The Fluidity of Data Analytics: How to Implement a Data Strategy that Facilitates the Right Analytics by the Right Department at the Right Time

Healthcare organizations have access to vast amounts of data—originating in both clinical and business activities—that is used to make more decisions than an organization may even recognize, from patient care interventions to population health recommendations to employee salaries.

Information technology, business, health information, and clinical professionals grapple with the unprecedented challenge of deciding what data to collect, how to collect it, how to store it, how to access it, and how to combine it to make clinical and business decisions. Fortunately, unprecedented technology resources are available help them meet the challenge. But that technology requires the development and implementation of a data strategy—that is, a structured process that likely lies beyond the experience of such professionals in many healthcare environments.

To help professionals, including chief information officers, chief medical information officers, data managers, and data analytics or health information managers and directors, who need to implement or update a data strategy, this article discusses the critical elements of a data strategy as well as an organizational assessment tool that promotes readiness to fully implement the data strategy.

The Elements of a Data Strategy

The end goal of a data strategy is improved clinical and business decisions for the healthcare organization and greater ability to self-advocate for the patient population. To achieve these, the data has to be accurate, sufficient, and accessible, and the algorithms manipulating the data must be correct.

To ensure accuracy, data must have a verifiable chain of custody that provides assurance of any conclusions drawn from subsequent analysis of the data. Chain of custody involves all information on an electronic file’s travels, from its original creation version to its final production version; it is a detailed account of the location of each document or file, from the beginning of a project until the end.

In addition, the data must be sufficient for the requested query. Are the components of all the required query elements available?

Finally, the algorithms or decision tree used for data analytics must be properly documented to verify that the algorithm is determining what it is supposed to determine in the way it is supposed to do so.

Why and How to Assess Organizational Readiness

A common failure in the execution of a data strategy is implementation prior to an assessment of the organization’s readiness to sustain the strategy. Before embarking on a major information and data management effort, an “as is” assessment of the data architecture should be conducted. Part of that assessment is a detailed documentation of the current data management procedures and the business practices that use the data, including workflow diagrams of business processes showing what information is input to execute the process, how the process manipulates the information, and what the output data looks like. Alongside these workflow diagrams is explicit recognition of the current technology used to support the information capture, storage, flow, and transformation, as well as the organizational participants and policies. In addition, the assessment should include the full life cycle needs of a particular dataset, including when to stop retaining the data.

Using the Data Management Capability Assessment Model (DCAM)

The Enterprise Data Management (EDM) Council, a nonprofit dedicated to best practices, standards, and education in data—originally for the banking industry, but now cross-industry—designed the DCAM model to assess a financial firm’s capacity to initiate and maintain a data management program. Such a program helps ensure information is collected and provided in an organized, structured format to ensure the data is usable and actionable. The DCAM model comprises the following eight steps.

1. Defining the Business Case

The data management strategy is justified by the business case, which, in turn, is comprised of both the clinical and business benefits. In healthcare, the benefits of clinical intelligence may include the ability to:

• Assess population health, develop general health metrics, and advise on appropriate public health responses.
• Predict which populations are at greater risk for which illnesses, and understand specific disease processes.
• Develop healthcare plans for individual patients, identify individual care gaps, and create a strategy to close those gaps.
• Measure clinical outcomes.
• Evaluate provider performance.
• Measure and analyze variations in care.
• Individualize plans of care and treatment regimens.

The benefits of business intelligence may include the ability to:

• Identify and analyze financial gaps.
• Allocate reimbursements.
• Avoid referral leakages out of network.
• Stratify risk.
• Manage charity care.
• Ensure patients meet their financial responsibilities.
• Determine staffing and operational needs.

The costs of development and implementation of a data management program must be balanced against these benefits, with the resulting return on investment evaluated.

2. Organizing to Develop the Data Management Program

As with any large-scale information technology project, particularly one that intersects so many of an organization’s business processes, there must be a specific data management team that is deeply embedded in the current organizational structure, formally assigned ownership, and capable of enforcing compliance—such as an office of data management with executive level ownership.

