Please see the attached PDF (from the International Federation of Health Information Management Associations) and seek other so

Revisiting Information Governance

OCTOBER 2021

Disclaimer This whitepaper reflects the views of the International Federation of Health Information Management Associations (IFHIMA), and not necessarily its sponsors, partners, affiliates or members. This whitepaper offers no legal nor consulting advice. IFHIMA is not responsible for actions taken as a result of reading or using the whitepaper. IFHIMA is not liable for the contents of external links. Responsibility for external links belongs to their operators.

About IFHIMA The International Federation of Health Information Management As- sociations (IFHIMA) is a non-governmental organization (NGO) in official relations with the World Health Organization (WHO). The Federation acts as the global voice of the health information management profes- sion, supporting the importance of education and training, high quality health data, and privacy of health information. IFHIMA is committed to the advancement of health information management practices and the development of its members for the purpose of improving health data and health outcomes.

• Would you like to keep informed on IFHIMA? Sign up here.

• Did someone kindly share this whitepaper with you? You can get your own digital copy here as a free download.

• Yes! You may share – reprint with permission when you use this citation: IFHIMA Fosters Planning for Information Governance with Global Case Studies, Copyright International Federation of Health Information Man- agement Associations (IFHIMA), October 2021, Reprint with permission.

Notice ©2021 International Federation of Health Information Management As- sociations. This IFHIMA publication is subject to copyright and permission must be sought for reproduction of content. Direct enquiries to: [email protected]

Revisiting Information Governance

Healthcare Transformation Requires Trusted Information ………………………………………………….3

The Importance of Information Governance ………………..4

Information Governance as Stewardship …………………….5

Stewardship Foundations …………………………………………..5

Governance as Ground Rules and Guardrails ……………….6

IG Framework to Ensure Success ……………………………….6

IG and Health Information Management Practice ………..6

Trigger Events …………………………………………………………..7

IG Learnings from Global Experiences ………………………..7

It’s Time to Start ………………………………………………………8

Conclusion ……………………………………………………………….8

Revisiting Information Governance | October 2021

3

In 2017, the International Federation of Health Information Management Associations (IFHIMA) published a whitepaper with case studies – Advancing Health Information Governance: A Global Imperative. The paper offered details regarding the pressing need for information governance (IG) with consideration for transformation in the delivery of health services brought on by the digitization of data, new regulations and more.

Then in 2020 COVID-19 shook the world, especially the world of healthcare. The

disease spread so quickly that even the experts seemed to be at a loss and

overwhelmed. This crisis forced the use of technologies that were

formerly on the fringe. Healthcare at a distance, telehealth, became routine. Reliance on artificial intelligence and consumer driven tools, i.e., smartphone and apps proliferated in professional and personal settings. At many institutions, health information management professionals (HIMs) moved to remote

settings to continue their work while taking on new roles

and responsibilities. These conditions and the continuation of transformation of health service in nations around the world, have made IG even more challenging and important. That’s why IFHIMA is revisiting this important and timely topic.

Healthcare Transformation Requires Trusted Information

Local and national health services, irrespective of the maturity of their systems and data use, are redesigning care delivery and public and private health services by embracing 21st century solutions. Redesign is supporting the shift from illness-based care to wellness. These priorities involve greater engagement and inclusion by patients, families, and communities and have refined approaches to information access, information sharing, funding, and

reimbursement. Layered on these trends is the evolving information demands resulting from the COVID-19 pandemic.

Information is a strategic asset, much like physical assets – buildings, equipment, and technology – and is the essential tool for transformation. “Organizations that encourage staff to think about information and data as a strategic asset can extract more value from their systems.”1 Systems mean both technology and operational processes. Every healthcare organization needs to optimize its systems – in other words, optimize its information and data created or used from its various systems.

In all circumstances, information must be trustworthy to meet the demands and strategic transformational goals of healthcare organizations, their consumers/patients, and governmental and non-governmental agencies.

