AHIMA making information governance a strategic imperative

“The time has come for healthcare to govern its information,” said Meryl Bloomrosen, MBA, vice president of public policy for the American Health Information Management Association (AHIMA), speaking at the fourth annual CMS eHealth Summit on May 19. “Trust in health information depends on it.” Leaders from the association called for a greater focus across healthcare on information governance.

Information governance “is the umbrella over all the information within the healthcare organization, not just the data captured in the electronic or paper record,” Bloomrosen said. Financial, personnel and other types of information “need to be governed at the highest level of generalization.” Information governance is an ongoing effort, she said, and is “more important than ever before because we in healthcare are undergoing such constant change.”

AHIMA has identified information governance as one its most critical strategic initiatives, said Bloomrosen, with a series of activities underway including the results of an extensive survey on the subject.

A full white paper on the survey results will be released by the end of the month, said Deborah Green, MBA, AHIMA’s COO and executive vice president of operations, who presented some preliminary results. The survey drew more than 1,000 respondents and found that information governance is not as mature in healthcare as it is in other industries.

More than one-third (35 percent) of respondents said they either didn’t know if there were any information governance underway at their organization or did not recognize the need for such activity. Twenty-two percent recognized the need for information governance but had not yet begun to address it and the rest reported they had started and were beginning to see beneficial results.

Only 11 percent of organizations fell into what would be considered a mature category. Green reported. Few organizations are undertaking information governance “in a truly cross-functional capacity. We’ve seen pockets of strong information governance” in areas such as privacy and security but not organization-wide, she said.

Information governance policies and procedures are considered mature in only 17 percent of surveyed organizations. That number is surprisingly low, she said, because “we live and breathe by our policies and procedures in healthcare.” Training was seen to be mature in only 16 percent of responding organizations. And, what organizations are doing to look at their data and its quality and reliability—assessment and audit—was seen as mature in only 10 percent or organizations. “That’s something we really need to pay attention to,” Green said.

The information lifecycle refers to first valuing and capturing information, including the design of the capture system through to deletion and destruction of data, Green explained. While an organization might rate itself high in terms of having retention schedules for various types of business and clinical records, when it came to actually having effective e-processes, such as well-defined deletion and destruction processes and undertaking those processes consistently, strong practices were not in place.

Healthcare does not need to create a new structure, Green said. Good information governance can be achieved by “improving the way we do things. Our delivery system is changing. That means people’s roles are changing.” The skillset, knowledge and training that prepared people for a health information management career also are applicable to information governance. It’s an evolution of roles rather than the creation of an entirely new workforce. She said traditional roles such as coding and transcription have evolved to clinical documentation improvement and analytics.

“Even though daily information is not on paper anymore doesn’t mean it doesn’t need to be managed or governed," she added.

Other industries have widespread use of tools that help them follow retention schedules and healthcare needs to do so not just for legal reasons but also to help identify which data can be deleted or destroyed. Not a magic bullet in terms of a tool for IG of how we unify all of this. talking aobut pulling together what were already doing. "Applying the principles of governance to all data across the organization is going to take us working together to really define what that needs to look like in each organization."

Most conversations focus on the data governance of health data or the accuracy of the data in the record, Bloomrosen said, but organizations need to consider how that intersects with the other information it holds. She cited the $4.8 million penalty recently issued to two healthcare organizations for data breaches. “If the rules had been clearly in place and enforced, that breach which made records searchable via the internet would not have happened.”