The unusually slow adoption of information technologies in healthcare is mainly attributed to the overwhelming risks involved in the implementation process embedded in that particular industry. The issue of timing and approach in employing risk management to mitigate risks in healthcare still remains a challenge. In this paper, we report our work in which the objective was to explore the employment of risk management practices from a Singapore-based hospital which is re-designing its medical informatics and premises to provide patient-centric quality healthcare. A total of 19 face-to-face interviews were conducted. The findings highlight that although this organization did not explicitly set out to use an Enterprise Risk Management approach, it has inadvertently done so. The questions of when and where to employ ERM can be difficult to determine, especially in the healthcare industry, hence, we conclude that practitioners should review their existing risk management practices and identify the embedded ERM activities so as to leverage on them in facilitating the managerial guidelines to accomplish the task.