Health providers continue to transition from paper-based to digital health systems. Developing nations are especially focusing on this transition through an initial launch of digital systems or when they are using a hybrid approach to meet their goals. The hybrid approach may be a combination of electronic, imaged, and paper records. A myriad of approaches is evident in both mature health environments and developing nations. These systems support personal wellness and care; care delivery systems; local, national, and global public health disease prevention, identification, and tracking; and information policy development and improvement initiatives. The COVID-19 pandemic further demonstrates the need to create, link, and share data supporting individual, national and global health.

Digital health information requires focused management and governance – stewardship – to address new challenges and risks. Thus, stewardship through governance requires data quality and integrity, data access, reporting, data integration, confidentiality and security, patient and provider identity management and lifecycle management. (Stewardship is explored in IFHIMA’s 2020 whitepaper, Privacy of Health Information, an IFHIMA Global Perspective.)

Regardless of where organizations or nations reside on the technology adoption and data standardization spectrum, it is never too soon for a ministry of health, a health department, a large healthcare enterprise, a small ambulatory

Information is a strategic asset, much like physical

assets – buildings, equipment, and technology

– and is the essential tool for transformation.

Revisiting Information Governance | October 2021

4

or primary care clinic or payer organization to incorporate governance and stewardship practices.

Information governance (IG) provides the authority mechanism that sets forth principles and policies and approves procedures and technology for how an organization will exercise its stewardship responsibilities. Most importantly, a strong IG program serves the needs of the consumer, patient, and citizen.

The Importance of Information Governance

The importance and goal of healthcare transformation is well summarized in this statement that describes the role of the World Health Organization (WHO): “To improve equity in health, reduce health risks, promote healthy lifestyles and settings, and respond to the underlying determinants of health.”2

The building blocks supporting these goals are health records – records of patients’

health status, treatment, and social determinants of health

(SDOH); and vital records – birth and death records.

Health care organizations are learning that they need to formalize IG. According to Health IT Analytics, “In a survey released by AHIMA at the 89th Annual Exhibit & Convention, 53 percent of respondents said they have information governance programs in place or recognize the need for one. A scant 14 percent have initiated organization- wide IG programs, but 18 percent have some

form of governance activity underway.”3

The importance of information in transforming healthcare cannot be overstated. From

electronic health records to smart phone apps to patient portals to telehealth, information is driving healthcare decisions at all levels as never before. For example, the use of telehealth as a viable care delivery and management option has grown exponentially during the COVID-19 pandemic. “During the first quarter of 2020, the number of telehealth visits increased by 50%, compared with the same period in 2019, with a 154% increase in visits noted in Surveillance Week 13 in 2020, compared with the same period in 2019.”4 With that rapid deployment, often without advance planning or adequate risk assessments, came the challenges of network infrastructure, documentation requirements, data sharing, and privacy and security. In the IFHIMA article, Managing Health Information Privacy During the COVID-19 Pandemic: Considerations and Perspectives from Around the Globe, released September 24, 2020, we discussed how the COVID-19 pandemic has heightened the need for managing the privacy of information and the urgency for governance around it.

Data explosion as a driver for IG Electronic/digital transformation in healthcare means that the volume of data is growing exponentially. “IDC (International Data Corporation) predicts that our global datasphere – the digital data we create, capture, replicate and consume – will grow from approximately 40 zettabytes of data in 2019 to 175 zettabytes in 2025 (with one zettabyte equaling one trillion gigabytes).”5 Further, “human and machine- generated data is experiencing an overall 10x faster growth rate than traditional business data, and machine data is increasing even more rapidly at 50x the growth rate.”6 This growth is due to the growing number of devices, sensors, and the increasing use of artificial intelligence (AI) and machine learning (ML). As cloud computing becomes mainstream, data lakes and data warehouses are being created to accommodate the data explosion. Precision medicine in some countries is defining exact treatments and drugs through intelligence derived from genomics and the research and analysis of vast stores of structured and unstructured data. With this uptick in data growth comes the need to harness it for its business value, and, likewise, to determine what is redundant, obsolete, or trivial (ROT) data, and ultimately, information.

Information governance (IG) provides the authority mechanism that sets forth

principles and policies and approves procedures and technology for how

an organization will exercise its stewardship

responsibilities.

