Information Management/Technology – Systems/Technology Needs

Service: Risk Management
Subject: Information Management/Technology
Type: Risk Profiles

Inability to expand or upgrade to new systems/technology can lead to risks of technology infrastructure obsolescence. This often results in system/technology failures and downtimes. Additionally, an organization’s adoption of inconsistent systems/technology, or solutions that are hybrid in nature, can decrease performance and can lead to discrepancies and errors in outputs. These types of events or scenarios may negatively impact strategic direction, operations, financial planning, patient care, culture/morale and reputation. This document contains information entered by HIROC subscriber organizations (acute and non-acute) in the Risk Register application to help you in your assessment of this risk.

Ranking/ratings

  • Likelihood – average score 3.03
  • Impact – average score 3.42

The Risk Register allows for risks to be assessed on a five-point likelihood and impact scale, with five being the highest.

Key controls/mitigation strategies

  • Planning and budgeting
    • Long-term information systems/technology strategy or vision for all systems/technology
    • Capital planning or budgeting includes outlook for investment in new technology
    • Identify capital investment required to mitigate against future systems/technology failures and downtime
    • A comprehensive submission and prioritization process in place for capital projects
    • Strategy in place for future system adoption
  • External relationship management
    • Communication of systems/technology needs with government, key partners and provincial electronic health leaders to secure required funds for systems/technology needs/innovation
    • Active participation in committees/efforts organized by health systems or network on integration or migration to unified system
    • Adoption of common/shared information systems/technology across health systems/regions
  • Operational controls
    • Business intelligence or data mining tools in place to support timely and accurate informed decision making
    • Inclusion of redundancies for critical systems/technology functions to support operational functions during systems/technology failures
    • Harmonization of all relevant systems to contribute to one complete patient record
    • Seamless integration of systems/technology across the organization
    • Focus on systems interoperability and automation of data flows between systems (elimination of rekeying of data and manual processes)
    • Prioritization policy in place to move resources/hardware to support mission critical operations of the organization
    • Identification and replacement plan for all hardware/equipment that surpass their life expectancy
    • Replacement cycle in place for all computers, printers, servers, ports, components of network and other
    • Information Technology (IT) assets
    • Mitigation strategies in place for systems/technology that are unreliable
    • Timelines and processes for new systems/technology implementation closely monitored
    • Processes in place to upgrade to latest release/versions of systems/technology
    • Regular application/software upgrade and operating system upgrade
    • Continuous incremental enhancements or upgrades to systems/technology features to improve ongoing functionality and to optimize the available features
    • A centralized tracking tool in place for IT issues, concerns, service requests, incidents, downtime and escalation tracking
    • Appropriate communication channel available to communicate concerns and performance issues related to systems/technology to senior management
    • Robust training and education for staff to ensure the available systems are used appropriately
    • Policies, procedures, protocols, standard operating procedures/processes and user guides in place for existing systems/technology
    • A plan to enhance support for a mobile workforce
    • Managed service or purchased service option for challenging systems/technology
    • Service contracts in place for all mission critical systems/technology
    • Root cause analysis is undertaken following all systems/technology failures/downtime
    • Reconfiguration of existing systems/technology to meet business needs
    • Regular backup of data, files and systems
    • Data/system recovery drills and tests
  • IT resource availability
    • Adequate staffing in place to monitor, maintain and support systems/technology
    • Succession plan in place to replace resources as needed upon planned exits/retirements
    • IT sourcing strategy
    • Application matrix for supported application and associated systems administrators
  • Audits and risk assessments
    • External audit and risk management of IT department/function
    • Internal audit as required to ensure the systems/technology are used appropriately
    • Business impact risk identification and analysis

Monitoring/indicators

  • Systems/technology failures, performance issues and downtime incidents
  • Gaps in systems/technology
  • Systems/technology that surpassed their life expectancy
  • Replacement plan of resources that come close to and surpass their life expectancy
  • Systems/technology that are no longer supported by the vendor/manufacturer
  • Capital investment required to replace systems/technology
  • Available internal and external IT resources
  • Funding availabilities and gaps
  • Compliance level of staff members’ use of existing systems/technology
  • Number of critical projects with insufficient funding
  • IT human resource availability
  • Industry baseline for IT resource constraints/limitation
  • External IT audit results
  • External IT risk assessment results
  • Systems/technology with service/support contracts
Date last reviewed:
This is a resource for quality assurance and risk management purposes only, and is not intended to provide or replace legal or medical advice or reflect standards of care and/or standards of practice of a regulatory body. The information contained in this resource was deemed accurate at the time of publication, however, practices may change without notice.