Governance is about assigning rights, responsibilities, and accountability; it's about ensuring that critical processes and practices are being reasonably carried out.
Reasonable information governance would raise issues such as the following:
- Do we have a board endorsed policy, strategy and implementation plan regarding information life cycle?
- How are we assessing the organization's capabilities regarding information security and what is the plan advancing these capabilities?
- Are our privacy practices sufficient to avoid breaches and if a breach occurs, what is our plan for managing it?
- Do contracts and partner agreements include compliance with our information governance principles?
- Does the organization ensure that patients are informed about their information rights, how their information is being protected and how it is being used?
- Have we identified critical risks and costs in information capture, processing, storage and use and do we have plans for mitigating risks associated with data error, redundancy or timeliness?
- How are we ensuring that the information asset produced by investments in IT are benefiting clinical and administrative processes and producing desired results?
Information governance also would assess the adequacy of the enterprise information management leadership and organizational structures, policies, procedures, technology and controls to reasonably deal with the issues underlying these and other complex questions. Governance is not about doing; it is about assuring, assessing and enabling.
While it is imperative that boards and senior leaders begin formalizing their approach to information governance, constrained and competing resources suggest an incremental, organizational learning approach that begins with two strategic actions that will signal intent and guide staff effort: articulate a vision for information governance, and lay out a set of guiding principles.
As with all complex change, it is helpful to start with a vision of the value of information and the type of stewardship that reflects the organization's values. Concepts to be considered might include the value of information for patient care, performance improvement, community and population health. It might reflect the leadership's values regarding obligations of ethical stewardship of personal health information and patient rights and protections. It might capture the enterprise scope of information and essential role of staff, affiliates, and business associates. For some organization's, the vision might reflect a goal of being an industry leader in how information is used to improve health care.
A discussion of these and other 21st century information asset and governance-related concepts could be a productive generative thinking agenda item at an upcoming board and senior management meeting.
Principles for Information Governance
A second framing action is drafting a set of guiding principles encompassing the three key concepts of information asset management, enterprise information management and information governance (for examples, see my previous story here). Useful samples to serve as starting points for this work include ARMA International's Generally Accepted Recordkeeping Principles (GARP).
GARP defines and describes eight key principles relating to records and information management practices: Accountability, Integrity, Protection, Compliance, Availability, Retention, Disposition, and Transparency. GARP also includes a maturity model to help organizations assess the stage of their development.
In addition, the National Committee on Vital and Health Statistics outlines principles relating to stewardship and secondary use of information; the United Kingdom's National Health Service offers information governance resources including principles relating to privacy and information sharing. Six principles address access and use of personally-identifiable information; resources from the NCVHS and the NHS from the complement GARP's focus on records and information management. The Joint Commission accreditation standards can also serve as a guide this framing effort.
At this stage, information governance efforts should balance the need to formalize accountabilities while fostering innovation. There is so much about best policies and practices that we don't yet know. Even if the resources were available, it would be counterproductive to create policies dictating every circumstance. Starting with a vision and guiding principles, the ends to be achieved, will enhance the discovery of new ways to carry out enterprise health information management and leverage technology investments.
But formalizing the assignment of responsibilities for policies and procedures should begin for high priority and high-risk areas. Organizations are adapting the scope of responsibility of standing committees or creating new ones. A way of visualizing the scope of responsibilities to be clearly assigned is shown below.
Research conducted by The Economist found that corporations around the world attributed three types of benefits to their information governance efforts: performance improvement, risk mitigation and cost control. Businesses with formalized information governance report improved decision-making and business results due to improved access to information and improved information sharing throughout the organization.
Improvements in service and quality were traced to more accurate and reliable data. Business risk management improvements were reported and improved information security reduced situations that could harm the organization's reputation. Finally, the research reported improved cost control of IT and IT-related services because of tighter and more strategic planning about acquisition.
Electronic health records and other clinical, administrative, and communications technology have irrevocably changed the way health care organizations will manage information. The last decade has been characterized by a focus on technology and while that will continue, the need for greater focus on the information content is certainly demonstrated by the data challenges of demonstrating meaningful use, merging data for integrated insights into opportunities to improve management of high risk populations, and exchanging information within and between systems and organizations.
Enterprise information management and information governance are essential strategies that will require resources and thoughtful planning. There are important benefits to be realized and substantial downside risks for not focusing on information and content.
This story originally appeared at Health Data Management.