Revisiting Information Governance | October 2021

5

Data Governance: a key IG component While healthcare may be lagging other industries in establishing formalized IG programs, some organizations have elected to focus first on data

governance (DG). DG is an essential dimension of a comprehensive IG program

due to the increasing data volume and diverse use. DG is focused on the data used across key applications and processes (i.e., master data and metadata), as well as tools used in managing data (i.e., data dictionaries, data glossaries, data integration and data mapping). DG activities may include addressing patient or provider

identifiers, master data and metadata management, data mapping,

data dictionaries, and data standardization. DG efforts identify data that is useful and data that is redundant, obsolete, or trivial and work to address the appropriate disposition of ROT data. Creating high quality, trusted data across an organization is the goal of DG and is a critical dimension of IG. Data governance is like information governance in that it requires formalization around its activities. A DG program should report to IG and take strategic direction from the IG program. It is critical that the goals of DG and IG are aligned and support an organization’s strategic objectives.

By contrast, the whole patient record, including narrative content, and the policies that

drive its use, retention and privacy are all within the purview of IG. It is reasonable for healthcare organizations to focus first on getting the data right through DG, because error is costly, and trust may be jeopardized. The emergence of electronic health record (EHR)

related errors results in data being lost or incorrectly

entered, displayed, or transmitted, leading to loss of information integrity.7 Without solid DG, one cannot have information integrity.

Information Governance as Stewardship

Effective stewardship of health information is an important obligation for all who create, use, or manage information. “Stewardship is an ethic relating to the responsible handling of information; and governance sets forth the ground rules for execution of this responsibility.”8

Preserving confidentiality is an indisputable stewardship obligation when the subject of the information is identifiable. This obligation remains true when patient or provider identifiers have been removed from a data set for research and other purposes. (See whitepaper, Privacy of Health Information, an IFHIMA Global Perspective.)

Stewardship Foundations

The Principles of Fair Information Practice (FIPPs) and the Caldicott Principles offer policy makers around the world guidance in crafting stewardship frameworks for governing health and other sensitive information in physical or digital form. Several of the FIPPs principles are highlighted in Figure 1 by the Organization for Economic Co-operation and Development (OECD)9 that represents the cooperation of 35 member nations. These nations have adapted their own laws covering health information with consideration to local values; they are generally legislative expression of the FIPP principles.10 11 12

The Caldicott Principles adopted by UK’s National Health Service (NHS) include eight

key principles shown in Figure 2 that are the foundation for stewardship practice and can serve as another important framework in developing an IG program.

DG is an essential dimension of a

comprehensive IG program due to the increasing data volume and diverse use.

Preserving confidentiality is an indisputable stewardship

obligation when the subject of the information is identifiable.

Figure 1

Revisiting Information Governance | October 2021

6

Caldicott Principles, 2020 Update

Justify the purpose(s)

Every single proposed use or transfer of patient identifiable information within or from an organization should be clearly defined and scrutinized, with continuing uses regularly reviewed, by an appropriate guardian.

Don't use patient identifiable information unless it is necessary

Patient identifiable information items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).

Use the minimum necessary patient- identifiable information

Where use of patient identifiable information is essential, the inclusion of each individual item of information should be considered and justified so that the minimum amount of identifiable information is transferred or accessible as is necessary for a given function to be carried out.

Access to patient identifiable information should be on a strict need-to- know basis

Only those individuals who need access to patient identifiable information should have access to it, and they should only have access to the information items that they need to see. This may mean introducing access controls or splitting information flows where one information flow is used for several purposes.

Everyone with access to patient identifiable information should be aware of their responsibilities

Action should be taken to ensure that those handling patient identifiable information – both clinical and non- clinical staff – are made fully aware of their responsibilities and obligations to respect patient confidentiality.

Understand and comply with the law

Lead the evaluation of data quality with focus on ICD-11 coded data and develop appropriate queries to resolve discrepancies

Every use of patient identifiable information must be lawful. Someone in each organization handling patient information should be responsible for ensuring that the organization complies with legal requirements.

