To Improve Your Grade We Always Ready To Help You

  • 60,000+ Completed Assignments

  • 3000+ PhD Experts

  • 100+ Subjects

Risk Management in Project Data Management


Discuss about the Risk Management in Project Data Management.



A hospital is a complex organizational entity which has both in-patients as well as out-patients availing the healthcare services under a single roof[1]. There is a large number of patient’s medical data generated every day at the hospital. It is also essential to maintain the medical history of a patient. This is required for the convenience of the clinicians and the smooth flow of the medical treatment. The medical history of a patient usually includes graphical representations, images, charts and the physician notes for reference. There is a great degree of data variations, which makes it a challenging task for the health care entities to store such diverse data. Hospitals need to store the medial data of their in-patients since the medical treatment is based on the statistics and the figures. It is important for the hospitals to implement an effective as well as versatile “in-patient data storing system” which would be satisfy their needs[2]. This report identifies a potential risk that may occur during the project life cycle of “implementation of in-patient data storing system”. Based on the identified problems, a risk management plan is formulated which would effectively address the issue. The risk management plan would be in accordance to the principles formulated by ISO 31000:2009.

Concept of Data Storage System in Hospitals

One of the most significant functions of a hospital is the proper storage and timely retrieval of the medical information of the patients. There is also a need to store the hospital related information of the patients. The hospital must assess the kind of information that needs to be stored such as patient data, medial data, various images (pertaining to X-ray, CT scan, MRI and USG) and clinician’s information[3]. This would determine the type of storage options that would be best suited for the organization. The hospital must take care of the security as well as data privacy requirements of the sensitive medical information. It should follow the “HIPAA” (“Health Insurance Portability and Accountability Act 1996”) guidelines for ensuring the privacy and confidentiality of the patient data[4]. It is also important to ensure a smooth data flow across the various hospital entities so that the crucial information can be retrieved whenever necessary. The implementation of a new data storage option would require smooth integration with the existing Hospital Information System (HIS). It also requires training of the clinicians, paramedics, nurses and all other related stakeholders who would be operating the data storage either directly or directly. The Medical Records Department (MRD) is a key department in hospital which takes care of the maintenance of the medical records of the patients in a professional manner following all the concerned legislations[5]. This department performs important jobs such as diagnosis, transcription, coding and the storage of the medical information. The MRD previously was engaged in physical maintenance of the records, however, in this modern age, the department engages in electronic storage of the medical records.

Need of Data Storage

The health care data storage is a complex entity that requires expertise as well as skills. The hospital witnesses a high degree of complicated surgeries in a typical day. This requires the availability of medical data of the patients whenever needed by the surgeons. The non-availability of the relevant data can put the life of the patient at stake[6]. For example, if there is unavailability of the digital images of a specific organ of the patient during a vital surgery, it may create huge problem for the surgeon. If the data is present, but cannot be retrieved by the clinician when needed, then the concerned patient may die. Hence, it is important that the digital systems containing vital records of the patients should be secure and readily accessible. This is the reason that the healthcare IT professionals need to ensure the smooth functioning of the Healthcare IT systems which would enhance the quality of the medical treatment[7]. The clinicians can concentrate on the actual medical treatment of the patients rather than depending on the memory or paper based records that are often difficult to read.

Data Storage Tools in Hospitals

There are various alternatives of data storage used by the hospitals. The modern day technological advancements have made it easier for the hospitals to maintain the valuable data of the admitted patients. One of the most common data storage options is the implementation of the Electronic Health Record (EHR)[8]. The organizations are increasingly adopting the EHR framework for the ease of maintaining medical records. The other data storage tools include the Medical Archiving Systems, Email Archiving and others. These are important tools for business recovery or disaster recovery of important data. It is also important to take back ups of the crucial medical data. There is a proliferation of the cloud storage of patient’s data. It is also important to store the medical images of the patients which are generated during various diagnostic tests. A technology known as PACS (Picture Archiving and Communication Systems) is there which is used for the storage as well as retrieval of the medical illustrations[9].

This report would describe the implementation of a new “Electronic Health Record (EHR)” in the hospital. It would facilitate easy storage as well as retrieval of the patient information which is useful for the health care providers during the hospitalization of the patients. The “clinical decision support” tools help the clinicians to a great extent by providing safe and effective information[10].

Potential Risk

The implementation of the Electronic Health Record (EHR) involves serious implications. One of the major issues concerns with the “functionality and interoperability” of the new data storage systems. The degree of functionality varies with the individual data storage systems[11]. There can be issues with the data entry into the new software. It may be difficult to enter correct data in the system. There may be problems regarding the occurrence of duplicate entries. The new system may be prone to lags or malware attack. It may consume considerable amount of time to switch between the departmental home pages. There can be other functionality issues such as lack of user friendly features, slow processing speed, limited capabilities and others.

