Research the topic ‘information quality policies in healthcare.’ You may also consult relevant authorities in your organization. In a 3 page paper based on your study and research, write

51

Chapter 6

Getting Started: Where to Launch an iG Program

7 Key iG Accelerators to Launch an iG Program

One of biggest problems with kicking off new IG programs is that, on average, they take a year or more to form, according to industry research. Beyond that, many IG programs lose steam

and fail to meet the organization’s objectives. This can occur for a variety of reasons, adhering to the Anna Karenina principle, which derives from the opening to Tolstoy’s book:

“Happy families are all alike; every unhappy family is unhappy in its own way.”

That is to say, every IG program failure is unique and due to a varying mix of shortcomings. One IG industry leader confided, “I have designed perfect IG programs and nothing hap-

pened.” In this case, there likely were significant weaknesses in the approach, including lack of strong executive sponsorship and developing a clear business case.

Other failed IG programs may not have had the right combination of players named to the IG steering committee, or it was overstaffed and not tiered so it got bogged down. Others may not have properly planned roles and a clear Responsibility Assignment Matrix, or RACI matrix (which identifies those Responsible, Accountable, Consulted, and Informed) early on, which doomed the program to failure. Still others may have lost focus on the organizational change management and communications aspects that are required to keep an IG program on track.

Responsible IG Lead

Consulted Key Stakeholders

and SMEs

Informed Board of Directors,

Broader Stakeholder Group

Accountable Executive Sponsor

Information Governance for Healthcare Professionals Getting Started: Where to Launch an IG Program

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:14.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

52 ◾ Information Governance for Healthcare Professionals

But there have been some lessons learned from these failures, and the approaches to creating and maintaining successful IG programs are starting to coalesce.

Here are seven key accelerators which can help launch or expand a successful IG program:

1. Recruit a strong executive sponsor. As noted in previous sections of this book, recruit- ing a strong executive sponsor is paramount. If there are multiple executive sponsors on board then nominate the most senior one (and consider making one or more of the others deputy sponsors). If that is not logical, select the executive with the most engagement and commitment, and the most to lose or gain. When evaluating executive sponsors, find that manager who has the highest information risk levels, the one who has the most to lose from a data breach, from non-compliance fines, or from soaring legal costs. Or that has a depart- ment full of knowledge workers who cannot find the information they need on a timely basis, consistently. Or even a department with rapidly increasing information storage costs. Think CFO, General Counsel, CIO, COO, Chief Risk Officer, Chief Information Security Officer, Chief Privacy Officer, and similar titles. (Ideally, the CEO or Administrator would be a solid choice due to their seniority.) C-level executives have clear budget and decision authority. These senior executives likely have been considering various piecemeal measures and it is the IG program lead’s job to educate them on the benefits of taking a holistic IG approach and aligning the effort with strategic business objectives.1

2. Find common ground. It is recommended that the IG Lead form alliances to help bolster the IG program effort. There are several groups that can be natural allies, but, of course, the scenario depends on business objectives, office politics, budget availability, and other orga- nizational factors. Data governance is one of the first places to look. Most larger healthcare organizations have some form of a data governance program or at least data quality program that operates on an ongoing basis. Some healthcare organizations have a chief data officer (CDO) dedicated to this function. The goals of a data governance program align with higher level IG program goals, especially the noble pursuit of improving patient outcomes and saving lives. There are a plethora of benefits that flow from a rigid data governance program related to improving patient outcomes, such as improving patient trust, satisfaction, and loyalty; reduc- ing litigation rates and costs; improving operational efficiency; and, increasing organizational value. Remember, IG programs must be driven from the top down, but implemented from the bottom up for best results. So an alliance with the CDO or data governance program manager should be a good alliance. Find these types of natural business allies to gain momentum in the IG effort. If the IG program lead comes from the HIM area, their skills can be helpful in working with the CDO to improve the accuracy of clinical data that is generated form lab and diagnostic equipment that is stored in the EHR. The HIM manager can also work with General Counsel to improve litigation readiness, reduce legal e-discovery costs, and reduce attorney document review costs. If the IG program lead comes from IT, they may need to team with the HIM lead and approach business unit leaders who have the biggest informa- tion management problems or the most litigation and help them improve their approach to records and e-document management. If the Business Office is planning to implement real- time e-mail archiving, and the e-mail policy is going to have to be reviewed and revised, this is a good time to dovetail off that project to launch or expand the IG effort.

