⚠️ Risk Register · Detailed · MediEco · 26 April 2026 · 18 risks tracked
← Hub RISK REGISTER 18 risks · 5 critical · 6 high · 7 medium

Risk Register · Likelihood × Impact

Every risk catalogued · likelihood + impact scored · mitigation owner assigned · trigger conditions defined · contingency plan documented · quarterly review schedule.

1. 📐 Scoring Method

Likelihood (5 levels)
  • Rare (1): <5% · "happened once industry-wide"
  • Unlikely (2): 5-20% · "rare but real precedent"
  • Possible (3): 21-50% · "expect occasionally"
  • Likely (4): 51-80% · "expect quarterly"
  • Almost Certain (5): >80% · "monthly minimum"
Impact (5 levels)
  • Negligible (1): <RM 5K · no patient harm
  • Minor (2): RM 5-50K · minor inconvenience
  • Moderate (3): RM 50-500K · feature delay weeks
  • Major (4): RM 500K-2M · phase slip · reputation
  • Catastrophic (5): >RM 2M · patient harm · legal · project halt
Risk Score = Likelihood × Impact (1-25). 1-4 GREEN · 5-9 YELLOW · 10-15 ORANGE · 16-25 RED.

2. 📊 Risk Matrix

Negligible (1)
Minor (2)
Moderate (3)
Major (4)
Catastrophic (5)
Almost Certain (5)
5
10
15
20
25
Likely (4)
4
8
12
R-12 GPU lead
16
20
Possible (3)
3
6
R-13 cost
9
R-09 BM NLU
R-11 panel API
R-15 UX iter
12
R-04 klinik pull
R-06 skill decay
15
R-05 audit gap
Unlikely (2)
2
4
6
8
R-08 jailbreak
10
R-01 dx miss
R-02 RX error
R-03 PDPA leak
Rare (1)
1
2
3
4
5
R-07 Doc Zam pull
1-4 GREEN (accept)
5-9 YELLOW (monitor)
10-15 ORANGE (mitigate)
16-25 RED (active)

3. 🔴 Critical Risks (RED zone · score ≥ 10)

