ABSTRACT
Healthcare information systems projects are looked at as a set of activities that are done only once and in a finite timeframe. Because of this self-limiting impact-time, organizations very seldom analyze and make risk management a key component of the project plan. As a result, risk is relegated as a part of doing business and not something that can be controlled. Risk identification is the process of documenting potential problem areas, assigning a factor of probability and a factor of consequence to the issue. Risk management is the process of monitoring for the occurrence of a risk event and mitigating the impact. In general, risks in healthcare information technology (IT) projects can be found in a few major categories. Risk begins with the project ownership (or lack of ownership!) and follows with events occurring in planning, contracting, procurement, resource management, scheduling, quality assurance, deliverables, and communications.
