Written by Rita Bowen MA, RHIA, CHPS, SSGB, Sr Vice President of HIM and Privacy Officer of HealthPort
The What
If you look up governance in the dictionary, it states that governance is the act of governing. Not very revealing, is it? In fact, it is very revealing. Governance relates to defining expectations, granting power and verifying compliance and performance. Governance occurs at the political level, corporate level, social level or at any number of different kinds of government. Governance relates to consistent management, cohesive policies, guidance, process and decision rights for a given area of responsibility.
Within healthcare, governance occurs at many levels and in differing forums. However, one of the most often overlooked areas is that of data governance, particularly with EHRs. We become so focused on the technology, the application and the users, that we ignore the actual asset: data.
Data governance is the structure, policies and procedures that allow for making strategic and effective decisions regarding the organization’s information assets. It includes:
- Defining roles and responsibilities for data
- Establishing data quality policies
- Creating metadata management policies
- Arbitrating shared data questions
- Releasing information to requestors
The Who
The role of data governance typically falls to the system administrator of each information technology (IT) system. While IT should be intimately involved in data governance, they should not be the sole “governor” of data. Often, they get stuck with the job.
True data governance is much too broad to be encapsulated in one department. It is a system of decision rights and accountability for information related processes. The system is executed according to agreed upon models which describe who can take what actions with what information and when under what circumstances, using what methods.
The Why
This question is easy—patient safety. But in today’s world of “accountability”, data governance addresses another important demand, compliance. Healthcare is an extremely data rich environment which requires control and structure. If the original producer of the information is the only consumer of that data, then data governance is not really needed as we assume that the individual knows what he/she meant. Unfortunately, there is rarely a single consumer of data.
Data is used by multiple clinicians, operations staff, external bodies, case managers, researchers and more. Everyone needs to understand the data presented and have a high degree of confidence in its validity. Lastly, healthcare data comes from many different sources and departments. These multiple input avenues require a “traffic cop” to assure that a singular output is controlled and compliant, well-defined and understood by all.
The How
If you answer, “No or I Don’t Know”, to the following questions, your organization needs an enterprise-wide data governance program for your EHR.
- Do you know where the EHR data is?
- Who controls the EHR data?
- Who will use the EHR data and how will they use it?
- Do you have to improve EHR data quality?
- Are you ready for meaningful use/data sharing?
- Can you streamline your release of information process through your EHR?
The nature of electronic health information has exponentially increased the ability to transmit and share, which has exploded the uses of that data. The surge in information demand mandates governance.
Getting Started
Knowing where you are makes it easier to get to where you want to go. First steps include:
- Identify data flow
- Delineate and understand the rights and responsibilities of each stakeholder
- Engage stakeholders and system administrators
- Develop policies
- Obtain buy-in from information organizational management and compliance
In other words, governance is an active process requiring ongoing effort. Like all active processes, its success is driven by education and training. Also like other active processes, it requires executive sponsorship to assure compliance and mediate disagreements.
A data governance council includes data stewards supported by the executive sponsors. The council is responsible for maintaining data quality and integrity. They must establish and maintain a data dictionary which is the cornerstone of data governance. Of course, the steering committee must have a physician steering component to drive the clinical content. Physicians should drive all clinical decisions and influence physician use and compliance.
Assigning Data Stewards
The data steward must be a business leader and subject matter expert. They must manage data assets on the behalf of others. They must balance business acumen with technology and with communities of interest. The people that perform this role are typically “found” and not “made”. They must be a team player with excellent people skills.
Data stewards are the most critical role in data governance. They define procedures, data meanings and implement policies for data in their areas. It requires a very strong knowledge of their business area. HIM professionals are often good candidates for these positions and must, at a minimum, be involved.
The data steward must have technical skills or a technical data steward partner who carries the day to day responsibility for the maintenance and operation of the data base and system environment. This is the place where IT is key and should help lead this part of the governance effort.
Thirdly, is the “Community of Interest” aspect of data stewardship. This facet covers the responsibility for data that spans the organizational boundaries. It involves collaboration with other units to arrive at consistency of definitions and values. Disputes at this level are elevated to the executive sponsors for mediation.
The When
Data governance is a needed practice that seems to receive less attention than it should. But with effort and ongoing maintenance of the process, an effective data governance program can be established. Success requires communication to all associates, business partners, governance program participants and EHR users. While the effort is not easy, it does provide results, including:
- Architecture and infrastructure – organizational design and development
- Improved ability for auditing and reporting
- Improved data quality
- Life cycle management for data
- Defined metadata/business glossaries
- Policies for risk management
- Compliance –both privacy and security
- Stewardship and value creation for release of information