Welcome to the Collibra Blog, where CDOs, data stewards, and data citizens go to learn about true data governance.


Information Governance and Healthcare

Share: Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

There is an increased demand for data.

That statement seems obvious, but what is not obvious, yet implied, is the need for control and ownership of that data. Providers and HIM (Health Information Managers) are increasingly tasked with Information/Data Governance. Information governance is not just a project or a fad, it’s a fundamental change in how all aspects of management and control of the data. On both the administrative and clinical sides there is a need for data to drive better decisions. Often healthcare organizations have silos of information from disparate sources and multiple copies of similar data resulting from frequent acquisitions. There are plenty of data warehouses, but little accountability with regards to who actually owns, manages, and governs the data.  There is also the need to decide who should have access to that data. A single source of truth for data is required as well as an understanding of how the data flows across systems, reports and analytical models.

There is a subtle irony that occurs in the healthcare world; The more data that is collected, the more difficult it becomes to have the ability to trust and investigate the data.  There is an ever increasing need for data and reports, especially due to regulatory requirements  (HL 7, Two-Midnight, HIPAA, ICD-9 to ICD-10 conversions, etc.). The most crucial information often lies in spreadsheets (a HIPAA violation waiting to happen) or worse, in someone’s mind or notepad.  Often there often is one person who knows how to make sense of the various spreadsheets, reports and emails throughout the organization and if that person was ‘hit by a bus’, there is rarely a solid ‘plan B’. Knowledge sharing is desired, but most healthcare organizations do not have the tools to allow management the data by the business side.

Questions often arise about who owns a particular piece of data or who should have access, and often these decisions are not in the hands of SME’s (subject matter experts) nor the stakeholders of that data, but are in an IT or other functions.   The SME’s and Stakeholders should have access to their data as well as being able to ensure that if changes are made, they have the opportunity to weigh in.  Now, some of this can be in place, at least from the technical side of the organization, but ensuring that business folks have the visibility and the ability to approve the data is rarely enacted.

That is where Information Governance becomes a necessity. AHIMA (America Health Information Management Association) focuses on 8 core principles of information/data governance: Accountability, Transparency, Integrity, Protection, Compliance, Availability, Retention and Dispostion.

Let’s take a look at each of these and see how Data/Information Governance applies:


Integrity – You want to be able to trust the data.  That ‘single source of truth’ for the data is crucial to ensure all data consumers are aligned with each other. Having a data governance platform will help alleviate the questions that arise regarding availability and sincerity.


Accountability – There needs to be an oversight mechanism in place.  This usually means creating a Data Governance Council coupled with a Data Stewardship platform. Assigning responsibility for the data will ensure accountability.


Transparency – An open and available view of the data should be embraced.  This is not to say that you can’t have control over ownership (see Accountability above) and who can view the data, but it should be available for the appropriate role in the organization.


Protection – Policies that are put in place can help ensure that the data is protected and allow for a clear understanding of potential data nuances. An example might be, because of HIPAA concerns, that one state in the US might require a zip code to be masked on all correspondence while another state doesn’t have a restriction.  These protection policies, usually around PHI and its disposition, can be managed in a Data Stewardship platform.


Compliance – Regulatory pressures are always a challenge. An Information Governance program can ensure that the data is visible while showing clear ownership and management. Also, the traceability of the data is valuable because it provides a visualization of how various data assets relate to each other. This will make compliance adherence simple and transparent as well as translate to a cost savings.


Availability – Making sure that the information is available is paramount. There needs to be a way to allow the ‘readership’ to view critical data elements as well as over data information. This is also a powerful tool for the people who are currently struggling with juggling spreadsheets, emails and reports to ‘magically’ ensure compliance. This goes hand in hand with the aforementioned transparency as well as compliance.


Retention – Retention of the data as well as having an audit trail of changes is key.  This is usually related to compliance and can help ensure that when required, visibility to the data is easily obtained. A data stewardship platform should contain an audit trail for each item/asset. In addition, the aforementioned visualizations of the relations will readily show the visibility and ownership of the data. A picture is worth a thousand words…


Dispostion – Related to compliance, it is important to have policies in place, readily accessible, to ensure that data is disposed of as deemed by said policies. In addition, items/assets can be deprecated, so they are not part of normal flows and searches, but are retained (which retains their audit trail as well).


An information governance program, when formed in healthcare organization regardless of payer or provider, will provide tremendous value. Having a reliable source of data information will ensure integrity and overall trust are maintained. An Information/Data Governance effort will make compliance easier and more cost effective. It will also reduce the risk involved with ‘tribal’ knowledge.