Information Governance for Hospitals

By Lee Ann Jarousse

Health care organizations live or die based on the quality of the data their leaders use to make strategic, business and clinical decisions.

And that data — from hospital-acquired infection rates and patient satisfaction scores, to Medicare reimbursement levels — come from dozens of disparate sources across the organization.

The role of information governance, which approaches information as a strategic asset, is to ensure the integrity of all this data and information, enterprisewide, is secure and accurate. Information governance practices will change how we manage and use information, creating a competitive advantage in the market for those who do it well. The practices of information governance acknowledge the explosion of data in health care due to the advent of electronic health records and track the total cost of ownership for information, which is growing exponentially.

Lynne Thomas Gordon, who served in C-suite-level roles in hospitals prior to becoming AHIMA’s CEO, says health care executives are always looking at how to increase their market share. “We used to discuss whether we should open up an ambulatory center. Should we add more neonatal intensive care unit beds? Does it make sense to have a prosthetics department? You’re looking at information all the time to make strategic decisions. But if you’re basing your decisions on bad information, there can be negative consequences,” she says.

Hospital trustees should work with senior leadership to ensure that the organization has a comprehensive information governance plan in place. Thomas Gordon challenges organizations to assess their data integrity. For example, conducting a review of all the data on how many mothers delivered babies in their facility in a given year will demonstrate how common data errors may be. The chances are high, Thomas Gordon says, that a man’s name would be listed among those of the mothers. If simple mistakes, such as this one are common, as Thomas Gordon suggests, it’s easy to imagine how all of a health care organization’s information is at risk for containing errors.

In the Information Governance Initiative’s annual report for 2015 – 2016, in which authors surveyed and interviewed information governance leaders across industries, Matt McClelland, manager of information governance for Blue Cross Blue Shield of North Carolina, told the authors that information governance is foundational to the success of any business as the amount and creation speed of information continues to increase.

“With proper support, information governance can bridge the gaps among the need to address regulation and litigation risk, the need to generate increased sales and revenue, and the need to cut costs and become more efficient. When done right, information governance positively impacts every facet of the business,” McClelland said in the Information Governance Initiative.

Indeed, health care organizations deal with challenges posed by risk and regulation every day, particularly as EHRs become the norm under federal mandates, like the meaningful use EHR Incentive Program. While EHRs hold the potential to make health care more efficient, increase patient engagement and advance data analytics capabilities, EHRs require vigilance to protect the data from privacy breaches and data entry errors.

“According to the Office of the National Coordinator for Health IT, any health record, paper or EHR is only as good as the information it contains and how that information is used,” Thomas Gordon says. “That’s information governance. If you don’t have information governance, it’s garbage in, garbage out.”

10 information governance competencies your organization should master

The following information governance competencies will help ensure data integrity to help hospitals and health systems make effective strategic, business and clinical decisions.

1. Strategic Alignment

Strategic alignment of information governance with the organization’s strategy demonstrates valuation of information as a strategic asset, and communicates that information governance is an organizational imperative. Strategic alignment supports an information-driven, decision-making culture and ensures that its workforce at all levels has access to the information it needs to make good decisions in real time, and it supports the expectation that information is used appropriately and strategically.

2. Information Governance Structure

Information governance structure defines and connects the organizational structure, programmatic structures and supporting structures for information governance. It ties together the three core programmatic structures of enterprise information management, IT governance, and data governance.

3. Data Governance

Data governance is the sub-domain of information governance that provides for the design and execution of data needs planning and data quality assurance in concert with the strategic information needs of the organization. Data governance includes data modeling, data mapping, data audit, data quality controls, data quality management, data architecture and data dictionaries. Data governance collaborates with enterprise information management in functional components essential to the enterprise plans for information organization and classification.

4. Enterprise Information Management

Enterprise information management, a sub-domain of information governance, includes the policies and processes for managing information across the organization, throughout all phases of its life: creation/capture, processing, use, storing, preservation and disposition. Enterprise information management also includes management of enterprise practices for information sharing, release and exchange practices, chain of custody and long-term digital preservation. Enterprise information management incorporates the foundational functions of information organization and classification, which envelop taxonomies and metadata management, and master data management.

