From safeguarding the privacy of patient medical records to ensuring every staff member can rapidly locate emergency procedures, healthcare organizations have an ethical, legal, and commercial responsibility to protect and manage the information in their care. Inadequate information management processes can result in:
- A breach of protected health information (PHI) costing millions of dollars and ruined reputations.
- A situation where accreditation is jeopardized due to a team-member’s inability to demonstrate the location of a critical policy.
- A premature release of information about a planned merger causing the deal to fail or incurring additional liability.
The benefits of effectively protecting and managing healthcare information are widely recognized but many organizations have struggled to implement effective information governance solutions. Complex technical, organizational, regulatory and cultural challenges have increased implementation risks and costs and have led to relatively high failure rates. Ultimately, many of these challenges are related to information governance.
In January 2013, The U.S. Department of Health and Human Services published a set of modifications to the HIPAA privacy, security, enforcement and breach notification rules. These included:
- Making business associates directly liable for data breaches
- Clarifying and increasing the breach notification process and penalties
- Strengthening limitations on data usage for marketing
- Expanding patient rights to the disclosure of data when they pay cash for care
Effective Healthcare Information Governance steps
Inadvertent or just plain sloppy non-compliance with regulatory requirements can cost your healthcare organization millions of dollars in regulatory fines and legal penalties. For those new to the healthcare information governance topic, below are some suggested steps that will help you move toward reduced risk by implementing more effective information governance processes:
- Map out all data and data sources within the enterprise
- Develop and/or refresh organization-wide information governance policies and processes
- Have your legal counsel review and approve all new and changed policies
- Educate all employees and partners, at least annually, on their specific responsibilities
- Limit data held exclusively by individual employees
- Audit all policies to ensure employee compliance
- Enforce penalties for non-compliance
Healthcare information is by nature heterogeneous. While administrative information systems are highly structured, some 80% of healthcare information is unstructured or free form. Securing and managing large amounts of unstructured patient as well as business data is extremely difficult and costly without an information governance capability that allows you to recognize content immediately, classify content accurately, retain content appropriately and dispose of content defensibly.