3. Defining the Business and Data Architecture

The business architecture is concerned with how the business’ goals are met and defining the processes critical to meeting them. The data architecture is concerned with how the data is categorized, defined, used, and distributed. Included in the data architecture is documentation of data domains, metadata, and identification of critical data elements, taxonomies, and ontologies. The goal is to define the data to the appropriate groups. Data that is defined differently across offices, for example, can create confusion and unnecessary complexity.

4. Determining the Current and Future States of the Technology Architecture

This component identifies the various tools and platforms needed to manipulate data efficiently and reviews the processing speed and scalability of the data. The technology implemented must facilitate the governance of the data and account for any operational risks. (More on this later in the article.

5. Finding Opportunities for Improvement with Data Quality Management

Critical assessment questions include a review of the policies, procedures, and due diligence to ensure the data reflects reality as accurately as possible. Are the data quality metrics captured at various points effective in resolving issues quickly? And how is the assessment of existing quality required and utilized to define future protocols?

6. Establishing Data Governance Protocols

These questions include: Does the organization have effective data governance with clear rules and oversight to enforce best practices and permit the secure and effective transfer of data? Does the organization have governance of ethical use of data and ethical outcomes of that use? Does the culture allow for data governance to perpetually enhance data mining capabilities?

7. Establishing a Data Control Environment

The DCAM model elements require auditable, transparent, and well-documented data. The internal control of the data requires adapting the perspective of the auditor for data integrity reviews. The integrity of the data will also help providers with third-party reviews, including the efficacy and sufficiency of responding to reviews such as recovery audit contractor (RAC) audits.

8. Analyzing the Data

The value-add of advanced analytics is intelligent, purposeful, patient-centric data. The effectiveness of the data strategy will ensure optimal analytics management activities driven by business priorities. Analytics management will ensure analytics practitioners are aware of and aligned with data management activities, especially data architecture and data quality. The DCAM assessment model serves as the foundation for the fluidity of data analytics—the right analytics by the people in the right department at the right time—in the organization.

Benefits Related to Patient Advocacy

In addition to the clinical and business benefits detailed in Step 1 above, data that is readily available and in the right format helps to promote a culture of data-driven patient self-advocacy. Informed patients can contribute toward important healthcare decisions. Further, informed consent supports selection of the right healthcare resource at the right time, and even at the right price. The inverse is also true: In an environment oversaturated with health information, the data-driven patient may increase their ability to self-advocate and avoid adverse health events or medical errors. There is an opportunity for patients and providers to optimize data driven insights promoting efficacy of care.

A Deeper Dive Into Your Assessment

Healthcare Data Architectures Risks

What are the potential risks and vulnerabilities present in contemporary healthcare data architectures? Risks may be identified by looking at common prerequisites of healthcare data. For example, in reviewing the organization’s data and information, is it:

• Readily available to relevant end users within the organization?
• Secured and protected from unauthorized access, use, and sources?
• Effectively captured, stored, mined, and analyzed to maximize utility?
• Utilized to conduct vulnerability analysis and measure risk on both clinical and business side of operations?
• Fluid and responsive to emerging market trends?
• Patient-centric?
• Properly aligning with the objectives and requirements of Health Information Exchange (HIE) and Accountable Care Organizations (ACO)?

Deficiencies in any of the above should be addressed in updates to the organization’s overall data strategy. Another data architecture risk factor to review is the current state of the organization’s data-sharing and what aspects of the organization’s data warehouse are fragmented. Data-sharing stresses data interoperability. It permits patients to readily move healthcare information to other providers or facilities. On the other hand, data fragmentation is non-uniform data that impedes efficiency and actionable insights. Non-fragmented data limits proper analytics by the right departments. Data fragmentation stresses data uniformity.

Data Warehouse Responsiveness to Acute Needs

The COVID-19 pandemic offers stark lessons on the value of efficient data streams. An example might be the ability to incorporate crisis planning per the Centers for Medicare and Medicaid Services (CMS) rules. Does the organization’s data strategy include flexibility to amend and add when there is an acute need for data and information? Agility is key in the management of a crisis: the ability to execute and update risk assessments; the ability to provide ongoing support for updating policies and procedures based on new evidence; the ability to respond and coordinate with state and local health departments; and the ability to incorporate training and testing programs.

