Keep up with the latest on information governance as this key strategy emerges for addressing a myriad of information management challenges in healthcare. This blog will highlight the trends and opportunities IG presents for ensuring information is treated as an organizational asset.
My last post for the IGIQ blog, posted in February, began by asking: “Which came first, the chicken or the egg?” I asked the question in the context of whether an existing information governance (IG) framework could accommodate new sources of electronically stored information (ESI). Telemedicine was used as an example of such a source. The need to address IG in this context is readily apparent throughout healthcare as the industry deals with new and varied sources of ESI and the advent of “Big Data,” as discussed by Kristi Fahy, RHIA, in her post, “Things to Know When Implementing an IG Program.”
Whatever the new source might be, healthcare organizations must have tools available that can assist in the development of IG programs and managing the Big Data influx. I would like to focus on the fundamental IG principles of the information lifecycle and how organizations can use the principles to understand how to prepare for and respond to litigation-related needs. I would like to review the Information Governance Principles for Healthcare (IGPHCTM) that were adapted from ARMA’s IG Principles to explain how they apply from a legal perspective.
Each Principle is relevant to being prepared for and responding to litigation (or, for that matter, investigations by state or federal agencies). Litigation outcomes are dependent on the information itself. With this in mind, let’s look at the Principles and how these relate to litigation.
Principle of Accountability
“An accountable member of senior leadership, or a person of comparable authority, shall oversee the information governance program and delegate program responsibility for information management to appropriate individuals.”
Litigation can be compared to a three-ring circus. There are many moving parts which will hopefully come together at an end point for a successful outcome of the litigation. Some parts can start moving even before litigation commences with the filing of the first pleading. Having a senior person within the organization to oversee and synchronize everything—and to work with retained counsel—is critical.
Principle of Transparency
“An organization’s processes and activities relating to information governance shall be documented in an open and verifiable manner. Documentation shall be available to the organization’s workforce and other appropriate interested parties within any legal or regulatory limitations, and consistent with the organization’s business needs.”
Being “open and verifiable” is central to litigation. Think of litigation as a process that, with some variations, flows from one event to the next. This process consists of stages that are well-established and are repeatedly encountered. Some organizations will encounter litigation rarely. However, many organizations are likely “serial litigants” who are often parties or nonparties who must respond to legal process such as a subpoena. Development of a repeatable process avoids ad hoc responses to litigation needs and enables an organization to demonstrate that it acted reasonably—which can, for example, enable it to avoid the imposition of sanctions for the loss of ESI.
Principle of Integrity
“An information governance program shall be constructed so the information generated by, managed for, and provided to the organization has a reasonable and suitable guarantee of authenticity and reliability.”
Information is the focus of any litigation. Information that is relevant to a particular case of litigation must be located, preserved, and reviewed. It is likely to be produced to other parties and perhaps used for dispositive purposes. Authenticity and reliability are essential for relevant information to be usable and to defend against challenges to the information by other parties.
Principle of Protection
“An information governance program must ensure the appropriate levels of protection from breach, corruption and loss are provided for information that is private, confidential, secret, classified, essential to business continuity, or otherwise requires protection.”
Relevant information may be secret or confidential. Such information must be identified so that counsel may take appropriate steps to protect the information and either disclose it with some restrictions or withhold it from any disclosure. Failure to do so may have serious consequences for the organization which makes unrestricted disclosure. (Think HIPAA here for an obvious example of confidential information).
Principle of Compliance
“An information governance program shall be constructed to comply with applicable laws, regulations, standards, and organizational policies.”
Healthcare organizations are heavily regulated although, as the Principles recognize, “the precise manner and duties of compliance will vary among different types of organizations.” Moreover, regulation can derive from various sources and can be imposed externally (for example, by statute) or internally (for example, by an adopted policy). Whatever the source of regulation might be, a failure to comply might have adverse consequences in a particular litigation.
Principle of Availability
“An organization shall maintain information in a manner that ensures timely, accurate, and efficient retrieval.”
Litigation consists of time limits. There are specified dates for things to happen and for responses to be made. Again, a failure to comply with a time limit may have adverse consequences. Thus, timely and accurate retrieval is important.
Principle of Retention
“An organization shall maintain its information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, risk, and historical requirements.”
To me, this Principle focuses on the avoidance of sanctions should relevant ESI (or other information) be lost and not available for disclosure in litigation. As I mentioned in my earlier post, a duty to preserve is imposed when litigation is known or is reasonably anticipated. Thus, retention of relevant information is vital to avoid sanctions for its loss, just as retention is essential to comply with other obligations imposed by law, contract, etc.
Principle of Disposition
“Organization shall provide secure and appropriate disposition for information no longer required to be maintained by applicable laws and the organization’s policies.”
Last but not least comes disposition. Information that is no longer required or needed can become a burden on any organization. Among other things, it can become unreadable and unsupportable. More to the point of litigation, such information—which should have been disposed of—can become subject to a duty to preserve. If so, that information should be located and preserved and perhaps even become subject to disclosure. And all of that might be difficult when the information is unreadable or unsupportable.
Planning Ahead with the IG Principles
IG frameworks offer opportunities for healthcare organizations to anticipate and plan for the adoption of new technologies. Those frameworks also allow organizations to develop and maintain processes to anticipate and plan for litigation. Organizations might wish to consider the Principles and, more specifically, work through the structured approach offered by AHIMA’s Information Governance Adoption Model (IGAMTM), to develop responses to litigation-related needs.
**Editor’s Note: The views expressed in this column are those of the author alone and should not be interpreted otherwise or as legal advice.