The EHR may have serious interoperability issues[12]. It can be defined as the interconnections that are established between the various computer systems so that there is data exchange between the various systems. The data storage software may not integrate well with the other existing ‘Hospital Information System”. There may be “data lock” in certain instances and this would prevent the clinicians from accessing the vital data when required. The EHR systems may not export data to other system or incorporate data from the related sources. This would deteriorate the quality of the patient care records. The lack of integration can also be a challenge as the physicians would not be able to view them on a real time basis[13]. It would also be difficult for the concerned departments to gain access to the EHR. A hospital needs a high degree of coordination and team work in order to deliver premium quality of health care. This requires a high degree of integration among the IT systems used by the key stakeholders. These issues may hamper the true purpose of the EHR and impact the workflow efficiency in the least possible way.

System Boundaries for EHR

It is important to define the system boundaries for the new EHR project. This would involve the approximate size of the project and all the activities that would be taken care by the project management team. It is also a good idea to mention the areas or the activities that would be excluded in the project. The EHR project management would commence with the process of “requirement gathering” and end at the project deployment stage (Go Live)[14]. There are a number of activities that needs to be undertaken during the tenure of the project. The requirement gathering process is important for knowing the exact requirements of the hospital regarding the data storage options. The project also needs attention on matters such as budgeting, information technology management, business change, privacy of the data, smooth communications, data migration techniques, training and reporting of the project status[15]. There would be different stages of the project management such as engagement, assessment, preparation, planning, deployment and post-implementation phase. There are other key indicators that need to be addressed such as system performance, agreements, contracts, information protection, stakeholder relations, adoption, use of information and data quality. It is important to implement innovative features in the proposed EHR which would fulfill the needs of the clinicians in a better manner.

Alternatives for Risk Management

The identified risk should be considered as a high priority area which needs the attention of the project managers. The risks may hamper the goals of the project by introducing elements of uncertainty. There are several alternative risk management techniques which can be used in reducing the risk incidences of the EHR project implementation[16]. This is done in order to foster communication among the team and establishing the context of the risk mitigation. It is important to identify, analyze and evaluate the risk factors associated with the EHR projects. There is a need of risk transfer to an independent third party for better risk mitigation. One of the most common options is outsourcing of the EHR system. A dummy EHR system should be established during the initial phases of the implementation process which may be used for evaluative purpose. In the event that the EHR software is outsourced from a third party organization, it is essential to check the interoperability options prior to the implementation. This may require paramedics involvement. The hospital administrator must also be kept in loop for the purpose of effectively evaluating the new system. A risk score should be made which is based on the severity and the probability of the risk[17]. It should measure the nature of the risk and the degree of impact on the overall organizational operations. The information technology processes of the organization should be analyzed well before actually implementing the EHR system. The vendor from whom the procurement of the EHR has been done needs to be made aware of the IT framework of the organization. This is the most effective measure to combat the issue of interoperability of the EHR systems in the organization. It is important to brainstorm for getting ideas regarding the risk management techniques.

Risk Tolerability Criteria

The risk management team should adopt all measures to identify the intensity of the risks associated with the EHR projects. It is also important to identify the tolerable risk criteria that can be adopted for this project[18]. It gives an idea if the concerned risk is low enough so that the project team can proceed with it.

Tolerability of Risk Framework

Fig: Tolerability of Risk Framework

Source: ([19]) 

A risk tolerability framework needs to be prepared which can be defined into three broad regions. It is illustrated in the above diagram. This would give an understanding of the various tolerance levels of the risks associated with the EHR project. The inverted pyramid gives a representation of the three regions such as unacceptable region, ALARP region (which is tolerable) and the “broadly acceptable region”. The project team should concentrate on the middle band that shows the tolerable risk factors in the EHR project[20]. If there are interoperability issues that can be solved during the later stages of the project implementation, then this risk can be undertaken. These risks require the application of the risk reduction measures. If the issues of the functionality can be solved by subsequent measures, then this risk can also be tolerated. For example, during the initial phases of the EHR project implementation, the clinicians may not be familiar with the new system. This may require more time of the clinicians to complete a particular task. This issue is not related with the EHR system infrastructure and can be solved if the clinicians are provided with adequate training. The clinicians and the other key stakeholders of the project must be provided adequate amount of training so that they can efficiently handle the EHR system.

