Information Governance: Healthcare and Beyond
By Barclay T. Blair
Having an effective information governance (IG) program is critical in the healthcare industry. Not only does the regulatory environment and sensitivity of the information involved pose unique challenges, the information’s importance to the health and lives of patients makes handling it well of the utmost importance.
The recent benchmarking white paper by Cohasset Associates and AHIMA argues that IG programs are both less prevalent and less mature in healthcare organizations than they should be given the nature of the information being handled. While the white paper supports these conclusions, it also shows that healthcare is well positioned, relative to some other industries, to take advantage of IG and improve the process of handling its information. For example, the white paper shows that many aspects of handling information in healthcare are already considered efficient or effective, that there are strong drivers for IG in healthcare, and that leaders across key facets of IG are already involved. What appears to be missing is coordination between the disconnected elements—a role which the Information Governance Initiative’s (IGI) Annual Report 2014 shows can be filled by IG.
All Signs Point to IG Readiness
The IGI’s research shows that IG is just beginning to coalesce as a distinct discipline, and this holds true for healthcare. The white paper considered various IG “components” across several clusters (policy and practice, measures and metrics, and guidance) and found that, with the exception of privacy policies and practices, less than half of respondents considered any of these components “mature” within their organizations. Only 17 percent and 11 percent of respondents considered “information governance policies and practices” and the “cross functional information governance structure” as mature at their organizations, respectively. This isn’t surprising given the relative immaturity of IG as a distinct discipline.
Maturity levels aside, the healthcare industry is no newcomer to developing systems to better handle information. While respondents may not have ranked certain IG “components” as mature, they identified key aspects of handling information as “efficient” and “effective.” For example, according to the white paper, almost 90 percent of respondents (strongly and mostly agreed combined) thought that most steps in the lifecycle management of paper records were “efficient and effective” at their organizations (responses were 80 percent and above for most steps in the lifecycle of electronically stored information). Deletion of records was a notable exception for both. Healthcare, like other industries, isn’t as good a getting rid of junk.
Not surprisingly, 97 percent of respondents agreed that there were effective systems in place to protect personal health information. While not every aspect of handling information received such high rankings, all had greater than 50 percent agreement (and many much higher) from respondents that they were efficient or effective. This shows that key elements are already in place but must be tied together to optimize the handling of information in healthcare.
‘Selling’ Organizations on IG
In addition, healthcare already has strong drivers that would encourage the adoption of IG as a coordinating function. IGI’s research and conversations with IG practitioners show that “selling” the value of IG to an organization’s stakeholders, including quantifying the financial benefit, is a key challenge in getting IG off the ground at many organizations. This may not be as much the case in healthcare. According to the white paper, various factors including regulatory compliance, improving patient safety/care, and managing/containing costs are important to driving the improvement of IG, with over 90 percent of respondents agreeing that these drivers were “relevant and essential.”
Senior level personnel are also already involved in IG in healthcare. The white paper grouped various roles into the following categories: information stewards; compliance and risk operations; and leadership and administration, and asked the extent to which these were “actively engaged” in IG. These roles included IT, information security, privacy, compliance, legal, finance, executive leadership, to name a few. Almost three quarters (and above) of respondents agreed that all the identified roles were actively engaged in IG at their organizations. Various elements of handling information are in place, the concept of IG has been “sold” (almost two-thirds of respondents agreed that IG practices should be formalized), and key leaders are already involved. What appears to be missing is the next logical step—tying all the disconnected elements together. IGI’s research shows that IG can and should serve that coordinating function.
As part of IGI’s Annual Report, we provided a list of 19 activities (“facets”) that might be considered to fall under the rubric of IG, including both risk and value-focused activities. A majority of respondents agreed that each of these facets was part of IG. These results suggest the role IG should play within organizations—a coordinating function for all information-related activities, tying them together in one efficiently functioning whole—rather than merely a process or activity we use to handle an aspect or subset of our information.
IG in the C-Suite
An effective way to deploy IG in this coordinating function is through the creation of an IG steering committee.
The healthcare industry appears to have leaders from certain facets already involved—they just need to be brought together under IG. What is essential in forming an effective steering committee is to ensure that all key facets in an organization are represented. Developing an operational model for IG can help in this process by clarifying who does what and the nature of the relationships among those people. It can also be useful in identifying gaps that can lead to IG project and program failure. A common gap in many IG programs is the lack of a single person in charge. Often projects and programs fail because there is no one with the breadth of organizational knowledge and sufficient authority to join all of the parts of IG into an operational whole. For this reason, the IGI advocates the creation of a C-suite-level role, the chief information governance officer (CIGO). The CIGO would serve a coordinating function with delegated authority for specific information activities.
To improve and optimize the handling of information, organizations within the healthcare industry seem well positioned to take advantage of IG as a coordinating function to optimize the way in which they handle their information. If they have not already done so, they should form an IG steering committee to develop a comprehensive IG policy connecting and coordinating the elements they already have in place. An operational model should be used to clarify roles and relationships and to identify gaps on the committee. Finally, someone should be identified (IGI suggests a CIGO) who has the knowledge and authority to marshal all elements into one cohesive whole.
Click here to read the full IGI Annual Report 2014. Registration is required.