3. Leverage assessment or audit findings. An internal assessment or audit of procedures and practices may reveal weaknesses that are putting organizational information at risk. One assess- ment tool with strengths in assessing healthcare organizations is AHIMA’s IGHealthRate™, a purpose-built assessment and measurement platform for IG which has the Information

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:14.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

Getting Started: Where to Launch an IG Program ◾ 53

Governance Adoption Model™ embedded in it. Another more comprehensive and mature IG assessment tool to use is the Information Governance Process Maturity Model from CGOC.org, which measures maturity on 22 key IG processes.2 If evaluating specific aspects of an IG program, such as cyber-security, the ISO 27001/2 standards can be used as guide- lines. Findings from an internal assessment can provide the mandate for moving forward with an IG program.3

4. Piggyback on existing IT projects, especially those that are approved and funded, or those that are likely to be. For instance, if the organization is planning on migrating installed EHR software to a new vendor, this is a good time to focus on getting good, clean, quality data into that new system, by working closely with the data governance team. If there is a Chief Data Officer and robust data governance program, IG is a natural fit. If, in another instance, the business side of the organization is due for a refresh in enterprise content man- agement (ECM) software, or it is cleaning up shared drives and/or migrating to SharePoint, this would be an ideal time to go a step further and implement a more comprehensive IG program that can work in lockstep with the ECM implementation. If legal hold notification (LHN) has been implemented and now additional efficiencies in the e-discovery process are being pursued, a broader IG approach may be well-timed.4

5. Emphasize hard cost savings. Where can hard dollar savings be found? When looking for a hard dollar benefit, an easy target is data storage and shrinking the storage footprint. Typically, 40% or more of information that healthcare organizations store has no business value. With a current and complete data map and leveraging file analysis tools using file analysis software, it can be graphically demonstrated to executives which information is worthless—redundant, outdated, or trivial (ROT)—and how much storage costs could be cut or at least the rate of growth can be slowed. Then layer on the benefits of improved clini- cal analysis and patient care capabilities, information risk reduction, reputational risk reduc- tion, improved compliance capabilities, improved productivity, and improved efficiency in implementing legal holds and other litigation-related tasks. Other cost impact areas may be reductions in cyber-insurance costs and e-discovery costs due to an ongoing IG program.5

6. Cite the impact of poor IG. In launching an IG program, often citing the “worst case” scenario will help make the case. One approach is to provide some well-known examples of breaches of ePHI or ePII that have heavily damaged companies like Premera BlueCross, Excellus BlueCross BlueShield,6 Anthem Health,7 and 21st Century Oncology. Be sure to delineate the fallout from these breaches to make the case for the IG program. When con- sidering the impact of a ransomware attack, bear in mind that over two-thirds of U.S. con- sumers would consider changing providers if their provider were attacked by ransomware, according to a recent survey.8 Another approach could be to list major HIPAA fines that peer organizations have paid when making the case for moving forward with an IG program.

7. Establishing a legal defense. If executives still are not convinced, then communicate to them that in cases like Excellus and Anthem, where patients or employees have had their personal data compromised, there will be lawsuits. Lots of lawsuits. And if an organization has an IG program in place and has taken reasonable “best effort” steps—basic measures such as information security awareness training—to secure private information including ePII and ePHI, and sensitive information like race or religion, then the foundation for a legal defense is in place. Although culpability may possibly be found, the awards will be smaller which lowers the cost of legal claims.9

These are some of the accelerators that can help get an IG program launched or expanded.

