QA

RISK & OPPORTUNITY ASSESSMENT WORKSHEET

For Fiscal Year 2023 – 2024
Revision 00 (NOVEMBER 2023)

Interested Parties Needs and Expectations of

Risk Impact Opportunities P I C RR
Internal Interested Parties
Compliance with all regulatory Lack of Policies and privacy Significant data security
Top Management 2 3 3 18
requirements requirements incident

Updated and monitored Internal

Controls

Updated Policies and Procedures

Finance Establish good budget plan QA activities Inappropriate budget allocation Lack of or no available fund 1 2 1 2

Increase risks in data 6

Provide HR quality controls and
HRD No DP training program breaches 2 3 1 apw
managment
pls

6
Aligned privacy guidelines on Increase privacy risks for
ITS Unclear guidelines for technical security 2 3 1 apw
Technical Security Controls electronic data
pls

Immediate report of repair or Increase physical security

PROPERTY Unfamiliar to reportable cases 1 2 1 2
maintenance of facilities and equipments risks

Violation to IC regulations-
put here end result of this
IPC Follow ICN advisory and regulations Unaware of the issuances 1 2 1 2
Complaints or may cause
delay of service

Serious cost of violation for

Proper privacy guidelines for collection Uncoordinated new rules for disposal of improper disposalput here
Housekeeping 2 3 1 6
and disposal of shredded materials documents end result of this
Legal issue or fines
 QA
RISK & OPPORTUNITY ASSESSMENT WORKSHEET
For Fiscal Year 2023 – 2024
Revision 00 (NOVEMBER 2023)

No orientation/communication for new Increase risk for security

Communicate new guidelines for
Security rules measures 2 2 2 8
responding to security incident report
Complaints

Provide privacy awareness materials,

notification and consent– is this the
expectation of interested party from
DPO?
Unaware staff of new guidelines for data
puthere expectation of interested party 12
INDUSTRIAL/HMO/ processing Increase risk to data privacy
(Industrial/HMO/ODS/Marketing) FROM 2 3 2 apw
ODS/MARKETING DPO
Unaware of new guidelines for data breach
pls
processing
Provide data privacy policy related to
outpatient and third party data
processing

Provide privacy awareness materials,

notification and consent?? – put here Unaware staff of new guidelines for data
6
expectation of interested party FROM processing Increase risk to data privacy
Admitting Section 2 3 1 apw
DPO Unaware of new guidelines for data breach pls
Provide privacy policy related to data processing
processing during admission

Align privacy policy to MRS Records

Un-reviewed MRS data processing 6
management ??? Increase risk to data privacy
Records Section Poorly designed privacy policy for 2 3 1 apw
Provide privacy policy for uses and breach pls
medical records transactions
disclosure of medical records

6
Conduct privacy awareness in billing No data privacy orientation program for Unauthorized disclosure of
Billing Section 2 3 1 apw
activities staff billing records pls
 QA
RISK & OPPORTUNITY ASSESSMENT WORKSHEET
For Fiscal Year 2023 – 2024
Revision 00 (NOVEMBER 2023)
Provide privacy policy in sharing
data for e-claims and transmitting
Unaware of data sharing protection
procedures?? – put here
rules Increase risk to data privacy
HB Section expectation of interested party 2 3 1 46
No data privacy orientation breach
FROM DPO
program for staff
Provide privacy awareness for HB
data processing

No coordination with Training Increase risk to data privacy

Nursing Dept. Provide Privacy Awareness Training 2 3 1 6
Officer breach

Communicate guidelines in Increase risk to data privacy

Absence of guidelines for data
responding to data privacy inquiries breach 23 2 2 812
privacy concerns
and breach reporting system Complaints

Interested Parties Needs and Expectations of

Risk Impact Opportunities P I C RR
External interested parties
Venue for data privacy No system for data privacy
Patients/Relatives Customer complaint 3 2 2 12
complaints/matters complaints/matters

Attending Increase risk for data 6 apw

Furnish data privacy policies Uncoordinated privacy policies 2 3 1
Physicians breach/violation pls

Complied to Data Privacy

Requirements – put here
Lack of data privacy/sharing
Vendors/Service expectation of interested party
agreements 9 apw
Provider/Third from DPO Data privacy breach/violation 1 3 3
No data privacy policy for third pls
party Awareness of data privacy
Parties
guidelines and requirements for
third parties

REGULATING
BODIES

No monitoring for renewal of

NPC Renewal of DPS registration Compliance checks 1 3 1 3
registration

Submit annual report and

mandatory notification Compliance checks/legal 3 apw
No system of reporting 1 3 1
Timely submission of annual report penalties pls
and mandatory notification
 QA
RISK & OPPORTUNITY ASSESSMENT WORKSHEET
For Fiscal Year 2023 – 2024
Revision 00 (NOVEMBER 2023)

(Legend: P – Probability; I –Impact; C – Control; RR – Risk Rating)

Prepared by: Lelette S. Capinpin Reviewed by: Roy Gutierrez Approved by: Roy Gutierrez
Name/Signature Name/Signature Name/Signature