**4. Risk assessment library considerations**

Managing the risk in a medical setting is unique because of specific regulations that come with significant potential financial fines and corrective actions. For example, outside and inside risk management strategies may not properly align. Also, many organizations, especially in healthcare, are employing a task-based ticketing system to track internal processes. These ticketing systems enable the Information

### *Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework DOI: http://dx.doi.org/10.5772/intechopen.96456*

System silos and other organizational risk components to entirely misalign and improperly manage risk by using neither standardized nor repeatable language.

Schmeelk [26] reports that the following five subsections should be included in identifying organizational components. As a centralized library has yet to be created, a working group should focus on exactly what to include in a standardized public-risk-assessment language dictionary. Important historical components are: legal, training, vendor, and system security requirements, as well as organizational controls. A standardized risk-finding library encourages cross-organizational collaboration, communication, auditing, and legal consistency if a case ever goes to court.

## **4.1 Regulatory requirements**

Regulatory requirements encompass a wide range of organizational responsibilities, which can be actual governmental laws and/or industry-specific requirements. Let us discuss both.