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:14.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

54 ◾ Information Governance for Healthcare Professionals

Chapter Summary: Key Points ◾ IG programs fail for a variety of reasons. ◾ Piggyback on existing, funded IT projects such as a move to a new electronic health record

(EHR) system or an existing data governance program to help launch the IG program. ◾ IG programs must be driven from the top down, and implemented from the bottom up. ◾ A strong executive sponsor is crucial. ◾ Find natural internal allies to launch an IG effort—those who have the most to gain from IG. ◾ Findings from an internal audit can provide the mandate for moving forward with an IG

program. ◾ Show hard dollar savings, and then add the benefits of information risk reduction to justify IG. ◾ Cite the “worst case” impact of poor IG (e.g. major breaches, fines) when making the busi-

ness case to move forward. ◾ An IG program in place means management has taken reasonable “best effort” steps to

secure PHI and PII, which can help a future legal defense.

notes 1. Barclay T. Blair, “Information Governance: 10 Things You Can Do To Get Started,” online webinar,

Zylab, July 23, 2014, http://www.zylab.com/ediscovery-resources/recorded-webcasts. 2. “2017 CGOC Information Governance Process Maturity Model,” CGOC, https://www.cgoc.com/

resource/information-governance-process-maturity-model. 3. Craig Callé, “Why Data Needs a Seat at the Corporate Table,” CFO, December 9, 2015, http://ww2.

cfo.com/big-data-tecnology/2015/12/why-data-needs-a-seat-at-the-corporate-table-information- governance.

4. Barclay T. Blair, “Information Governance: 10 Things You Can Do To Get Started,” online webinar, Zylab, July 23, 2014, http://www.zylab.com/ediscovery-resources/recorded-webcasts.

5. Ibid. 6. Jessica Davis, “7 Largest Data Breaches of 2015,” Healthcare IT News, December 11, 2015, http://

www.healthcareitnews.com/news/7-largest-data-breaches-2015. 7. Cameron F. Kerry, “Lessons from the New Threat Environment from Sony, Anthem and ISIS.”

Brookings Institution, March 26, 2015, http://www.brookings.edu/blogs/techtank/posts/2015/03/ 26-anthem-sony-isis-hack-cybersecurity.

8. Rebecca Wynn, CISSP, CRISC, CASP, CCISO, LinkedIn post, May 31, 2017. 9. “The Principles,” ARMA International, 2009, http://w2.arma.org/r2/generally-accepted-br-

recordkeeping-principles.

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:14.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

77

Chapter 9

Strategic Planning and Best Practices for iG

Start with Business objectives

The IG team should begin their strategic planning process by listing and prioritizing key organizational objectives. These objectives may be quite broad; keep the list short. Then, put

questions up for discussion such as:

“What discrete projects can we form and execute to contribute to the accomplishment of our overall business objectives?”

“What information do we need to help complete and maintain these projects?” “How long will the information have business value?” “How can we leverage the business value of this information?”

and so forth.

Align the iG Plan with Strategic Plans The IG plan must support the achievement of the organization’s business objectives, and there-

fore should be melded into the overall strategic plan for the organization. Integration with the strategic plan means that pursuing the business objectives in the IG plan are consistent with, and in support of, the enterprise strategic plan.

So, for example, if a particular medical center has been hit with some major lawsuits due to medical mistakes, then a program emphasizing data governance and data quality would directly address medical error issues. Perhaps a new Chief Data Officer position is created, and perhaps new software is needed for data cleansing and scrubbing to reduce the incidence of inaccurate data.

Or if the corporate strategy includes plans for acquiring smaller competitors and folding them into the organization’s structure as operating divisions, then the IG plan must assist and

Information Governance for Healthcare Professionals Strategic Planning and Best Practices for IG

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:52.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

78 ◾ Information Governance for Healthcare Professionals

contribute to this effort. Plans for standardizing operating policies and procedures among the new acquisitions must include a consistent, systematized approach to key principles of IG, including stakeholder consultation, user training and communications, and compliance audits.

