Over the last few decades, a rapid adoption of information technologies in nearly every facet of patient care in healthcare settings has taken place; the recent U.S. government emphasis on the utilization of IT in healthcare will only serve to increase the dependency of care providers on IT. As IT becomes increasingly central to clinical and business practice, health care institutions must become increasingly vigilant about preparations for continuity of operations when normal IT functions are disrupted. In this paper we describe the development and use of a process designed to manage the risk to patient safety and clinical operations due to IT and communications failures; this process includes identifying critical applications and formulating plans for organizational and departmental responses in cases of IT and communication failures. Lessons learned will be discussed in the context of enabling other healthcare organizations to use this process.