Business risk is associated with the business and political environment in which a health care organization operates. It is perhaps the most challenging area of risk because often the organization doesn’t have control over the measures necessary to reduce the impact or likelihood of such events.
Business risks are often at the heart of the risks identified in other domains. For example, many privacy risks arise because of confused business models that don’t clearly define the roles and responsibilities of each of the stakeholders in an eHealth program. Business risk sometimes transcends the organization for regional, provincial, state and national eHealth programs where government or other supra-organizations are responsible for setting and enforcing standards and policy. The issue of eHealth governance is central to the management of business risk.
There are no defined control standards available to specifically address eHealth business risks at the regional, provincial, state and national levels. Each government jurisdiction has its own unique business and regulatory environment. However, anecdotal evidence suggests several significant control measures that should be put in place for such eHealth programs.
1. An eHealth Governance Framework and Authority – A legitimate body that has the authority to establish and enforce policy and standards in an eHealth environment that includes many healthcare organizations, health care providers and other stakeholders.
2. A Comprehensive Business Model – that defines the roles and responsibilities of each stakeholder in an eHealth program. This includes ensuring that all stakeholders benefit from the initiative in a manner and magnitude consistent with their investment.
3. A Contractual Framework – that accurately represents the business model and agreements between all stakeholders participating in the eHealth program. This would include consent forms and processes for patients.
4. Strategic Business and Technical Architectures –that enable the integration of the eHealth program into the larger health system and ensure that it is interoperable with other eHealth programs and systems.
5. A Stakeholder Engagement Model – to ensure that the interests of all stakeholders, and in particular, patients and end-users, are addressed in all aspects of eHealth program design, deployment and support.
In most jurisdictions around the world, governments have significant involvement in the funding and management of health care. This results in a complex political environment that has a direct impact on business risk. Political influence can be exerted by politicians or by the bureaucracy that supports the government. Political decisions affect priorities and in extreme cases can interfere with normal business protocols.
Business risks associated with eHealth include:
• Regulatory and legal liability
• Financial loss
• Political interference
• Procurement challenges
• Rejection by users
• Business interruption
Guidance on business risk assessment and management can be found in the publication Management of Risk: Guidance for Practitioners that is published by the British government’s Office of Government Commerce. This guide addresses risks at the strategic, program, project and operational levels.