R-01 False-Positive Diagnosis
Score: 10 (Unlikely × Catastrophic)
  • Description: AI cadang dx salah, klinisin trust tanpa challenge → patient harm.
  • Trigger: Doctor over-rely AI · novel symptoms · BM rojak NLU miss
  • Mitigation: HITL mandatory · citation card visible · DDx alternatives shown · Doc Zam clinical review Q3 (50 scenarios) · monitoring "doctor edit ratio" as quality signal
  • Contingency: Hot-fix sprint inserted · feature flag disable CDSS suggestion · clinical incident review board
  • Owner: Doc Zam (clinical review) + Founder (system fix)
  • Status: 🟢 Active mitigation · Q3 gate prep ongoing
R-02 Medication Error (DDI/Dose/Allergy Miss)
Score: 10 (Unlikely × Catastrophic)
  • Description: Pharmacy dispense salah ubat / dose / allergy patient terlepas.
  • Trigger: NPRA DB outdated · pharmacist auto-trust AI · barcode skip · weight not captured
  • Mitigation: Closed-loop verify · barcode at dispense · pharmacist final approve gate · DDI severity matrix · allergy registry global
  • Contingency: Adverse Reaction Loop M6 auto-flag · clinical incident workflow · NPRA pharmacovigilance report
  • Owner: Pharmacist + Doc Zam + Founder
  • Status: 🟢 Active · M5 spec dah include 3-layer check
R-03 PDPA Breach (PII Leak ke Cloud LLM)
Score: 10 (Unlikely × Catastrophic)
  • Description: PII (IC · nama · alamat) terhantar ke cloud LLM tanpa strip · PDP commissioner fine RM 500K · reputation damage.
  • Trigger: PII filter regex miss · NER false negative · cloud burst feature flag accidentally ON · audit log gap
  • Mitigation: M9 PII strip pre-LLM (regex + NER hybrid · 95% target) · per-tenant key · on-prem default · cloud burst feature flag default OFF · Q5 quarterly self-audit
  • Contingency: <72h breach notify PDP · DPO trigger · audit forensic · external counsel engagement
  • Owner: Founder (DPO) · Eng Lead (technical)
  • Status: 🟢 M9 Sprint 1.1 priority · PII filter Day 5-6
R-12 GPU Hardware Lead Time Slip
Score: 12 (Likely × Moderate)
  • Description: H100/L40S GPU lead time bertambah ke 8+ minggu · pilot delay.
  • Trigger: Global supply constraint · NVIDIA allocation policy · vendor priority queue
  • Mitigation: Order Mid-End L40S 4 weeks early (1 May order) · cloud burst as Plan B · alternative vendor (AMD MI300) backup spec · workstation 4090 for dev
  • Contingency: Cloud burst gpt-4o-mini until hardware arrive (cost +RM 15K · pilot still go) · negotiate consumer 4090 multi-GPU rig short-term
  • Owner: Founder (procurement) · DevOps (deployment)
  • Status: 🟡 Monitoring · order placement decision needed by 1 May
R-04 Klinik Pilot Pull Out
Score: 12 (Possible × Major)
  • Description: Klinik partner cancel agreement before pilot · phase 2 delay 4-8 weeks.
  • Trigger: Klinik internal restructuring · MOH inspection scheduling · staff turnover · cold feet
  • Mitigation: 2-3 backup klinik LOI signed by 1 Jun · pilot agreement dgn explicit exit clause + ALESA bear setup cost · regular weekly comm with klinik owner
  • Contingency: Switch to Backup Klinik B (14-day onboarding) · adjust pilot scope · communicate transparently with Doc Zam
  • Owner: Founder (BD) · Doc Zam (clinical relationships)
  • Status: 🟡 BD outreach to 3 candidate klinik in May
R-06 Skill Decay (Junior Doctor Over-Rely AI)
Score: 12 (Possible × Major)
  • Description: Junior klinisin terlalu bergantung pada AI scribe + CDSS · long-term competency loss · MMC concern.
  • Trigger: AI used >90% encounters · doctor edit ratio <10% (signal of blind acceptance) · junior trainee usage pattern
  • Mitigation: "Blind mode" toggle (AI hide recommendations · doctor work first) · periodic competency check (monthly · simulated cases) · MMC self-attestation framework · training hours guideline
  • Contingency: Mandate blind mode rotation · faculty training intervention · pause feature for affected doctor · educational module deployment
  • Owner: Doc Zam (clinical training) + Klinik admin
  • Status: 🟢 Designed in M4 spec · "blind mode" feature flag
R-05 Audit Gap (MOH Inspection Failure)
Score: 15 (Possible × Major-leaning-Catastrophic)
  • Description: MOH audit lihat audit trail gaps · clinical action tak boleh trace · klinik license risk.
  • Trigger: Audit log write fail (DB outage) · log retention policy not met · access control loose · feature flag drift unaudited
  • Mitigation: M9 WORM audit log · 7-yr retention · Redis stream buffer · daily reconciliation · DR drill quarterly · MOH report template
  • Contingency: External compliance consultant urgent · audit gap remediation sprint · pause new klinik onboarding
  • Owner: Founder (DPO) + Compliance consultant (Phase 3)
  • Status: 🟢 M9 spec robust · Sprint 1.1 cross-cut foundation

4. 🩺 Clinical Safety Risks

IDRiskScoreMitigationOwner
R-01False-positive dx10HITL · citation · DDx altDoc Zam
R-02Medication error10Closed-loop · barcode · pharmacist finalPharmacist + Doc Zam
R-08HITL bypass jailbreak8Server-side enforce · 30-prompt suite · auditEng Lead
R-14SOAP hallucination9Doctor MUST review · edit-ratio metric · regression setDoc Zam + Eng
R-16Whisper BM mistranscribe6Custom medical vocab biased decoding · live previewEng (prompt + ASR)
R-17Red-flag false negative650-scenario regression · over-escalate bias · monitor false-neg rateDoc Zam + Eng
R-18Self-care advice harmful4Approved library hardcoded · LLM only paraphrase · cite sourceDoc Zam

