With the transition to an electronic environment in healthcare, IT must assume an active role in formalizing enterprise-wide information governance, or IG. Ensuring an understanding of systems, privacy and security controls, and governance of the various areas of IT, is vital to program effectiveness. The evolving role of the CIO opens opportunities to help guide IG — the process of monitoring healthcare information throughout its lifecycle.
In this new era of governance, the ability to understand the relationship between trusted information and organizational performance is paramount. Governance promotes effective decision making, risk management, compliance, quality care and cost control.
HIPAA compliance and breach prevention are top priorities for IT. But technology alone is not sufficient to ensure security of information. Realizing the true value of technology requires information management and governance. The only way IT can be assured that controls are effective is through regulated standards and overarching IG guidelines.
The growing number of risks and threats reflects the inefficacy of traditional privacy and security solutions — and highlights the need for IG. Privacy and security must become integral parts of a greater enterprise-wide IG approach. To that end, the American Health Information Management Association's information governance principles advocate a collaborative, interdisciplinary maturity model.
Organizations that have proactively implemented IG practices are seeing the value of IG as a strategic asset. This calls for collaborative leadership, with opportunities for IT and HIM leaders to become agents for change — engaging all stakeholders to achieve proper capture, delivery and use of trusted information.
The mindset that IT is solely responsible for ensuring security of information is beginning to shift. Security is the responsibility of every person in every department. Shared ownership through enterprise-wide IG is the key to success.
Strategies to strengthen IG
Making IG a priority backed by executive leadership will guide enterprise-wide multidisciplinary collaboration and strategic planning. Here are five strategies for advancing IG:
- Assess existing policies, procedures and systems for managing data.
- Educate all stakeholders regarding privacy and security, risk management practices and data integrity.
- Ensure risk assessment management with procedures for achieving compliance related to IG.
- Engage a dedicated interdisciplinary team including IT, HIM, compliance, C-suite, legal, revenue cycle and risk management.
- Apply the AHIMA principles as a framework for forming or refining an IG program.
"Senior sponsorship of information governance is essential to building ethical practices across disciplines," says Scott Ruthe, vice president of network and security at HealthPort.“We must have strong partnership. Everyone must assume a high level of ownership to support the greater cause — responsibility to protect our patients."
Practical steps IT should take now
While collaboration among all disciplines is important, IT and HIM must work closely together to build a foundation for trust in information. CIOs can begin by engaging HIM directors to promote awareness and understanding of record integrity issues. A thorough review of the AHIMA principles will provide a basis for common ground and setting priorities. Here are threepractical steps for strengthening the essential elements of an effective IG program:
- Data mapping. Determine what data elements are being mapped. Go deeper into the interface map to see where various data elements are flowing from one system to another. Look at data definitions for consistency. For example, do you show weight at intake or discharge? What drives the code? The integrity of source data is critical — where it's going, how it's used and how it’s repurposed. Make sure the people who enter information on the front end know the importance of consistency. Data mapping goes beyond interfacing to include an understanding of the relevance of data flow.
- Clean master patient index. Ensure a high level of master patient index, or MPI, integrity. HIM directors are adept at managing MPI cleanup to correct errors and remove duplicate medical records. Complete, accurate and consistent data is required for proper record identification and interoperability. If additional assistance is needed, consider bringing in a record integrity specialist. Achieving MPI integrity is crucial to effective IG. MPI errors should also be shared with patient registration, patient safety and quality committees to assure they are not repeated.
- Policies, procedures and user education. Establish clear guidelines for copy-and-paste functionality and for including amendments in the medical record. Make sure users understand how to implement these processes.
In addition, look for opportunities to learn from organizations at the forefront of IG. At one southeastern teaching facility, improved data mapping resulted in significantly reduced registries and FTEs. With CIO support, the organization implemented the mapping process focused on registry abstract data. Here is a summary of the results:
- Of the nine registries identified, three had not been approved and were discontinued. Information for the remaining six registries was mapped.
- 30 percent of information in the six registries was already defined in the EHR and could be automated.
- 30 percent of additional data required review and definitions assigned, so data could then be automated from the EHR.
- Staff of 15 was reduced (three due to elimination of the registry) to five FTEs focused to registry abstraction.
This is just one example of how organizations are achieving operational efficiency, cost reduction and data integrity through technology combined with IG practices. In her new book, "Implementing Health Information Governance: Lessons from the Field", former AHIMA CEO Linda Kloss, MA, RHIA, FAHIMA, states: "While all vanguard organizations are well along in their implementation of health IT, their focus on rethinking information management and governance comes from a growing recognition that optimizing technology is just one part of the equation. Information management and governance policies and practices must at least keep pace with and influence technology configurations and future enhancements and acquisitions."
Information governance is more than a priority — it is mandatory. Trust in information and quality of care depend on it. The time to act is now.
Ms. Bowen is a distinguished professional with 20+ years of experience in the health information management industry. She serves as the Sr. Vice President of HIM and Privacy Officer of HealthPort where she is responsible for acting as an internal customer advocate. Most recently, Ms. Bowen served as the Enterprise Director of HIM Services for Erlanger Health System for 13 years, where she received commendation from the hospital county authority for outstanding leadership. Ms. Bowen is the recipient of Mentor FORE Triumph Award and Distinguished Member of AHIMA’s Quality Management Section. She has served as the AHIMA President and Board Chair in 2010, a member of AHIMA’s Board of Directors (2006-2011), the Council on Certification (2003-2005) and various task groups including CHP exam and AHIMA’s liaison to HIMSS for the CHS exam construction (2002).
Ms. Bowen is an established speaker on diverse HIM topics and an active author on privacy and legal health records. She served on the CCHIT security and reliability workgroup and as Chair of Regional Committees East-Tennessee HIMSS and co-chair of Tennessee’s e-HIM group. She is an adjunct faculty member of the Chattanooga State HIM program and UT Memphis HIM Master’s program. She also serves on the advisory board for Care Communications based in Chicago, Illinois.
Paul Gue currently serves as Chief Information Officer for HealthPort where he is responsible for the information technology teams and implementation of the strategic goals and vision of HealthPort. Mr. Gue has over 20 years of information technology experience in the mortgage, financial, and healthcare industries. Before joining HealthPort Technologies, Mr. Gue served as Vice President, Information Technology for PRG-Schultz, a financial and healthcare auditing company. Mr. Gue has also held information technology leadership positions for companies serving the mortgage and financial sectors. Mr Gue also serves on various advisory boards for information technology companies and is a Board Member for a non-profit organization.