Lydia Washington
AHIMA: Information Governance – an organization’s key asset
September 09, 2016
By Lydia Washington
Information has always been one of an organization’s most important assets. Driven by an explosion of data from myriad sources, major investments in health information technology (HIT) and fundamental changes in the health care policy environment, information requires high-level oversight to be used optimally in all aspects of organizational decision-making. It’s almost impossible to imagine any action, reaction or transaction that does not require information in a health care or business setting.
All this information is of limited use, though, if it is not available where and when it is needed. The way to make this happen is through Information Governance (IG). IG has become an imperative for any health care organization. Nearly all other types of organizational assets — financial, human, physical — are managed using governance or oversight that emanates from fiduciary duty at the highest levels of the organization. Yet because information has not been recognized as an organizational asset until relatively recently, it is still a novel idea to some that governance should be applied to health information as it is applied to other assets.
The American Health Information Management Association (AHIMA) defines IG as, “an organization-wide framework for managing information throughout its life cycle and for supporting the organization’s strategy, operations, regulatory, legal, risk and environmental requirements.” It implies there is purposeful coordination and integration of information across all parts of the organization as well as multidisciplinary stakeholder engagement in the decision-making processes related to information and its management. This involves addressing inconsistencies in information-related policies and practices, as well as implementing standardization where appropriate.
A set of foundational principles promulgated by ARMA International provides the basis for IG policies and practices in health care as well as other industries. They have been adopted and adapted by AHIMA for health care as the Information Governance Principles for Health Care (IGPHC) and include: accountability; transparency; integrity; protection; compliance; availability; retention; and disposition.
In addition to a focus on these principles as information policies and practices, the critical components of a successful IG program include:
• One or more executive sponsors whose role is to assure that information and its governance is aligned with organizational strategy.
• A multidisciplinary steering group that provides representation and engagement on policy development and issue resolution from all information-intensive business units or areas of the organization.
• A designated leader at the executive level whose responsibilities include coordination and implementation.
• An educational component that supports the workforce as it creates, utilizes and manages information throughout its life cycle. To guide programmatic development of IG, AHIMA has identified 10 critical competencies that describe organizational Information Governance capabilities and effectiveness. Known as the Information Governance Adoption Model (IGAM), these competencies are:
1. Strategic Alignment: The capability to support an information-driven, decision-making culture and assurance that the workforce at all levels has access to information needed to make good decisions in real time.
2. IG Structure: The formal organizational structure with appropriately defined roles and functions.
3. Data Governance: Design and execution of data needs, including standards, planning, stewardship and data quality assurance.
4. Enterprise Information Management: The policies and processes for managing information throughout all phases of its life: creation/capture, processing, use, storing, preservation and disposition. EIM also addresses practices for information sharing, release and exchange, chain of custody and long-term digital preservation.
5. IT Governance: Best practices in technology selection and deployment, ensuring and measuring the value/benefit created through IT investments, management of resources, mitigating risks, measuring the performance of the IT function and ensuring stakeholder input is incorporated into IT strategy.
6. Analytics: The ability to use data and information to achieve the strategy, goals and mission, and realize the value of the information.
7. Privacy and Security: The processes, policies and technologies necessary to protect data and information from breach, corruption and loss.
8. Regulatory and Legal: Focuses on the organization’s ability to respond to regulatory audits, eDiscovery, mandatory reporting as well as compliance with information-related requirements of regulatory and other bodies of authority.
9. Awareness and Adherence: Assures that IG program principles, processes and practices are understood and adopted by the workforce with respect to information creation, use, handling, access, sharing, storage, retention and disposition.
10. IG Performance: Measures the performance and impact of the IG program, including its effectiveness, ongoing improvement and alignment with the organization’s strategy.
About the author: Lydia Washington, MS, RHIA, CPHIMS, is senior director of Information Governance (IG) at AHIMA, where she consults, provides industry analysis, identifies best practices and serves as an educator on information governance in health care.
