In order to align our strategic direction with the forward-thinking processes of eHealth we have examined the risks associated with the development of a clinical information system. Although electronic documentation is very beneficial in many aspects, there are also risks that will require consideration and have the potential to impede the implementation of computerized documentation systems. It is expected that a certain amount of risk is necessary to mobilize a plan with this type of this magnitude. In order to successfully implement this project, we will need to carefully calculate the risks and plan proactively.
As part of the risk assessment we are considering the following as a list of the potential risks we may encounter:
An improper launch will impede a smooth transition.
A lack of structure and change management strategy may result in scope creep and/or inefficient handling of changes with potential negative impact on the system.
The current system may require updating or has components which are incompatible.
The time required to complete tasks could be underestimated or not properly monitored.
Project costs may not be effectively managed which may lead to budget over-runs.
Project risks may not be identified early enough in the project or they are not proactively monitored.
Information is not shared or communicated effectively which may result in inefficient implementation and frustrated team members, and lack of coordination amongst teams.
Poorly designed roles may result in undue access for some users and inappropriate access to sensitive functions and patient data (i.e. PHI).
Inadequate protection and security could result in privacy invasion.
Potential patient safety risks caused by inaccurate data or uncontrolled clinical processes and work flows.
Potential for lost revenue and compliance issues due to data errors, and poorly designed business and clinical processes.
Poorly defined interfaces could delay care delivery and recording of clinical results and exposing patient data to unauthorized access or modification.
Erroneous or inaccurate data which may result from lack of interface monitoring and/or data reconciliation procedures.
Project team members retain same access after rolling off the project and lead to a high number of super users in production
Risk Item Risk Rating Impact Risk Treatment Rationale
High Very High Transfer PHI is the most critical aspect of the CIS. Breaches and leaks can have catastrophic impacts on programs. Both risk and impact are extremely critical
Budget Overrun Low Low Mitigate
Sticking to a budget is an important aspect of any project however, the impact is low because there is no personal risk involved
System Compatibility High Low Mitigate
System incompatibility can cause a host of issues that can include data errors, outages, breaches etc. that are potentially catastrophic for patient care. With proper care these can be easily adverted.
Network Capacity Medium Medium Mitigate
Network Capacity can cause network failures and crashes which can adversely impact client care. The network requires moderate monitoring to ensure its functionality.
Inadequate Training Medium High Avoid
Inadequate training and lack of knowledge can contribute to poor patient care by increased data issues, staff frustration, efficient use of time and reduced return of investment. The impact is high because the result is reducing quality of care
Data Security- The strategy for data security would be to outsource. Set up alerts and monitoring systems which allow for proactive approach. Review which cost-effective measures will best suit your needs.
Budget over-run Strategies will include budget forecasting, monitoring and tracking. Possible solutions if the project has gone above as projected could be to reassign resources to a lower cost resource or reduce the project scope. Another possibility could be to canvass additional funding sources.
System Compatibility System compatibility is part of the early stages planning process. Upgrade or replace obsolete systems within budget constraints. Ongoing monitoring and upgrades will assist with mitigating risks after implementation.
Network Capacity- Assess and upgrade current network within budget constraint, as well as ongoing monitoring and maintenance.
Inadequate Training- Arrange more training from vendor and provide more on-site and online assistance.
Healthcare organizations can mitigate risk by communication, adequate preparation, being involved in every step and being proactive. Proper planning includes financial preparedness, additional training from vendor, developing policies and procedures that address emerging issues, gaining familiarity with the system and metadata, and both the electronic and printed format of records.
The implementation of a major project such as a Clinical Information System is not without challenge. It is a major financial cost to the overall program. Research and planning are the initial cost in developing a sound and well thought out transition. Ongoing maintenance and monitoring are required to manage risk. Financial considerations are potentially new network, hardware, updated computers, scanners, software, licensing not to mention a team with the capability to hook all this up and maintain it. There will be additional cost in training individuals to use this system and its components and perhaps additional hiring required for a newly required IT department and more HIM qualified staff.
Although there is a great deal to consider, the work is rewarded with a strong collaborative system with the care of our patients at the forefront. Calculated risks are a necessary part of growth and development. With careful consideration of the potential and perceived risks and a proactive, forward thinking approach, our company will be successfully aligned to manage risks and continue to provide the high-quality care our patients have come to know expect from our company.