The IG plan should bring a standard approach across the spectrum of information use and management within the organization and must be forged to accommodate the new acquisitions. This means that patient ID verification policies, privacy notices and policies, litigation readiness policies—even general office policies for e-mail, mobile device use, social media use, cloud collab- oration, and storage use—must be consistent and aligned with the overall strategic plan. In other words, the goal is to get all employees on the “same page” and working to support the business objectives of the strategic plan in everyday small steps within the IG plan.

The organization will also have an IT strategic plan, which must be aligned with the organi- zational strategic plan to support overall business objectives. The IT strategy may be to convert new acquisitions to the internal financial and accounting systems of the organization, and to train newly-acquired employees to use the existing software applications under the umbrella of the IG plan. Or the IT plan may be to move to cloud computing, so cloud-based solutions should be focused upon primarily. Again, the IG plan needs to be integrated with the IT strategy and must consider the organization’s approach to IT.

The result of the process of aligning the IG effort with the IT strategy and the organization’s overall strategic plan will mean, ideally, that employee efforts are more efficient and productive since they are consistently moving toward the achievement of the organization’s overall strategic goals. The organization will be healthier, and will have less dissent and confusion, with clear IG policies that leverage the IT strategy and help pursue overall business objectives.

There are further considerations that must be folded into the IG plan. As every corporate culture is different, and has a real impact on decision-making and operational approaches, it must be considered. Corporate culture includes the organization’s appetite for risk, its use of IT (e.g. forward thinking “first adopter”), its capital investment strategies, and other management actions.

If, say, the organization is conservative and risk averse, it may want to hold off on implement- ing some emerging e-discovery technologies that can cut costs but also introduce greater risk. Or, if it is an aggressive, progressive, risk-taking organization, it may opt to test and adopt newer e-discovery technologies, under the IT strategy and the umbrella of IG policies. An example may be the use of predictive coding technology in early case assessment (ECA). Predictive coding uses text auto-classification technology and neural technology with the assistance of human input to “learn” which e-documents might be responsive in a particular legal matter, and which may not be. Through a series of steps of testing and checking subsets of the documents, human experts provide input to improve the sorting and selection process. The software uses machine learning (artificial intelligence whereby the software can change and improve on a particular task, as its decision engine is shaped and “trained” by input) to improve its ability to cull through and sort documents.

Predictive coding can reduce e-discovery costs, yet there are risks that the approach can be challenged in court and could, in fact, affect the case adversely. So it is clear to see how a decision on a technology like predictive coding can involve and include elements of the IG plan, IT strat- egy, and overall organizational strategic plan.

And there are resource issues to consider: How much management time or “bandwidth” is available to pursue the IG plan development and execution? Is there a budget item to allow for software acquisitions and training and communications to support the execution of the IG plan? Obviously, without the allocated management time and budget money, the IG plan cannot be executed.

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:52.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

Strategic Planning and Best Practices for IG ◾ 79

Survey and evaluate external Factors The IG plan is now harmonized and aligned with the organization’s strategic plan and IT

strategy, but you are not finished yet, because it cannot survive in a vacuum: organizations must analyze and consider the external business, legal, and technological environment and fold their analysis into their plans.

Analyze Information Technology Trends

IG requires IT to support and monitor implementation of polices, so it matters what is devel- oping and trending in the information technology space. What new technologies are coming online? Is the organization tracking the use of blockchain, artificial intelligence (AI), and the Internet of Things (IoT) in healthcare? Why are they being developed and becoming popular? How do these changes in the business environment that created opportunities for new technolo- gies to be developed affect the organization and its ability to execute its IG plan? How can new technologies assist? Which ones are immature and too risky? These are some of the questions that must be addressed in regard to the changing information technology landscape.