Managing the Ethically Challenged

Data and information is also valuable to the ethically challenged, and the risk of data theft should be part of any organizational risk assessment. First, assess insider threats versus third-party threats. Theft of information and/or an attack of your data architecture could come from both directions.

What does that look like? Threats by intentional insiders can be illustrated by a 2018 report by Verizon which found that healthcare and social assistance organizations were the most affected by privileged actors. Threats by third-party vendors can range from those who have physical access to the facility to those with electronic access.

Lately, an increasing number of providers are finding their patients’ healthcare records being held for ransom. In a provider environment, preparing for breaches is a HIPAA requirement, per 45 C.F.R. 164.308(a)(6). Procedures that address ransomware threats can be an important part of any data management strategy, including prevention measures, data backups, system redundancies, and contingency planning. A niche illicit specialty involves the use and misuse of identities. Any risk management program should involve prevention and mitigation for each type of behavior. The categories include:

• Individual Identity Theft – theft and use of personally identifiable information (PII). Internal audit question: Where does your organization house PII data?
• Medical Identity Theft – theft and use of individually identifiable health information (IPHI). Internal audit question: Who has access to patient health information?
• Professional Identity Theft – theft and use of individuals’ professional license. Internal audit question: What controls are in place to protect the collected licensure information of staff or consulting resources without the organization?
• Corporate/Business Identity Theft – theft and use of company identity. Internal audit question: What controls are in place to protect the misrepresentation of the organization internally and externally?
• E-Identity Theft – theft and use of electronic identity. Internal audit question: What controls are in place to authenticate electronic identities of staff, patients, and third-party resources?
• Digital Identity Theft – theft and use of digital identity. Internal audit question: What controls are in place to prevent the theft and use of digital identities?
• Synthetic Identity Theft – hybrid identity based on actual and false information. Internal audit question: What mitigation strategies are in place to sanitize corrupted data?

Pulling It All Together

Healthcare has a tremendous opportunity to leverage technology to enhance clinical and business decisions through very fluid data analytics. Capturing this opportunity requires: first, creating a data strategy with defined business and clinical intelligence metrics; and second, assessing the organization’s data readiness environment with tools such as the DCAM model. This should be followed by a risk and vulnerabilities assessment with mitigation tools in the event of a data misadventure for internal and external breaches.

Sustainability of fluidity of data analytics begins with understanding the organization’s data architecture. It is important to assess gaps (See Figure 1-B) in your own organization’s data strategy that can be addressed through careful assessments informed by the framework of the DCAM (Figure 1-C). Additional tools include the use of data and information strategy assessment tools, including gap analysis, denial management and revenue integrity management, and the reduction of healthcare fraud contribute heavily to increased profitability. An illustrative data strategy checklist is shown in Figure 1-A.

Finally, the conclusion of an assessment should include a root-cause analysis with a remediation strategy. Specifically, remediation of data-quality issues requires determining the root causes, segmented as processes, workflow, and/or people activities, and identifying steps to avoid reoccurrence of problems in the future. Evaluation of data quality issues should delineate if they are fragmented or systemic. Include strong reporting structures to ensure upstream systems are aware of repetitive and/or continuing problems.

Figure 1-A: Data Strategy Checklist

Figure 1-B: Gap Analysis Checklist Framework

1. Establish a defined expectation or topic for consideration.
2. Define the process to document and articulate the current state relative to a defined expectation.
3. Define and articulate the future state; typically follows the completion of a needs assessment.
4. Conduct a current and future state analysis and compare the two.
5. Define and articulate the variances from the current and future states.
6. Review original expectations and establish the need for any modifications to achieve the defined future state.
7. Develop an implementation plan on how to achieve the future state with or without modifications of the defined expectation.
8. Define the appropriate metrics to measure, test, and validate findings and provide assurance that the plan can mitigate the identified gaps have succeeded and then test the implementation of remedies.

Figure 1-C: DCAM Assessment Tool

Rebecca Mendoza Saltiel Busch is a healthcare consultant and Andrew Busch is a medical auditor at MBA Inc.