Hospital systems, provider groups, and other healthcare organizations are uniquely situated to drive technological innovation in the provision of healthcare services in large part because of the patient and other data to which they have access. Moreover, given the proliferation of data touchpoints generated through the business of caring for patients, there is a trove of data that enables better patient outcomes, facilitates business intelligence, aids the identification and management of risk, reduces data management costs, and optimizes performance management. The key to realizing these patient care and operational efficiencies is a robust data governance program that protects data while allowing real-time access to trusted data. This column explores the key elements of a data governance program, data governance benefits, as well as risks associated with data governance gaps.
Key Elements of a Data Governance Program.Four of the key elements that comprise a data governance program include: data owners, data mapping, data classification, and policies and procedures. Data owners are responsible for the data assets within a specific domain and ensure the information within their domain is accessed and managed appropriately across systems and business functions.
Data mapping is a technical process that connects or matches data fields in one system or database with the same data elements in another system or database. The principal purposes of data mapping are to integrate data sources to create a single source of truth. This process eliminates duplication of data and identifies those who use the data and for what purpose.
Data classification involves analyzing the data in a system or database and organizing it into categories. Data is classified by the characteristics of the data such as the sensitivity of the data and the regulations associated with its access, use, and storage requirements. One example of a data category is data that contains protected health information. Classifying data by category is particularly important given the limitations on use and disclosure of individually identifiable data under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.
Finally, a data governance program includes written policies, procedures, and standards that govern how an organization will store, move, edit, access, secure, and transmit data. It is important to involve data owners in the creation of an organization’s data governance policies and procedures, a task that is made easier if the organization has already conducted data mapping and data classification to determine the nature and scope of the data created across the healthcare organization.
In addition, an organization should implement internal controls and audit plans to ensure that data owners and others with access to data comply with the data governance policies, procedures, and standards. Utilizing data governance software will help enforce data governance policies, including compliance with access rules, monitoring and reporting requirements, and data quality solutions.
The Benefits of Good Data Governance.Data governance affords organizations visibility into the creation, use, and retention of its data assets. A data governance program will also:
- Decrease the cost of maintaining data by eliminating information data silos or shadow IT
- Improve data quality
- Increase regulatory compliance with privacy and security laws
- Optimize staff effectiveness by reducing redundancies and duplicative work
- Improve process efficiencies
- Single source of truth
- Enable timely destruction of data upon expiration of retention period
Data Governance Mitigates the Risk of Breaches and Unauthorized Disclosures. An organization that does not have a data governance program risks creating and maintaining disparate data systems, or shadow IT, making it difficult to have visibility into the location and use of the organization’s data. The organization is likely to have data integrity issues that negatively impacts the organization’s data analytics efforts and the accuracy of its business intelligence. Perhaps most importantly, an organization that has not implemented a data governance program increases the likelihood that the organization may experience cybersecurity breaches and attempts to access the organization’s data systems without authorization, potentially in violation of federal privacy and other laws.
As new data privacy regulations increase and as healthcare organizations work to implement data analytics programs, a data governance program becomes an integral part of doing business. However, being focused solely on protecting patient information may slow or even prohibit access to needed data. Therefore, it is important to focus on data governance as a whole rather than on the data itself.