Some changes in information and communications technology (ICT) are rather obvious, such as the trends toward mobile computing, tablet and smartphone devices, cloud storage, and social media use. Each one of these major trends that may affect or assist in implementing IG needs to be considered, and again, this must be done within the framework of the organization’s strategic plan and IT strategy. If the corporate culture is progressive and supportive of remote work and tele- commuting, and the organizational strategy aims to lower fixed costs by reducing the amount of fixed office space for employees and moving to a more mobile workforce, then trends in tablet and smartphone computing that are relevant to the organization must be analyzed and considered. Is the organization going to provide mobile devices, or support a bring-your-own-device (BYOD) environment? Which equipment and technologies will be supported? iOS, Android, or both? What is the policy going to be on phone jacking/modification? What is the IG policy regarding confidential documents on mobile devices? Will the organization use encryption extensively? If so, which software? Is the enterprise moving to the cloud computing model? Utilizing social media? What about Big Data? Is the organization going to consider deploying auto-classification and pre- dictive coding technologies? What are the trends that might affect the organization?

There are many, many questions that must be addressed, but the evaluation must be narrowed down to those technology trends that specifically might impact the execution of the IG plan, and rollout of new technology.

On a more granular level, evaluate even supported file and document formats. It gets that detailed, when crafting IG policy. For instance, PDF/A is the standard format for archiving electronic docu- ments. So plans must include long-term digital preservation (LTDP) standards and Best Practices.

Survey Business Conditions and Economic Environment

If the economy is on a down cycle, and particularly if the healthcare business sector has been negatively affected, resources may be scarcer than in better times, and hence, it may be more difficult to get budget approval for necessary program expenses, such as new technologies, staff, contractors, training materials, and so forth. This means the IG plan may need to be scaled back, or its scope reduced. Implementing the plan in a key division rather than attempting an enterprise rollout is the best tactic in tough economic times, and at all times, actually. Start small.

F., Smallwood, Robert. Information Governance for Healthcare Professionals : A Practical Approach, Productivity Press, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/franklin-ebooks/detail.action?docID=5515223. Created from franklin-ebooks on 2022-09-01 01:33:52.

C op

yr ig

ht ©

2 01

8. P

ro du

ct iv

ity P

re ss

. A ll

rig ht

s re

se rv

ed .

80 ◾ Information Governance for Healthcare Professionals

But if things are booming, and the business is growing fast, then budget money for invest- ments in the IG program may be easier to secure, and the goals may be expanded.

IG should be an ongoing program, but it takes time to implement, and it takes resources to execute, audit, and continue to refine. So an executive looking for a quick and calculable payback on the investment may want to focus on narrower areas. For instance, the focus may be entirely on security awareness training, or the legal hold and e-discovery process initially, with business objec- tives that include reducing pre-trial costs and attorney fees by a certain percentage or amount. It is much easier to see concrete results when focusing on e-discovery, since legal costs are real, and will always be there. However, if the IG effort is broader and improves the ability to organize and search for information faster, and to execute more complete searches to improve the basis for management decision-making, the business case may be more difficult to make. Improved management deci- sion-making will improve the organization’s competitiveness long term, but it may be difficult to cite specific examples where costs were saved or revenues were increased as a result of the “better decisions” that should come about through better information governance.

Analyze Relevant Legal, Regulatory, and Political Factors

In consultation with the legal team or lead, the laws and regulations that affect the organiza- tion’s segment in the healthcare industry should be identified. Narrowing the scope of the analysis, those that specifically could impact the governance of information should be considered and ana- lyzed. What absolute requirements do they impose? Where there is room for interpretation, where, legally, does the organization want to position itself? How much legal risk is acceptable? These are the types of questions that legal and risk management professionals can assist in making. Again, legal requirements trump all others.

The decision process must include considerations for the future and anticipated future changes. Changes in the legal and regulatory environment happen based on the political leaders who are in place, and any pending legislation. Therefore, go further and analyze the current political envi- ronment, and make some judgments based on the best information, the organization’s culture and appetite for risk, management style, available resources, and other factors. Generally, a more conservative environment means less regulation, and this analysis must also be folded into the IG strategic plan.

Survey and Determine industry Best Practices Information gover

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.