By Stoltenberg Consulting
Information governance (IG) is not a new concept to the financial world, but IG initiatives are still experiencing slow adoption across the healthcare industry. In an American Health Information Management Association (AHIMA) survey of more than 1,200 participants, 32 percent of healthcare organizations had not yet made progress with IG, while 24 percent deemed IG as not a priority.
While it may fall behind on the list of priorities, healthcare leaders should realize IG is crucial to ensure accurate data capture, reliable data analysis and data security, while enabling higher quality care and a more satisfying patient experience. Effectively managing and securing data flow beyond clinical information can help organizations better adapt to emerging payment models, government regulation, documentation requirements and changing patient expectations.
Instilling IG at a healthcare organization, however, is complex and multi-faceted. Whether a large academic hospital or a private physician practice, IG must align with the business strategy to maximize value and mitigate risks from information across its lifecycle. From clinical health information exchange or compliance audits to revenue cycle management, IG is a strategic enterprise-wide concern, not solely electronic health record (EHR) and health information management (HIM) focused.
Benefits of data and healthcare information governance
Despite similar titles, IG and data governance differ. Though related, the two concepts are not necessarily interchangeable. In fact, data governance is a complimenting facet of IG. IG is information lifecycle focused, while data governance centers more so around granular data, becoming a hot topic with big data trending over recent years. According to AHIMA, master data management, data models and enterprise data architecture are all data governance aspects. Mastering both concepts is essential to operating a secure, compliant and efficient healthcare organization and can help deliver the following benefits:
Data breach prevention
At least 41 hospitals were breached by ransomware attacks in the first quarter of 2020 alone. Due to such attacks, employee negligence and other culprits, 120 million people have been compromised in more than 1,100 breaches of protected health information (PHI) since 2009, according to the U.S. Department of Health and Human Services. These breaches often involve compromised information that was non-compliantly stored or accessed. IG policies and procedures can safeguard against such risky practices. For example, an IG program would identify which staff has access to PHI and other sensitive information, and it would outline data storage requirements for third-party vendors, who are also liable for PHI breaches.
Compliance adherence
A hospital's accumulation of highly sensitive PHI, combined with the many Health Insurance Portability and Accountability Act (HIPAA) requirements for protecting the confidentiality and availability of PHI, makes IG exceedingly pertinent. An effective IG policy can address many requirements, such as the framework for analyzing potential PHI risks and testing HIPAA security policy.
Ease of information access
IG also saves hours of wasted time searching for information throughout a healthcare system by implementing processes that make data access easier for providers, administrators or the patients themselves. With formal, well-documented IG in place, this secure and compliant ease of data sharing from one department to another enables more timely and effective decision-making because providers and administrators have ample information at their fingertips.
Data analytics
Data analytics capabilities also improve with IG in place, especially concerning population health management initiatives. IG enables an organization to derive actionable intelligence based on clean, accurate, quality data, which facilitates effective data governance as well. In fact, one study showed that an organization can improve the effectiveness and efficiency of decision-making by as much as 81 percent with IG. This type of result shows that devoting resources to developing an IG program truly delivers a strong ROI.
Aligning people with policy
To effectively align IG with business strategy, a healthcare organization needs an executive sponsor, typically the CIO, to spearhead setting the foundation. Under the executive sponsor, a multidisciplinary steering committee should form to achieve buy-in across the organization and reiterate organization-wide significance. This steering committee typically comprises of the c-suite and leaders from physicians, nursing, legal, finance, informatics, compliance and risk. If the healthcare organization is large, working groups may need to be assigned below the steering committee to have a more specific project focus and work out process design, evaluation and monitoring. An AHIMA survey found that 68 percent of facilities still had no cross-functional team established with a change management champion. An organization's information is a vital asset, and the healthcare industry must stop lagging in taking initial IG steps.
Initiating information governance strategy
To begin IG planning, it is helpful to first consider the healthcare organization's overarching goals. How can the enterprise's information help achieve those goals? With this as your foundation, the IG steering committee should outline the organization's IG strategy with a project plan, identifying areas of information inefficiencies or hurdles and business opportunities. Identifying problem areas helps create a starting point for solid, actionable information.
Depending on identified goals, additional focus could be the following:
If your healthcare organization has overlooked the significance of IG, beginning the practice is imperative in today's healthcare environment of regulatory compliance, payment reform and information security pressures. With a properly developed and implemented IG program, organizations can better protect sensitive information, improve financial and clinical decision making and most importantly, improve the patient experience and outcomes.
Take the next step. Access this quick overview to see five components of building meaningful clinical optimization processes within a hospital to boost patient outcomes and curb physician EHR fatigue.