5. 🔒 Privacy & Compliance Risks

IDRiskScoreMitigationOwner
R-03PDPA breach (PII leak)10Strip pre-LLM · per-tenant key · on-prem defaultFounder DPO
R-05Audit gap (MOH inspection)15WORM log · 7-yr retention · MOH report templateFounder + Compliance
R-19Cross-tenant leakage5Row-level RBAC · per-PR security review · matrix testsEng Lead
R-20DSAR/erasure miss SLA3Async batch · email notify · 30-day SLA generousFounder
R-21Insurance API non-compliance6Manual claim fallback · MySalam first then expandEng + BD

6. ⚙️ Operational Risks

IDRiskScoreMitigationOwner
R-04Klinik pilot pull out122 backup klinik LOI · ALESA bear setup costFounder BD
R-12GPU hardware lead time12Order 4 weeks early · cloud burst Plan B · L40S fallbackFounder + DevOps
R-22Team capacity shortfall82-week sprint · 20% slack · contractor backup poolEng Lead
R-09BM rojak NLU fail9200-sample eval · Llama fine-tune option · graceful fallbackEng (prompt)
R-23UPS/power outage at klinik6UPS battery 15min · service worker offline mode (PWA)DevOps
R-24Internet outage at klinik64G/5G modem fallback · doctor offline mode (cached SOAP)DevOps
R-25Audit log volume cost4Compression · cold storage after 1-yr · pruningDevOps

7. 💰 Financial Risks

IDRiskScoreMitigationOwner
R-13LLM API cost overrun6Tier routing · cache · per-tenant budget · gpt-4o-mini default · on-prem reduces dependencyEng Lead
R-26Capex overrun (Hi-End upgrade)8Phase budgeting · Mid-End first option · staged GPU procurementFounder
R-27Insurance/indemnity premium spike6Quote 3 vendors · negotiate group rate · self-insure low-impactFounder
R-28Subscription churn >30%8Klinik success program · NPS monitoring · feature roadmap dgn klinik inputBD + Founder
R-29Currency exposure (USD GPU pricing)4Local distributor option · forex hedge · multi-vendorFounder

8. 🎯 Strategic Risks

IDRiskScoreMitigationOwner
R-07Doc Zam withdraws approval5Weekly review · transparent comms · written agreement Phase 0 · co-sign major decisionsFounder
R-30Competitor launch (Adeahub MY · Halodoc enter MY)6Speed advantage · Doc Zam clinical relationship · BM/Malaysia native moat · feature flag rapid pivotFounder + Doc Zam
R-31MOH guidelines change significantly4Compliance consultant retainer · feature flag rapid disable · 30-day adapt window built-inCompliance
R-32MMC scope-of-practice ruling restrict AI4"AI proposes, doctor approves" architecture (already proven) · attestation ready · legal counsel reviewFounder + Doc Zam
R-33Bahasa Malaysia AI quality plateau4Continuous fine-tuning · alternative model options (Qwen-Med · Sea-LION) · prompt iteration · BM-specific data acquisitionEng (prompt)

9. 🔄 Review Cadence

CadenceTriggerActionOwner
WeeklySprint reviewUpdate R-04/R-12 status (klinik pilot · GPU lead time)Founder
Bi-weeklySteering CommitteeReview all RED + ORANGE risks · adjust mitigationFounder + Doc Zam
MonthlyInternal auditAudit log volume · breach detection rules · feature flag driftEng Lead
QuarterlyQ1-Q6 gates · Q5 PDPA self-auditComprehensive risk register review · add new risks · close resolved · escalate emergingAll stakeholders
AnnuallyYear-end reviewExternal pen-test · MOH-style walkthrough · risk appetite reviewExternal consultant + Founder
Ad-hocIncident detectedRisk register update within 48h · post-mortem within 2 weeksEng Lead + Founder