Regulatory and Health Industry
Self-Funding an Information Governance Program via Effective Information Retention
Obtaining appropriate funding is a common challenge that many health information (HI) professionals face when attempting to establish an information governance program. Often, information governance drivers include a catalyst event such as a significant data breach, large e-discovery expenditure, mergers, acquisition, or even privacy compliance initiatives. Absent one of these events, the question becomes “How can we justify spending more dollars simply to manage data in a better way?”
HI professionals will often challenge whether the idea of information governance is new. Although there are many different circumstances, we would agree it is not a new concept. However, the tools, platforms, business needs, and drivers have continued to evolve. Despite this evolution, very few organizations have altered the manner in which they manage information assets. This continued evolution has created an opportunity gap and provides a perfect storm for making the business case to move an information governance program forward. It’s often said that you should never let a good crisis go to waste.
Therefore, the answer to the question posed at the outset is quite simple: Expose the opportunity gap and capitalize on the savings that can be realized as the gap narrows. Data is needed for operations, and therefore must be actively managed to properly address areas such as shelving space for paper records, network drive space for digital data backups and electronic assets, cloud-based storage, applications, and the list goes on and on. Whether it’s a shelf of records or a storage bucket in the cloud, maintaining these operational assets requires operating dollars. By focusing attention on proper data retention and defensible disposition, organizations can begin turning their ROI flywheel, narrowing their opportunity gap, and generating positive savings. However, before organizations can begin defensibly disposing data, they must have a retention schedule that is actionable, authoritative, and compliant. Here are several questions to ponder.
Question 1: Is Your Schedule Actionable?
Retention schedules are often drafted from a legalistic and regulatory standpoint, but very little thought is typically given to the application of the retention schedule against the various types of content that are stored throughout physical and digital environments. Your first task to narrow your organization’s opportunity gap is to make your schedule actionable. This may mean that your retention schedule needs to be drastically simplified so that it can be integrated with new and advanced technologies surrounding records management. If the average user cracks open your schedule and it is too complex, they will not read and/or follow the schedule. Your retention schedule may also need a supporting taxonomy or crosswalk to map legal record types into content types so that data custodians and systems can actually apply the schedule to the content in a seamless manner, making it “actionable.”
Question 2: Is Your Schedule Authoritative?
Making your schedule authoritative doesn’t just mean having hundreds of pages of citations that no one will ever read. Based on our research, roughly 95 percent of organizations that read this article will have a retention schedule that they are not in compliance with. Many times, this noncompliance is because the schedule was never given the proper and necessary top-down support to be deemed as authoritative throughout the company and compliance with the schedule is “optional.” Ensuring that you have support from executive leadership, appropriate resource training, leadership accountability for their role as data owners and custodians, and operational reporting knowledge on things such as destruction and exceptions is vital to having a robust governance program.
Question 3: Is Your Schedule Compliant?
Obtaining a state of compliance is typically finite in nature or “As of this point in time, our program is in compliance with X.” In the same manner, while many organizations may reach a state of compliance with retention obligations, it, too, is finite. Each day new applications are introduced, new data volumes are introduced, and new regulations are released on both state and federal levels. Achieving a state of compliance requires organizations to build proper channels into their governance programs to stay abreast of these changes. It is important to track data types, applications, storage repositories, and cloud technologies, and to provide guidance and support to ensure that retention is properly addressed.
Question 4: Who Is Paying The Bill?
This all sounds great, but what does this have to do with determining who is going to pay for the program? The answer is everything. Management of operational data requires operating dollars. Each year, organizations are spending operating and capital dollars on both the purchase of new storage and ongoing maintenance of repositories for storing existing information. Therefore, it becomes relatively easy to determine what the operational savings of removing legacy data volumes from an environment might be. Try these simple steps to calculate your savings:
- Identify how much you are spending at a unit level. What do we pay per month to store a box, a GB of data, an email, a storage bucket, etc.?
- Identify indirect and ancillary fees. What application licenses are required to support data management that might be reduced and/or removed by applying proper retention?
- Identify direct operational fees. What does it cost to manage access to the data, backup the data, perform any codification or governance functions, etc.?
- Calculate the percentage reduction of data and/or records that can be realized by applying your retention schedule and add up the attributable costs.
You will find that the results of walking through the aforementioned steps to be both quantifiable and astounding. By applying proper retention to your organizational datasets, you will soon be able to point to reduction in annual expenditures and thereby give yourself the platform to request that those dollars be reinvested back into the program to generate more savings. You will also be reducing organizational risk of storing unnecessary information and improving your overall compliance posture by maintaining compliance with your retention schedule. Start narrowing your opportunity gap today. The success of your future records management program depends on it.
Joe Ponder (jponder@infocycle.com) is a founding member and senior partner of InfoCycle LLC, an information governance boutique consulting firm based in Nashville, Tennessee. For more information check out https://roi.infocycle.com