment as per the risk response table:
The system shall be designed to validate match of user ID and Password provided by the user to
validate login credentials
The shall be designed to auto-generate secure pin to user mail account to reset password if the
user forgets the password
The system shall include triggers in code to throw error messages in case the system does not
prompt invalid login
The system shall be designed in such a way that dropdowns are enabled based on the patient
profile and health data
The system shall be coded to track the adminID of the person accessing patient details so that
details are not leaked
The system shall be designed such that it displays the time period based on the first user activity
in the wellness programs in order to avoid invalid time periods for the user
The system shall be designed verify the correctness of the data with external database so that
new user does not access wrong information
The system shall be designed to fetch relevant parameters based on the user profile and plan
The system shall have a good user interface in order to make it easy for the customers so that
they do not register for wrong wellness activity
The system shall have data privacy in place and also system security algorithms need to be
implemented
The system shall have up to date medical records so that a forbidden user does not register for a
wellness activity
31. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 31
The system shall have the activities to be present in a structured order on the website so the
user don’t face difficulty in finding desired activity
The Registration button must function properly and needs to be tested by the testing team
regularly so that customers can register for wellness activities
The system shall not allow the user to register for next wellness activity unless he/she provides
feedback for previous wellness activity
The system shall differentiate between new and existing users
The system shall differentiate between new and existing users
The system shall differentiate between users who use healthcare applications
The system shall identify users who did not provide feedback
The system shall notify wellness partners of scheduled wellness activities
The system shall suggest wellness partners to input precise metrics for the activity
The system shall enforce validation rules to ensure complete feedback data
Key Risk Indicators (KRI)
Risk Key Risk Indicators Impact Level
The system does not validate
the login credentials
No of errors in entries made in
the system
High
The system does not respond
with the invalid prompt
No of times the customer tries to
raise the issue with the customer
care
Low
The admin may misuse this data
for personal gain
No of complaints made by the
user
High
32. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 32
The dropdowns may have
missing options or incorrect
options leading to incorrect
information
No of times incorrect query is
processed by the system
Medium
The admin can pass on patient
information to outsiders
No of complaints made by the
user
High
The system may display
outdated health information of
the client
No of times the user clicks the
update medical information
button
Medium
The system may display
incorrect options for the client
to view the medical information
Average number of times,
incorrect options were loaded
Medium
Risk of customer registering for
wrong wellness activity
Constantly changing of RSVP for
events. Complaints on the call
center
High
Risk of critical medical
information being leaked
Cyber Attack on the system.
Unauthorized user trying to get
into the system
High
Risk of data not being able to be
updated correctly in the
database
No notifications reaching
customers.
High
33. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 33
Risk of customer registering for
an event that is not allowed
form him/her
Customers attending wellness
activities who are not allowed to
attend
Medium
Risk of customer having
difficulty in finding the desired
wellness activity
Customer complaints on the call
center or email complaints
Low
Risk of customer not being able
to RSVP
Customer complaints on the call
center or email complaints
Medium
Risk of final plans not reaching
the customer
Customer complaints on the call
center or email complaints
Medium
The file transferred is incomplete Number of complaints for
incomplete content per feedback
ID
High
The feedback ID is not included
in the file
Number of times missing
feedback IDs occur per generated
evaluation ID
High
The ID of one or more wellness
activity is omitted in the
compiled data file
Number of times missing wellness
activity IDs are omitted per
feedback ID
High
Some feedback forms might
have missing data
percentage of feedback forms
with missing data
Medium
Seminar data might not be up to
date
Number of times the data had
error
Low
34. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 34
Login credentials entered are
incorrect
Number of times the credentials
entered are wrong
High
The content of the transferred
file is incomplete
Number of complaints for
incomplete content per feedback
ID
High
The feedback ID is not included
in the compiled data file
Number of times missing
feedback IDs occur per generated
evaluation ID
High
The ID of one or more wellness
activity is omitted in the
compiled data file
Number of times missing
wellness activity IDs are omitted
per feedback ID
High
Some feedback forms might
have missing data
Bi-weekly percentage of feedback
forms with missing data
Medium
Pre-wellness activity data might
not be up to date
Number of times date range
check was performed
low
Some pre or post activity data
might be missing or incomplete
Number of notifications sent out
for incomplete data
High
Value based data might be
outdated
Average number of times
outdated data was presented
low
Patient engagement tracker
data might not be up to date
Average number of times
outdated data was presented
low
35. HEALTHCARE SELF INSURANCE CONSULTING GROUP
JASH MEHTA 35
Transition Requirements
- The system shall have servers to store the databases in order to replace excel sheets
- The system shall have high network bandwidth for passing data from one system to another
- The system shall have high network bandwidth to send notifications to all customers in order to
replace email communication
- The system shall have data centers to store historical medical health history in order replace
excel sheets and paper records
- The system shall have centralized database for tracking attendance of the customer to replace
the paper attendance and excel attendance
- The system shall have centralized database for medical health metrics which can be used to
compare with historical medical health