In my research on eHealth risk I have identified two classes of risk. First, risk to patients (and to a lesser extent health care providers)– which encompasses privacy, security and safety risk, and second, risk to the organization (or health system at large) which encompasses project, operational and business risk.
Peter Croll and Jasmine Croll of the Queensland University of Technology in Australia have published a paper titled Investigating risk exposure in e-health systems that brilliantly addresses the former. It considers and integrates the analysis of a range of risk issues including quality, usability, privacy and safety.
We are all aware that eHealth systems operate in a complex environment of people, process and technology. Any assessment of risk must consider and balance the wide array of risks associated the system and the environment in which it will operate. The QUiPS model described in this paper goes a long way to addressing this need.