Risk ID Risk Area Risk Identification

Number
Description

Internal /
External /
Legal /
Regulatory /
Project /
Technical

1 internal staffing and workforce

physician competence (knoweldge and

2 external skills)

3 regulatory clinicial quality

4 external competition

5 technical patient records and cloud

6 legal negligent credentialing

7 legal contractual

8 external patient cooperation

9 project planning and re-planning

10 technical outdated and legacy software

11 external environment risks

12 legal compliance lapse

13 internal human resource

embedded devices and Internet of

14 technical things
15 regulatory case management

16 project schedule risks

17 technical cybersecurity
18 internal patient safety

19 regulatory government and politics

20 project performance risks
21 external physician alignment risks

22 internal price transparency

23 internal financial operations

 Risk Identification

Symptoms

low financial performance, reduced quality

scores, and high patient mortality rates.

poor performance of physicians and report

of many complains about the physician
low payment services, poor patient
outcomes and healthcare financial
performance
reduced financial performance and makert
share loss
hacking of confidential patient's
information in cloud.
health safety risks and serious legal and
financial consequences
uncessary incurred expenses and low
financial performance
poor relationship between the healthcare
provider and patient
increased medical errors risks and poorer
outcomes
older versions of operating systems, no
presence of firewall and intrusion detection
systems
increased patient's quantity due to
environmental issues such as poor
sanitation
lawsuits, regulatory, financial, and legal
consequences
low productivity, employement-related
lawsuits
vulnerable breaches of the electronic
sensors. Hackers insert a code to control it
remotely.
staff turnover and resource limitations
low patient's quality outcomes and low
performances
breaches in healthcare data such as
insurance fraud, identity theft
high litigation costs and increased liability
high economic uncertainity and
unemployment
low patient outcomes
operational and compliance risks
low patient turn outs and poor healthcare
financial performance
leadership changes, consolidations,and
employee turnover
Risk ID Risk Identification Risk Analysis Risk Analysis
Number

Description Qualitative Quantitative

1 staffing and workforce qualitative

2 physician competence qualitative

3 clinicial quality qualitative

4 competition qualitative

5 patient records and cloud qualitative

6 negligent credentialing qualitative

7 contractual qualitative

8 patient cooperation qualitative

9 planning and re-planning qualitative

10 outdated and legacy software qualitative

11 environment risks qualitative

12 compliance lapse qualitative

13 human resource qualitative

embedded devices and Internet of
14 things qualitative

15 case management qualitative

16 schedule risks qualitative

17 cybersecurity qualitative

18 patient safety qualitative

19 government and politics qualitative

20 performance risks qualitative

21 physician alignment risks qualitative

22 price transparency qualitative

23 financial operations qualitative

Risk Analysis Risk Analysis Risk Analysis Risk Priority

Risk Event Risk Event Risk Summary

Probability Severity
High / High / Medium / Probability x
Medium / Low Low Severity
10 (very high
Medium High 6 failures)
10 (very high
medium high 6 failures)
10 (very high
high high 9 failures)
10 (very high
high high 6 failures)
10 (very high
high high 9 failures)
10 (very high
medium high 6 failures)
10 (very high
high high 9 failures)
5 (moderate
low medium 2 failures)
10 (very high
medium high 6 failures)
10 (very high
high high 9 failures)
10 (very high
high high 9 failures)
10 (very high
high high 9 failures)
5 (moderate
medium medium 4 failures)
10 (very high
high high 9 failures)
10 (very high
medium high 6 failures)
5 (moderate
medium medium 4 failures)
10 (very high
high high 9 failures)
10 (very high
medium high 6 failures)
10 (very high
high high 9 failures)
10 (very high
medium high 6 failures)
 5 (moderate
low medium 2 failures)
5 (moderate
low medium 2 failures)
10 (very high
high high 9 failures)
Risk ID Risk Identification Risk Response
Number Strategy

Description
Accept / Mitigate
Transfer / Ignore
1 staffing and workforce mitigate

