“[Information governance is] an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value” – The Sedona Conference Commentary on Information Governance
Governance is the practice of aligning an organization’s values and goals with its operations and structures. Like other crucial resources in healthcare, information is a high level asset that requires management and oversight to ensure it can be used effectively. Information governance, a rapidly growing concept in healthcare, allows an organization to create reliable structures and processes to manage, maintain and act upon information in a way that supports organizational goals and ensures compliance with applicable rules and responsibilities.
Most, if not all, healthcare organizations have at least a simple governance structure in place around privacy and security of health information, driven by the requirements of HIPAA. But information governance is a much deeper concept, addressing not only security but also the quality of information and how effectively it can be used and shared (when necessary). As the use of information in and across healthcare organizations grows, the quality, reliability and availability of that information will become almost as important as actual care routines. For long-term and post-acute care organizations, now is the ideal time to think hard about information governance structures.
AHIMA (The American Health Information Management Association) provides a wealth of resources on information governance (http://www.ahima.org/topics/infogovernance), including an excellent primer on the eight principles of information governance. These eight principles (depicted below) offer a framework to understand the full cycle of information use within an organization.
In a 2014 survey of healthcare organizations, AHIMA found a wide range of organizational approaches to information governance:
Tellingly, 34% of organizations either didn’t think there was any need for governance or didn’t know their organization’s position, while another 22% have not started any program. As this survey represented a wide range of healthcare providers, long-term and post-acute care providers can be expected to fall disproportionately in these underdeveloped camps.
An information governance program should begin at the Board level, typically in the form of a Board oversight committee. In smaller organizations, information governance may be adequately situated within the corporate compliance and risk management program. A cross-functional team should be comprised of Board representatives, the CIO, the IT Director, clinical and administrative leadership, and other relevant stakeholders. Once organized, the information governance committee can develop an organizational information governance strategy and structure to address several components:
- Key roles and responsibilities
- Who is responsible for program development and oversight?
- Who will manage training? Auditing? Communication?
- How will oversight and accountability survive turnover and succession?
- Information standards, definitions and expectations
- How will information be used and what requirements are necessary for these uses?
- What dimensions govern the acceptability of information?
- Policies and procedures that govern information management
- An audit and oversight program
- How will the organization ensure compliance and identify opportunities for improvement?
- Workforce training
- How will employees in all job functions and at all levels contribute to the overall governance program?
Given the central place of health information and its importance to operations, the principle of information integrity oftentimes occupies the majority of a governance program’s ongoing work. A large part of information integrity involves ensuring data quality through the dimensions of accuracy, completeness, validity, timeliness and accessibility.
- Accuracy: Is the information correct?
- Completeness: Are all required elements present?
- Validity: Does the information match the rules?
- Timeliness: Is the information present when needed?
- Accessibility: Is the information available?
To manage these dimensions, a governance committee should develop standards for each element, training to teach staff how to prepare and store information correctly, and audit mechanisms to verify data quality and identify problems.
As information needs become more complex, the role for information governance will only grow. Organizations should lay the foundation for a strong information governance program now or risk not having the infrastructure required to compete in the future healthcare marketplace. Begin by setting the governance structure, define roles and responsibilities, train all stakeholders, and sustain through oversight and continuous improvement.
For more information on setting up an information governance program, visit AHIMA’s website: www.ahima.org/topics/infogovernance
I will also be speaking about the important of information governance, along with EHR adoption and succession planning at the Long-Term Post Acute Care Heath IT Summit in Baltimore June 21st-23rd. This is a fantastic learning conference for all those involved in long-term and post-acute care operations. Learn more at: ltpachealthit.org/content/annual-ltpac-health-it-summit