Risk Management Plan

The risk management plan is one of the most important parts of project management. It is one of the proactive steps to successfully manage the probable risks associated with an EHR project. A risk management plan can be defined as a document that foresees the risks associated with a project[21]. It measures the estimated impacts of the risks and the suitable responses for the same. In this report, the risk of “interoperability and functionality” is identified. This is one of the serious risks associated with any software project. The ISO 31000:2009 has laid down several generic principles for effectively dealing with risk management. These principles can be applied to various activities during the project life cycle. The risk management plans must consider the specific characteristics of the organization where the implementation of the EHR projects is taking place. It is important to note down the structure, objectives, functions, processes and services of the particular organization. A risk assessment matrix can be prepared for understanding the nature of the risks.

It is important to maintain a risk register for the better management of the project risks. It is important to measure the likely threats of the EHR development project[22]. It must contain the description of the risk, recognition date, severity, probability of occurrence and others. The risk exposure and the loss size also need to be determined.

An EHR governance framework is the first step in the successful risk mitigation of EHR implementation project[23]. This requires collaborative approach to the decision making process concerning the “health system governance borders”. There is a need of application of a proven model of EHR. It is important to implement a formal integration structure of EHR with clear defined responsibilities of the team members. This is required for the better management of the health IT system. It would also foster the communication between multiple stakeholders working on the same EHR project. Special focus should be laid on the “longitudinal EHR governance” through the sustained EHR project administration. It is important to determine the accountability of each person involved in the implementation project. This is because the implementation would be successful only if there is full participation from all the team members. This would lead to the continuous improvement of the software quality. The future needs of the hospital and the information system should also be assessed for making provisions in the electronic records in case of future customizations. The project should consider the practical feasibility of the deliverables.

The second important activity of the risk mitigation plan is the involvement of the clinical staff in the process of EHR design and subsequent implementation[24]. It is important to engage the clinicians in the administrative functions of the EHR implementation process. Even if the EHR software is outsourced, then also it is essential to involve the physicians in the design and the development of the software. This would ensure a high degree of customization at the hospital level and at the software level. The involvement would reassure the physicians that their opinion is important regarding the development of the EHR solution.

The third measure towards reducing the risks associated with the EHR project is investment in in-depth training and development of the key stakeholders of the project. It is important to impart training to all the physicians, nurses, paramedics, technicians and administrative staffs for reducing the risks concerning with the EHR implementation. The risks concerning the functionality of the software can be highly reduced if the key stakeholders are well-acquainted with the new IT system[25]. The hospital must engage in virtual training sessions for educating the stakeholders located in remote locations.

The fourth activity involves the regular communication between the vendors, suppliers and the other key members associated with the software deployment process. The vendors have their unique way of prioritizing and categorizing the software events, which may be unfamiliar with others. This is one of the biggest reasons for interoperability issues. The transparent communication process regarding the progress of the project is effective for solving the problems associated with interoperability.

 Risk Management Plan

Fig: Risk Management Plan

Source: Created by Author 


The implementation of a new software project involves significant risks. It is important to formulate risk mitigation strategies for the purpose of effective implementation of the software project. There should be a dedicated patient portal in the EHR system that gives online access to the patients for checking their medical records. It is also important to connect the EHR to the ambulatory services so that the hospital authorities can access the data of the patients in real time. It is important to redesign as well as standardize the healthcare protocols like Six Sigma. It is also advisable to use EHR for the purpose of aggregating performance data. There should be involvement of the quality management leaders in reducing the risks associated with the EHR project implementation.


The management of a project determines the success or the failure of the software project. It is important to implement data storage options for managing the huge amount of data that generates in a hospital every day. The data storage options in a hospital are determined. An EHR project is selected for the purpose of implementation in the hospital. The potential risks associated with the project are determined. The identified risks include the interoperability and the functionality risks. The system boundaries for the EHR project is determined which gives an idea of the major inclusions of the project. The risk tolerability criteria are also defined which explains the degree of risks that are acceptable in the project lifecycle. A detailed risk management plan is formulated which addresses the risks involved with the project. This risk management guideline provides a real scenario of the associated risks with a software project (Electronic Health Record) and how to tackle them effectively. 


Achampong, E, "Electronic Health Record (EHR) and Cloud Security: The Current Issues". in IJ-CLOSER, 2, 2014.

Andretta, M, "Some Considerations on the Definition of Risk Based on Concepts of Systems Theory and Probability". in Risk Analysis, 34, 2013, 1184-1195.

 Baybutt, P, "Allocation of risk tolerance criteria". in Proc. Safety Prog., 33, 2013, 227-230.

Bova, C, D Drexler, & S Sullivan-Bolyai, "Reframing the Influence of the Health Insurance Portability and Accountability Act on Research". in Chest, 141, 2012, 782-786

Cagliano, A, S Grimaldi, & C Rafele, "Choosing project risk management techniques. A theoretical framework". in Journal of Risk Research, 18, 2014, 232-248.

