The Project Management Body of Knowledge (PMBOK) defines risk as an uncertain event or condition. If it occurs, it may have a positive or negative impact on the project or product being developed. Organizations perceive risk differently, either they are risk adverse or risk attuned. So, how does Health IT fall into all of this?
Health IT, by a complexbeast to tackle, it not only requires a high degree of technical skill, but also a good handle on policies and laws in place to ensure technology developed is compliant. in Health IT projects is not just at the product level, but often involves or impacts many stakeholders. Ensuring that the project takes maximum advantage of those risks which may have a positive impact while mitigating those risks which will have a negative impact is important in a complex Health IT project. I would like to call out three main factors when it comes to Health IT project risks: a project manager must plan risk management (as the PMBOK says), capture and monitor risks, and communicate risks to stakeholders.
Planning how to perform risk management is important, consistency must be maintained throughout the project to ensure risks are captured, managed, monitored, and updated in a coherent manner. These ideas must be enforced throughout the project, and documented in the risk management plan. Brainstorming sessions, interviews, etc. must be captured. With all the Health IT policies and technologies floating around, having a good, consistent way to tackle hurtles presented by risks is key to success.
Capturing and monitoring risks allows for a project manager or project team member to capture project risks found, update those existing risks, and provide a risk strategy. Many times, risks are captured in a Risk Register, a centralized area where all risk information is captured. Risks may have Probability / Impact analysis, Qualitative and Quantitative analysis performed on them as well. Risks must also be version controlled, when a risk is updated, changes must be captured. This is not only true for Health IT projects, but any projects.
Finally, risk communication is key to project success, what good is a risk register if no one can access it? Doctors, nurses, billing specialists, etc. must understand risks and weigh in, as they will be the main users of these systems. If these are mission critical systems, regular meetings with stakeholders is important, and risks should be communicated up and handed. With the Healthcare.gov project, many times risks were not communicated properly, and we saw where that landed.
Health IT Project Risk Management is an important aspect to managing a Health IT project, made more important by the growing complexity of implementing a healthcare system.
Be sure to check out our seminar co-hosted with the PMIWDC chapter to learn more about Project Management and Health IT: https://www.pmiwdc.org/2014/05/educational-seminars