A prototype for assessing information technology risks in health care

Although a vast number of risk-management methodologies have been proposed thus far and even though these methodologies are being applied to all types of organizations quite effectively, a few concerns are raised when the self-same risk-management methodologies are applied to the health-care environment. The authors, therefore, developed a risk-management methodology, entitled "Risk Management in Health Care - using cognitive fuzzy techniques" (RiMaHCoF), that is specifically tailored for the health-care environment. The methodology comprises five successive stages in all, namely initiation, domain analysis, risk assessment, risk analysis and domain monitoring. In the present paper, however, the authors will focus only on the third stage, viz. the risk assessment stage. This paper is principally aimed at expounding a prototype for the risk assessment stage, which prototype will incorporate cognitive fuzzy-logic techniques - as opposed to conventional techniques, such as annual-loss exposure (ALE) calculation - by means of which to assess the information-technology risks potentially to be incurred in the health, care domain. In this way, it will be ensured that human common sense and intuition (which form the basis of any risk assessment exercise) will not be omitted from the risk management process.