Information has always been one of an organization’s most important assets. Driven by an explosion of data from myriad sources, major investments in health information technology (HIT) and fundamental changes in the health care policy environment, information requires high-level oversight to be used optimally in all aspects of organizational decision-making. It’s almost impossible to imagine any action, reaction or transaction that does not require information in a health care or business setting.
All this information is of limited use, though, if it is not available where and when it is needed. The way to make this happen is through Information Governance (IG). IG has become an imperative for any health care organization. Nearly all other types of organizational assets — financial, human, physical — are managed using governance or oversight that emanates from fiduciary duty at the highest levels of the organization. Yet because information has not been recognized as an organizational asset until relatively recently, it is still a novel idea to some that governance should be applied to health information as it is applied to other assets.
The American Health Information Management Association (AHIMA) defines IG as, “an organization-wide framework for managing information throughout its life cycle and for supporting the organization’s strategy, operations, regulatory, legal, risk and environmental requirements.” It implies there is purposeful coordination and integration of information across all parts of the organization as well as multidisciplinary stakeholder engagement in the decision-making processes related to information and its management. This involves addressing inconsistencies in information-related policies and practices, as well as implementing standardization where appropriate.
A set of foundational principles promulgated by ARMA International provides the basis for IG policies and practices in health care as well as other industries. They have been adopted and adapted by AHIMA for health care as the Information Governance Principles for Health Care (IGPHC) and include: accountability; transparency; integrity; protection; compliance; availability; retention; and disposition.
In addition to a focus on these principles as information policies and practices, the critical components of a successful IG program include:
• One or more executive sponsors whose role is to assure that information and its governance is aligned with organizational strategy.
• A multidisciplinary steering group that provides representation and engagement on policy development and issue resolution from all information-intensive business units or areas of the organization.
• A designated leader at the executive level whose responsibilities include coordination and implementation.
• An educational component that supports the workforce as it creates, utilizes and manages information throughout its life cycle. To guide programmatic development of IG, AHIMA has identified 10 critical competencies that describe organizational Information Governance capabilities and effectiveness. Known as the Information Governance Adoption Model (IGAM), these competencies are:
1. Strategic Alignment: The capability to support an information-driven, decision-making culture and assurance that the workforce at all levels has access to information needed to make good decisions in real time.
2. IG Structure: The formal organizational structure with appropriately defined roles and functions.
3. Data Governance: Design and execution of data needs, including standards, planning, stewardship and data quality assurance.
4. Enterprise Information Management: The policies and processes for managing information throughout all phases of its life: creation/capture, processing, use, storing, preservation and disposition. EIM also addresses practices for information sharing, release and exchange, chain of custody and long-term digital preservation.
5. IT Governance: Best practices in technology selection and deployment, ensuring and measuring the value/benefit created through IT investments, management of resources, mitigating risks, measuring the performance of the IT function and ensuring stakeholder input is incorporated into IT strategy.
6. Analytics: The ability to use data and information to achieve the strategy, goals and mission, and realize the value of the information.
7. Privacy and Security: The processes, policies and technologies necessary to protect data and information from breach, corruption and loss.
8. Regulatory and Legal: Focuses on the organization’s ability to respond to regulatory audits, eDiscovery, mandatory reporting as well as compliance with information-related requirements of regulatory and other bodies of authority.
9. Awareness and Adherence: Assures that IG program principles, processes and practices are understood and adopted by the workforce with respect to information creation, use, handling, access, sharing, storage, retention and disposition.
10. IG Performance: Measures the performance and impact of the IG program, including its effectiveness, ongoing improvement and alignment with the organization’s strategy.
About the author: Lydia Washington, MS, RHIA, CPHIMS, is senior director of Information Governance (IG) at AHIMA, where she consults, provides industry analysis, identifies best practices and serves as an educator on information governance in health care.