The principles are fully operationalized through roles and functions outlined in the 2020 Caldicott Guardians Manual.13

With stewardship foundations in place, IG can function to establish principles and policies, to assess and measure how well they are working,

Revisiting Information Governance | October 2021

7

and to identify when they need to be improved upon based on new learning or new advances. Illustrating the accepted global importance of IG, Gartner defines IG as the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.14

Governance as Ground Rules and Guardrails

IG provides the authority mechanism that sets forth principles and policies and approves procedures and technology for how an organization will exercise its stewardship responsibilities. Healthcare organizations set the scope of governance by determining the types of information that will be governed and who has the authority to set policies and

oversee their execution. Health information management (HIM) plays a key

role in IG by participating in policy formulation and/or subsequent execution.

From a practical perspective, IG considers the lifecycle of the information from its creation and integration through archiving or destruction. Illustrating the importance and practical application, the Canadian Health

Information Management Association (CHIMA) has a special

workgroup focused on IG and managing the lifecycle of data. IG considers the range of functions including:

• Information design and collection

• Records and content management

• Access

• Quality and integrity of information.

IG requires a multi-stakeholder approach

supported by senior leaders and anchored in a formal framework.

IG Framework to Ensure Success

There is no one-size-fits-all framework. The framework should be established to fit within the culture of the organization. However, the key components of a framework that should be considered are executive sponsorship, strategic committee structure with key stakeholder membership and designated leadership, program charter, organization-wide education plan, policies and procedures, and metrics and accountabilities. A key requirement for a successful IG program is the formalized infrastructure around it. A formalized framework ensures that

• The right stakeholders are involved;

• There is a reporting and support hierarchy;

• There are documented goals that are aligned with the organization’s strategic plan; and

• Metrics are in place to show results of the program and its activities.

Lastly, an organization must create a culture that supports a multi-disciplinary approach to establishing information policy and managing information as a key asset.

IG and Health Information Management Practice

Health Information Management (HIM), a nearly century old profession, has its roots in monitoring and improving the content of the health record. HIM focuses on managing the lifecycle of the record, particularly its protection, storage, retrieval, and disposition. Information curation is an important HIM skill with curation defined as “the act of individuals chartered with the responsibility to find, contextualize, and organize information, providing a reliable context and architecture for the content they discover and organize.”15 The ability to preserve information availability, sustain its credibility, apply the appropriate compliance, and uphold its integrity are all vital and integral HIM skills.

An organization must create a culture that supports a

multi-disciplinary approach to establishing information

policy and managing information as a key asset.

Revisiting Information Governance | October 2021

8

The changing landscape of health information capture and distribution channels is providing new opportunities in the healthcare ecosystem to maximize information curation and improve information value. The HIM profession faces many challenges in managing the quality and integrity, lifecycle management and confidentiality and security of digital information. While grounded in traditional practices, the scope, tools, and complexities of HIM practice in a digital health environment require new skills, competencies, and changes in how HIM services are staffed and organized. HIM professionals are recognized as well- established resources for clinical recordkeeping with aptitudes that continue to be sharpened, expanded, and called upon to institute and execute IG. Their critical knowledge and skills can be shared across the entire organization in managing all types of information – clinical, financial, human resources, contractual, legal, and other business information. HIM professionals possess the requisite information management knowledge and skills to positively impact the management of information across the entire healthcare setting.

To realize the full value of digital information in transforming healthcare, HIM professionals worldwide must engage in and lead the charge to improve information. HIM professionals must:

• Lead efforts to advance IG and information management practices,

• Ensure governance policies and best practices are applied, and

• Ensure all types of critical information assets are included as the information lifecycle is rolled out.

Trigger Events

Perhaps the most difficult part of developing and executing an IG program is finding the trigger event that catapults IG to the forefront. Thus, it’s critical to identify current day triggers and build the IG program around those, using them to align with the organization’s strategic goals. The ability to quickly address current day triggers in an expeditious and formalized way will prove the worth of an IG program.

Clearly the COVID-19 pandemic should be seen a trigger. The need to move quickly in times of uncertainty is paramount.

Technology adoption and implementation such as a new electronic record, a data lake, a data warehouse, or using artificial intelligence or machine learning might also be seen as trigger events.

An IG program that is built with stewardship to deliver accurate health information will enable health care organizations to respond in both ordinary and challenging times.

