Risk+Management+Process

The **risk management process** is the systematic application of management policies, procedures and practices to the tasks of communicating, establishing the context, identifying, analyzing, evaluating, treating, monitoring and reviewing risk.

Specific methodologies have been established for some elements of eHealth risk including Privacy Impact Assessment (Privacy), Threat and Risk Assessment (Security), Healthcare Failure Mode and Effect Analysis (Safety) and Project Risk Assessment (Project).

The figure below illustrates the major components of the risk management process:


 * 1) **Establishing the Context** involves documenting the internal and external factors affecting a health organization’s risk posture. This includes environmental factors, stakeholder expectations, business strategy (goals and objectives), and internal capabilities.
 * 2) **Risk Assessment** includes the processes associated with the identification, analysis and evaluation of risk. Well-established methods for risk assessment are available for addressing privacy and security risks.
 * 3) **Risk Treatment** addresses how risks are managed and include the acceptance, avoidance, transference and mitigation of risk.
 * 4) **Monitor and Review** include processes that ensures that risk management processes are effectively executed.
 * 5) **Communication and Consultation** with stakeholders and expert resources are critical at all phases of the risk management process.