Orignal article can be viewed here.

Well, actually, quite a few people did, all over the world. Fifteen years ago, the late management guru Peter Drucker described health care as the most difficult, chaotic, and complex of industries to manage, and hospitals as “altogether the most complex human organizations ever devised” (Drucker, 2002). The complexity hasn’t gone away since then – it’s increased.

But the new US President has given us a timely reminder. Health is complicated. Very!

And so is IT. The Standish Group tells us that still, in 2015, only 29% of IT projects globally were considered successful. 52% were considered “challenged” and 19% were deemed to have failed (Hastie & Wojewoda, 2015). All methodologies have their critics, and Standish is no exception. But there are many corroborating reports. For example, the 2016 Pulse of the Profession report from the Project Management Institute reported that 55 percent of respondents had an IT project fail (Florentine, 2017).

C + R = HR

So, apply something that is inherently high risk (IT projects) to the most complex environments (health), and voilà – welcome to the world of health informatics.

Complexity + inherent risk translates to high risk. And the most complex part of health care is clinical practice (the main game). So, here’s a proposal: treat all clinical IT projects as high risk, unless there are compelling reasons to scale the risk levels back.

And how is risk managed? Traditionally, there are four high level approaches:

1.     Avoid. One of the critical issues in health informatics is project selection. Enrico Coiera addresses “which tasks should we computerize?” is a recent article (2017), and by implication, which should we not? Enrico will be (re-)presenting this paper for members of the Health Informatics Society of Australia via webinar on May 17 – see https://www.hisa.org.au/hisa_event/webinar-new-informatics-geography-members/.

2.      Accept. Determining whether a given level of risk is acceptable or not requires understanding not only the project’s risk profile, but also the organisation’s risk appetite, and the risk tolerance that is applicable to the project. Yet how often are these explicitly articulated? How many project team members even know what these concepts are? See Rittenberg & Martens for an explanation (2012).

3.      Limit. This relies on effective risk identification and mitigation, which requires experience and judgement as well as evidence. But how many times is risk management undertaken in projects, then rarely mentioned thereafter, even though ongoing operation of health IT accounts for most of the resources used, and all the benefits derived?

4.      Transfer. The options for risk transfer are increasing with the rise of new service and collaboration business models in IT. However, many people seem to think this is a one-way street. It’s not. it’s bi-directional – an exchange of risks. For example, outsourcing IT hosting to the Cloud might lessen the risk of losing IT expertise for a health organization, but may also increase contracting risks, legal risks if data are hosted outside the organisation’s jurisdiction, etc.

Building capabilities

Knowing is better1. It is better to know that health care and health informatics are complex, and manage accordingly. It is better to know what the sources of complexity are, and how they can be dealt with. It is better to have all kinds of stakeholders aware of and competent in dealing with the issues that we know are out there.

That requires investment in workforce capabilities. Failure to invest in informatics capabilities is a significant risk, in its own right, in the digital age of health care.

In Australia, health informaticians can gain third party certification of the currency of their competencies through the Certified Health Informatician Australasia (CHIA) program – see http://www.healthinformaticscertification.com/.

The Digital Health Workforce Academy offers courses for clinicians and IT professionals that are designed to enhance success in health IT initiatives. Current offerings include:

  • Clinical Practice in the Digital Age
  • Clinical Leadership in Digital Projects
  •  Health for IT Professionals

See http://www.dhwacademy.com for more information.


1. Catch-phrase borrowed from Canada Health Infoway.


Coiera, E. (2017). A New Informatics Geography. IMIA Yearbook of Medical Informatics 2016. Retrieved from file:///D:/1A%20Core%20Folder/Downloads/imia_2016–1_26836.pdf.

Drucker, Peter F. (2002). Managing in the Next Society. New York, New York: St. Martin’s Griffin.

Florentine, S. (2017, February 27). IT project success rates finally improving. CIO. Retrieved from http://www.cio.com/article/3174516/project-management/it-project-success-rates-finally-improving.html.

Hastie, S. & Wojewoda, S. (2015, October 4). Standish Group 2015 Chaos Report – Q&A with Jennifer Lynch. InfoQ. Retrieved from https://www.infoq.com/articles/standish-chaos-2015.

Rittenberg, L. & Martens, F. (2012). Understanding and Communicating Risk Appetite. Research Commissioned by the Committee of Sponsoring Organizations of the Treadway Commission. Retrieved from http://coso.org/documents/ERM-Understanding%20%20Communicating%20Risk%20Appetite-WEB_FINAL_r9.pdf.

Trump, D. (2017, February 27). As reported by Liptak, K. (2017, February 28). Trump: ‘Nobody knew health care could be so complicated’. CNN. Retrieved from http://www.cnn.com/2017/02/27/politics/trump-health-care-complicated/index.html.