Enhancing Risk Prioritization in Healthcare Informatics: A Combined Vulnerability Scoring and Operational Framework Approach

Abstract

Effective risk prioritization in healthcare informatics is critical for safeguarding operational continuity and patient safety. Traditional risk management frameworks in healthcare cannot often holistically address technical vulnerabilities and operational urgencies. To overcome this limitation, this study introduces a novel Risk Priority Number (RPN) calculator that integrates the Common Vulnerability Scoring System (CVSS) and the Information Technology Infrastructure Library (ITIL) into a single, unified risk assessment model. Developed using Python and PyQt5, the standalone application was validated using 20 synthesized hospital IT (Information Technology) issues at Peamount Healthcare, including examples such as system clock-in failures, annual leave miscalculations, and scheduling errors. The scoring algorithm employs weighted formulas: 60% weight is assigned to technical severity (CVSS), and 40% to operational urgency and impact (ITIL), providing a comprehensive view of each issue’s priority level. The tool categorized 40% of the issues as high-priority and 20% as critical, demonstrating the calculator's ability to triage risks effectively. The scale of impact included payroll disruptions, workflow inefficiencies, and delays in patient service processing—issues that affect both compliance and staff productivity. The combined CVSS-ITIL approach significantly enhances the accuracy of healthcare risk prioritization, providing actionable, standards-aligned recommendations. Future development aims to incorporate artificial intelligence for automated risk detection and broader usability across healthcare settings. The application represents a scalable, research-driven innovation that supports operational resilience and decision-making in critical healthcare infrastructures.