The implementation of a hospital management information system in Indonesian public hospitals brings opportunities for service improvement as well as various risks that must be carefully managed. This study evaluated the implementation of hospital management information system, using the ISO 31000:2018 risk management framework. Using a mixed methods approach, the study identified key risks in the technical, operational, human resources, and infrastructure domains through interviews, field observations, and document analysis. Each risk was analyzed for its likelihood and impact using a quantifiable risk matrix according to the ISO 31000 standard. The evaluation results indicated that system disruptions due to software and network instability, lack of training leading to user errors, and failure of data integration between modules were the most significant risks faced. Several other risks included the threat of cyberattacks on patient data, limited skilled IT personnel, and suboptimal network infrastructure capacity. Recommended mitigation strategies include continuous improvement of user training programs, investment in information technology infrastructure, implementation of stringent cybersecurity protocols, and regular system audits and monitoring. This study produces a practical risk-based evaluation model for the implementation of hospital management information system in regional hospitals, using an internationally recognized risk management framework.
Copyrights © 2025