Driving Efficiency, Data Security and Patient Care Benefits: Why Information Governance is Important in Healthcare

By Stoltenberg Consulting

Information governance (IG) is not a new concept to the financial world, but IG initiatives are still experiencing slow adoption across the healthcare industry. In an American Health Information Management Association (AHIMA) survey of more than 1,200 participants, 32 percent of healthcare organizations had not yet made progress with IG, while 24 percent deemed IG as not a priority.

While it may fall behind on the list of priorities, healthcare leaders should realize IG is crucial to ensure accurate data capture, reliable data analysis and data security, while enabling higher quality care and a more satisfying patient experience. Effectively managing and securing data flow beyond clinical information can help organizations better adapt to emerging payment models, government regulation, documentation requirements and changing patient expectations.

Instilling IG at a healthcare organization, however, is complex and multi-faceted. Whether a large academic hospital or a private physician practice, IG must align with the business strategy to maximize value and mitigate risks from information across its lifecycle. From clinical health information exchange or compliance audits to revenue cycle management, IG is a strategic enterprise-wide concern, not solely electronic health record (EHR) and health information management (HIM) focused.

The Importance of data and healthcare information governance

Despite similar titles, IG and data governance differ. Though related, the two concepts are not necessarily interchangeable. In fact, data governance is a complimenting facet of IG. IG is information lifecycle focused, while data governance centers more so around granular data, becoming a hot topic with big data trending over recent years. According to AHIMA, master data management, data models and enterprise data architecture are all data governance aspects. Mastering both concepts is essential to operating a secure, compliant and efficient healthcare organization and can help deliver the following benefits:

Data breach prevention
At least 41 hospitals were breached by ransomware attacks in the first quarter of 2020 alone. Due to such attacks, employee negligence and other culprits, 120 million people have been compromised in more than 1,100 breaches of protected health information (PHI) since 2009, according to the U.S. Department of Health and Human Services. These breaches often involve compromised information that was non-compliantly stored or accessed. IG policies and procedures can safeguard against such risky practices. For example, an IG program would identify which staff has access to PHI and other sensitive information, and it would outline data storage requirements for third-party vendors, who are also liable for PHI breaches.

Compliance adherence
A hospital's accumulation of highly sensitive PHI, combined with the many Health Insurance Portability and Accountability Act (HIPAA) requirements for protecting the confidentiality and availability of PHI, makes IG exceedingly pertinent. An effective IG policy can address many requirements, such as the framework for analyzing potential PHI risks and testing HIPAA security policy.

Ease of information access
IG also saves hours of wasted time searching for information throughout a healthcare system by implementing processes that make data access easier for providers, administrators or the patients themselves. With formal, well-documented IG in place, this secure and compliant ease of data sharing from one department to another enables more timely and effective decision-making because providers and administrators have ample information at their fingertips.

Data analytics
Data analytics capabilities also improve with IG in place, especially concerning population health management initiatives. IG enables an organization to derive actionable intelligence based on clean, accurate, quality data, which facilitates effective data governance as well. In fact, one study showed that an organization can improve the effectiveness and efficiency of decision-making by as much as 81 percent with IG. This type of result shows that devoting resources to developing an IG program truly delivers a strong ROI.

Aligning people with policy

To effectively align IG with business strategy, a healthcare organization needs an executive sponsor, typically the CIO, to spearhead setting the foundation. Under the executive sponsor, a multidisciplinary steering committee should form to achieve buy-in across the organization and reiterate organization-wide significance. This steering committee typically comprises of the c-suite and leaders from physicians, nursing, legal, finance, informatics, compliance and risk. If the healthcare organization is large, working groups may need to be assigned below the steering committee to have a more specific project focus and work out process design, evaluation and monitoring. An AHIMA survey found that 68 percent of facilities still had no cross-functional team established with a change management champion. An organization's information is a vital asset, and the healthcare industry must stop lagging in taking initial IG steps.

Initiating information governance strategy

To begin IG planning, it is helpful to first consider the healthcare organization's overarching goals. How can the enterprise's information help achieve those goals? With this as your foundation, the IG steering committee should outline the organization's IG strategy with a project plan, identifying areas of information inefficiencies or hurdles and business opportunities. Identifying problem areas helps create a starting point for solid, actionable information.

Depending on identified goals, additional focus could be the following:

• Current state analysis: Whether done internally or by a third-party advisor, conduct an assessment of current information management policies and procedures across the healthcare enterprise.
• Measurement momentum: Incorporate a policy and best practices for measurement. Metrics, scorecards and other reporting tactics will demonstrate IG's value as it is practiced, keeping stakeholders engaged.
• Be the teacher: Create opportunities for staff at all levels to learn about the organization-wide IG plan and how it impacts their departments and roles. Create easy-to-absorb learning opportunities, such as e-learning or sharing quick tips at the beginning of clinical rounds. Initiating the dialogue and having tools easily available, including plan implementation and protocol guides, can expedite enterprise-wide adoption of IG policies and procedures.
• Tackle the paper: Establish policies for storing and managing paper records, medical images and unstructured archives. Centralized, standardized process will likely improve compliance and make file locating more efficient.
• Start small: In many cases, organizations find it helpful to start with one area to implement IG rollout. From here, you can make refinements for more efficient application across the organization.
• Share success: Keep the momentum going by sharing success with stakeholders and overall staff. An effective method for inspiring further progress can be newsletters, report cards or video testimonials on your intranet.

If your healthcare organization has overlooked the significance of IG, beginning the practice is imperative in today's healthcare environment of regulatory compliance, payment reform and information security pressures. With a properly developed and implemented IG program, organizations can better protect sensitive information, improve financial and clinical decision making and most importantly, improve the patient experience and outcomes.