2 physician competence mitigate

3 clinicial quality mitigate

4 competition mitigate

5 patient records and cloud mitigate

6 negligent credentialing mitigate

7 contractual mitigate

8 patient cooperation mitigate

9 planning and re-planning mitigate

10 outdated and legacy software mitigate

11 environment risks mitigate

12 compliance lapse transfer

13 human resource mitigate
embedded devices and Internet of
14 things mitigate

15 case management mitigate

16 schedule risks mitigate

17 cybersecurity mitigate
18 patient safety mitigate

19 government and politics transfer

20 performance risks mitigate

21 physician alignment risks mitigate

22 price transparency mitigate

23 financial operations mitigate

 Risk Response Plan Risk Trigger

Response Plan to be Activated When

These Symptoms Appear

recruiting qualified staff not solved with 24 hours

analysis of the physician competence

through monitoring services call from the top management
increase quaity functions and other
administrative aspects to address
scope-of-practice issues call from the top management
healthcare organiation assess of
existing and new entrants impact in
the markets call from the top management

address of cloud services to ensure

patient's information safety not solved with 24 hours
reducing medical errors risks to
increase credentialing services call from the top management
addressing the contract to ensure
both the healthcare provider and
patient to benefit call from the top management
teaching the provider how to relate
with patients effectively not solved with 24 hours
implementation of strategic planning
services call from the top management
updating the healthcare legacy
software call from the top management
address of structural issues and
sanitation aspects not solved with 24 hours
mitigation of effective regulatory
rules and policies transfer call from the government
addressing the workplace culture not solved with 24 hours
implementation of quality security
measures not solved with 24 hours
analysis of long-term care, value, and
effectiveness call from the top management

proper schedule planning services

and healthcare providers training not solved with 24 hours

personnel and technology investment

to monitor networked systems call from the top management
effective communication strategies
and techology increase with
evidence-based pracices. not solved with 24 hours
addressing tax-exempt status and tax
revenues call from the government
addressing internal and outsourced
projects call from the top management
increasing compliance, IT security
and patient safety call from the top management

transparency of healthcare costs to

encourage choice and competition not solved with 24 hours

plan and management of change and

regular monitoring processes. not solved with 24 hours
Risk ID Risk Identification Risk Review Date
Number
Description

1 staffing and workforce (insert date)

2 physician competence (insert date)

3 clinicial quality (insert date)

4 competition (insert date)

5 patient records and cloud (insert date)

6 negligent credentialing (insert date)

7 contractual (insert date)

8 patient cooperation (insert date)

9 planning and re-planning (insert date)

10 outdated and legacy software (insert date)

11 environment risks (insert date)

12 compliance lapse (insert date)

13 human resource (insert date)

embedded devices and Internet of
14 things (insert date)

15 case management (insert date)

16 schedule risks (insert date)

17 cybersecurity (insert date)

18 patient safety (insert date)

19 government and politics (insert date)

20 performance risks (insert date)

21 physician alignment risks (insert date)

22 price transparency (insert date)

23 financial operations (insert date)

 Comments Risk Status

Active / Inactive
the management should monitor the staff
performance regularly. active

the management should analysis its physican

competence through assessments active
healthcare organizations need to review how
to staff quality functions active

the organization needs evaluate its services

to ensure it creates a competitive advantage active
the administration should implement
effective security measures in the cloud
services active
the administration should verfiy and assess
the a practitioner's qualifications active
the administration should review and renew
the contract regularly active
Assessment services of provider's
communication strategies with patients active
review of the healthcare services plan yearly
and addressing the issues active

the administration should review its

software and upgrade the operating systems active
the management should work with
environmental officers to allow
environmental health active
the government should regulate its policies
and regulations active
the management should train its human
resource professionals to ensure high
competency level active
the management should analyze its security
measures and upgrade them. active

the organization needs to anayze case

management and allow services availability active

the management should analyze its schedule

plans and ensure the providers adhere to it active
the management should review and assess
its security measures active
the administration should patient safety
using survey measures active

the government should evaluate its political

measures in healthcare services active
assessment of performance risks active
monitoring compensation, quality and
performance level inactive
the financial managers should monitor its
price transparency level inactive

the management should analyze its financial

operations to meet workers' needs active