IG Learnings from Global Experiences

IFHIMA is a powerful network of HIM professionals from around the world, sharing best practices for IG and the day-to-day challenges of managing patient information and other important health information resources. In the face of health system change and transformation, this network has never been more important. Learning from one another is the surest way to advance at the pace that change is required today. To support the understanding of IG practice and value, HIM practice and knowledge, four international case summaries have been included as an appendix in this paper to demonstrate the need for and value of IG.

The Case Summaries describe the IG journeys of Alberta Health Services (AHS) in Canada, Cabrini Health (Cabrini) in Australia, the Hospital Corporation of America (HCA) headquartered Tennessee, USA and Grande Ronde Hospital, Oregon, USA. They are dynamic stories of change and learning and these snapshots convey several important lessons that can be adapted and adopted by other organizations. The lessons fall into three general categories: Purposeful Organizing for IG, Careful Priority Setting, and Adaptation.

Steering committees will have no trouble identifying complex, priority information challenges that benefit from improved governance. However, particularly in the early years, it is wise to choose governance initiatives that will have tangible return on the time and effort invested or that represent a real risk to the organization.

As with all transformative change, there is usually a trigger that is both a threat and an opportunity. The Case Summaries make clear

Revisiting Information Governance | October 2021

9

one other important lesson. Advancing IG requires a keen awareness of what is happening throughout the organization.

It’s Time to Start

Information Governance is critical to ensuring the trustworthiness of a healthcare organization’s information for patient care

and other business needs. Health information management

has traditionally demonstrated excellence through cost effective, consistent practices carried out by trained HIM professionals. The time

is now to ensure that your organization has an IG program to meet

both operational and strategic priorities. But, where to start? Below are recommended actions to move governance forward:

• Learn as much as possible about information governance and data governance concepts and practices in healthcare. This white paper is an excellent start.

• Network with HIM peers to discuss best practices, top priorities, and lessons learned.

• Share your IG and DG knowledge and expertise with senior leaders and peers,

• Demonstrate how governance practices can reduce costs, risks, and can increase compliance.

• Evaluate how your organization manages its information and data. Is it managed in individual departments, business units, and/or entities? Is it managed with a narrow scope in mind? Determine if governance practices are in place, even if in an immature stage.

• Bring forth ideas for where your organization can begin in evolving current or immature practices, to mature, optimized procedures and systems. Look at current processes around areas such as record retention, storage, and destruction, seeking opportunities to improve processes and reduce costs and risks. Further, identify areas of inefficiency – areas where there is redundancy and rework.

• Volunteer to lead the charge! HIM professionals are fully equipped to be the expert and take the lead role.

Conclusion

Healthcare always requires trusted information and with the many factors impacting healthcare transformation – from transitioning from illness-based care to wellness care, advances in the delivery of healthcare, the digitization of health records, the exponential growth of data, to the proper sharing of information for the improvement of health on a global scale – information governance is needed now more than ever.

These factors, along with a crisis, such as a global pandemic, are driving the need to accelerate the adoption of an IG framework. One that begins with a commitment from diverse stakeholders and disciplines across a healthcare organization.

HIM professionals, are natural stewards of health information. They have an important contribution to make in the development and execution of an IG framework. They possess the requisite knowledge and skills in management of information across the entire healthcare setting.

Through this whitepaper and the other topics and articles cited within, IFHIMA encourages the practice of information governance to realize its vision of “a healthy world enabled by quality health information.”

Information governance is needed now more than ever.

Revisiting Information Governance | October 2021

10

References and Endnotes Advancing Health Information Governance: A Global Imperative, IFHIMA October 2017 https://ifhimasitemedia.s3.us-east-2.amazonaws.com/wp- content/uploads/2017/11/20033802/ifhima-ig-whitepaper- final.pdf

Privacy of Health Information, an IFHIMA Global Perspective, IFHIMA November 2019, updated September 2020 https://ifhimasitemedia.s3.us-east-2.amazonaws.com/ wp-content/uploads/2020/10/02235824/IFHIMA_Privacy_ WP_09_20_final.pdf

Managing Health Information Privacy During the COVID-19 Pandemic: Considerations and Perspectives from Around the Globe, IFHIMA September 2020 …