AAMI News November 2017

An Integrated Nine-Step Approach to Managing Clinical Technology Risks

Risks are inherent with any project, initiative, or operational process. However, by using a risk management framework and following a formal risk management process, those risks can be addressed up front. The bulk of risk management work can be divided into nine steps:

  1. Understanding objectives and risk tolerance. The process starts with understanding business objectives and bringing high-level risks to the surface. Tolerance for risk affects the degree to which the next eight steps are performed.
  2. Agreeing on process scope. Understanding the full scope of the process is extremely important. Is it a “mega process” that is used across the entire organization or a subprocess?
  3. Determining process ownership. Without a clear definition of who is responsible for what parts of the process throughout a device’s life cycle, important tasks can be overlooked.
  4. Understanding the impact of IT systems. A key task at this point is determining how application systems are associated with the identified risks.
  5. Assessing risks. A common process in risk management is to rank identified risks based on their projected impact and the likelihood of negative consequences.
  6. Evaluating assurance activities. This requires finding a balance between complying with regulations, policies, and other rules and providing timely and affordable equipment services.
  7. Agreeing on action plans or risk acceptance. Organizational leadership must determine which risks will be mitigated and to what degree.
  8. Managing risks. This is the most extensive part of the process. It involves integrating identified risks into the strategic plan and addressing residual risk.
  9. Reporting to leadership. Findings can be reported to senior leadership using tools such as dashboards and other methods to capture metrics.

By using a suitable framework and aligning identified risks with existing and planned initiatives, any organization—regardless of size—will be able to meet its business objectives while mitigating risk with maximum success.


This article was excerpted from a feature by Tara C. Brady, a clinical technology risk manager at Kaiser Permanente, and George Panagiotopoulos, a senior manager in clinical technology at Kaiser Permanente, that was originally published in the September/October 2017 issue of BI&T, www.aami.org/bit. Read the complete article.