Cantor, M & W Royce, "Economic Governance of Software Delivery". in IEEE Softw., 31, 2014, 54-61.

 Casey, M, I Moscovice, J Klingner, & S Prasad, "Rural Relevant Quality Measures for Critical Access Hospitals". in The Journal of Rural Health, 29, 2012, 159-171.

Chen, H, "An Information Security Risk Assessment Framework for Cloud Computing". inAMR, 756-759, 2013, 1469-1473.

Drira, W, É Renault, & D Zeghlache, "Design and Performance Evaluation of a System for Storing and Visualizing Data from a Sensor Network". in JACN, , 2013, 223-227.

Ghazisaeedi, M, N Mohammadzadeh, & R Safdari, "Electronic Health Record (EHR) As a Vehicle for Successful Health Care Best Practice". in Medical Archives, 68, 2014, 419.

 Gladden, R, "The Project Risk Maturity Model: Measuring and Improving Risk Management Capability". in Proj Mgmt Jrnl, 43, 2012, 101-101.

Jootun, D, "Hospital staff all proved to be cheerful, professional and kind". in Nursing Standard, 26, 2012, 33-33.

Nehemiah, L, "Towards EHR Interoperability in Tanzania Hospitals : Issues, Challenges and Opportunities". in IJCSEA, 4, 2014, 29-36.

Ramakrishnan, R & A Kulkarni, "Impact of the Electronic Health Record (EHR)-Based ‘Critical Care DKA Protocol' on the Management of Diabetic Ketoacidosis: A Single Center Experience at a Community Teaching Hospital". in Chest, 144, 2013, 524A-524B.

 Scally, W, "Project Workflow Management: A Business Process Approach". in Proj Mgmt Jrnl, 46, 2015, e2-e2.

SCHNEIDER, M, "Interoperability Issues Limit EHR Data Sharing". in Skin & Allergy News, 43, 2012, 33.

Shaikh, U, J Berrong, J Nettiksimmons, & R Byrd, "Impact of Electronic Health Record Clinical Decision Support on the Management of Pediatric Obesity". in American Journal of Medical Quality, 30, 2014, 72-80.

Simon, L, "Implementing an EHR: A Firsthand Account". in PN, 48, 2013, 14-15.

Song, S, "A Continuous Improvement Strategy and an Analysis of Its Effect on Running Medical Records of Cardiology Department". in Chinese Medical Record English Edition, 1, 2013, 173-176.

Soudi, A, "Timing of gaze alone tells us nothing about visit quality and EHR design". in J Eval Clin Pract, 21, 2015, 173-173.

 Sutton, G, J Liao, N Jimmieson, & S Restubog, "Measuring Ward-Based Multidisciplinary Healthcare Team Functioning: A Validation Study of the Team Functioning Assessment Tool (TFAT)". inJournal For Healthcare Quality, 35, 2013, 36-49

Teno, J, "Hospital Organizational Characteristics and Late Hospital Transitions (S759)". inJournal of Pain and Symptom Management, 45, 2013, 454.

Top, M, "Physicians’ Views and Assessments on Picture Archiving and Communication Systems (PACS) in Two Turkish Public Hospitals". in J Med Syst, 36, 2012, 3555-3562

Uzulāns, J, "Project Risk Register Analysis Based on the Theoretical Analysis of Project Management Notion of Risk". in Economics and Business, 29, 2016 is the most reliable and dependable academic writing service in UK. We provide specialized help for all subjects and topics under the sky, successfully delivering top-notch quality work on time without any compromise. Our expert team of experienced researchers, writers, academicians and editors has a record of providing high-quality assignment writing service. They can guide students to achieve academic success through a result-oriented approach.

Place Your Order

- +

*Prices may vary as per change in requirements

Estimated Price* $ 7.8 $ 9.8

20% OFF

Why Student Prefer Us ?

Top quality papers

We do not compromise when it comes to maintaining high quality that our customers expect from us. Our quality assurance team keeps an eye on this matter.

100% affordable

We are the only company in UK which offers qualitative and custom assignment writing services at low prices. Our charges will not burn your pocket.

Timely delivery

We never delay to deliver the assignments. We are very particular about this. We assure that you will receive your paper on the promised date.

Round the clock support

We assure 24/7 live support. Our customer care executives remain always online. You can call us anytime. We will resolve your issues as early as possible.

Privacy guaranteed

We assure 100% confidentiality of all your personal details. We will not share your information. You can visit our privacy policy page for more details.

Upload your Assignment and improve Your Grade

Order Now