5. Information Technology Governance/IT Governance

Information technology governance /IT governance is a sub-domain of information governance and is seen as essential for any organization employing information technology. Organizations in health care must have certainty that IT serves as a vehicle to achieve organizational strategy, goals and objectives. IT governance establishes a construct for aligning IT strategy with the strategy of the business and a means of fostering success in achieving those strategies. In addition to this alignment, IT governance includes: use of best practices in technology solutions selection and deployment, ensuring and measuring the value or benefit created through IT investments, management of resources, mitigating risks, measuring the performance of the IT function and ensuring that stakeholder input is incorporated into IT strategy.

6. Analytics

The ability to use data and information to achieve its strategy, goals and mission or, in short, to realize that the value of its information is critical to success with information governance. An organization’s competence is essential to moving from data to intelligence to knowledge. Competency in data analytics is, therefore, seen as essential to mature information governance.

7. Privacy and Security Safeguards

The privacy and security safeguards competency encompasses the processes, policies and technologies necessary to protect data and information across the organization from breach, corruption and loss. Protection also ensures that information is kept private, confidential and secret as required, based on its classification.

8. Regulatory and Legal

This competency focuses not only on the organization’s ability to respond to regulatory audits, eDiscovery, mandatory reporting, and releases to patients upon requests, but also on compliance with information-related requirements of any and all regulatory and other bodies of authority.

9. Awareness and Adherence

This competency aims to ensure that the information governance program principles, processes, practices and procedures are learned and understood by the workforce, consistent with respective roles. Guidance is provided on compliant behaviors with respect to information creation, use, handling, access, sharing, storage, retention and disposition. Beyond awareness, this competency includes adherence to or compliance with required policies and practices. Formal documentation, training and strategy are utilized to shift workforce behaviors.

10. Information Governance Performance

This competency enables development of a methodology for measuring the performance and impact of an information governance program. Information governance performance assessment and management is essential to ensuring its effectiveness, ongoing improvement and alignment with the organization’s strategy. Performance management includes addressing capability for mandatory business, regulatory reporting, reliability of information and measures for each of the areas of information organization competence.

What is Information Governance (IG)?

Growing numbers of organizations across industries are recognizing the need to value and control their information. In health care information must be valued, controlled and trusted. This requires governance. Governance requires the adoption and ingraining of a framework, principles, rules and managed processes. This is information governance.

AHIMA defines IG as “an organizationwide framework for managing information throughout its life cycle and for supporting the organization’s strategy, operations, regulatory, legal, risk and environmental requirements.”

  • Establishes policy
  • Protects information with appropriate controls
  • Determines accountabilities for managing information
  • Prioritizes investments
  • Promotes objectivity through robust, repeatable processes

IG for Health Care Includes:

  • All departments, areas of the organization
  • All types of organizatoins
  • All types of information (clinical, financial, and operational)
  • Information on all types of media

Why is IG necessary? IG contribues to:

  • Safety and quality of care
  • Population health
  • Operational efficiency + effectiveness
  • Cost reduction

Adopting an IG program shows an organization’s commitment to managing its information as a valued strategic asset.

Case Study Truman Medical Centers Kansas City, Mo.

Truman Medical Centers, a safety net facility in Kansas City, Mo., has a sophisticated information governance program because, as Seth Katz, the assistant administrator of information management and program execution puts it, “It’s the right thing to do.” As such, Truman has focused on improving efficiency, accuracy, transparency and reliability of data for the organization’s internal processes.

Truman’s information governance committee, called the Analytics Coordination Team, concerns itself primarily with all aspects of data governance in the organization. One subcommittee of the ACT, the Data Quality Standards Committee, has worked on streamlining the data request process. Thanks to this committee’s work, anyone who requests data or a report can expect to receive it in four hours or less.

Currently, one of the ACT’s focuses is on creating data flow diagrams that provide visual representations of data flow and touch points for all major systems. Though a time-consuming task, the end result will help safeguard the security of data flowing through various systems.

Simple workflow and process changes can really add up and impact an organization’s bottom line. Deborah Green, AHIMA’s executive vice president and chief innovation and global services officer, sums it up this way: “As organizations move up the information governance maturity curve, they increase their ability to trust and leverage their data and information, minimize risk and make critical decisions confidently. We like to call this, in information governance terms, return on information.”

Content provided by the American Health Information Management Association (AHIMA) 2016.