Although the term may be unfamiliar, data governance is a longstanding obligation of the healthcare industry.

At a Glance
When building a data governance model, finance leaders should:

  • Establish a leadership team and define the program’s scope
  • Calculate the return using the confidence in data-dependent assumptions metric
  • Identify specific areas of deficiency and create a budget to address these areas

Data governance is the exercise of authority and control over the management of data assets across an entire enterprise. In the healthcare environment, it includes monitoring and enforcing the security of critical health information. All policies and procedures to guide, manage, protect, and govern the electronic information under the control of a hospital or health system fall under the rubric of data governance.

Traditionally, health information management (HIM) professionals served as the administrators of patient information integrity. Their responsibilities included reviewing records for accuracy and completeness after patients were discharged as well as monitoring, managing, and safeguarding use of records once they were complete.

However, the role of HIM professionals has changed in recent years. With the advent of electronic patient records and digital health information, computerized data within electronic health records (EHRs) now constitute the legal medical record. Although HIM professionals are still custodians of the legal record, they must now work hand in hand with IT and department system experts to address challenges, maximize opportunities, and mitigate unforeseen risks.

Today’s new data challenges require data governance models in health care that help to keep patients and their information safe in an age of accountability.

What Is at Risk

Hospitals sit atop mountains of electronic patient information and business intelligence. Big data in the form of data warehouses and independent data marts (portions of the data warehouse that relate to specific service lines) offer greater insights, analysis, and predictive capabilities. Never before have senior leaders had so much information for organizational decision making and strategic planning. Furthermore, patients benefit from greater transparency and more granular quality reporting.

But on the flip side, data chaos runs rampant in many provider organizations. In many hospitals, each line of business, division, and department has implemented its own technology applications, with IT groups aligning by application suites. If not managed well, hospitals may find themselves drowning in terabytes of irrelevant information, creating risks that faulty data could lead to medical errors and that information could be lost or breached. Here is a deeper look at these two risks.

Faulty data. Nearly 80 percent of healthcare organizations will adopt EHRs by 2016, according to industry estimates (IDC MarketScape: U.S. Ambulatory EMR/EHR for Small Practices 2012 Vendor Assessment. International Data Corporation, May 2012). The unintended consequence of EHR adoption may be faulty data.

Research conducted by Columbia University reveals that EHR systems may not be as accurate and complete as hoped, and that data are often inaccurate or missing (Hripscak, G., and Albers, D.J., “Next Generation Phenotyping of Electronic Health Records,” Journal of the American Medical Informatics Association, September 2012). Incorrect lab values, imaging results, or physician documentation can lead to medical errors and patient morbidity and can damage an organization’s reputation.

Data breaches. Nearly 21 million individuals have been affected by large healthcare data breaches since the Office for Civil Rights, a division of the U.S. Department of Health and Human Services, began reporting this information in 2009. The majority of these breaches involved lost or stolen data on laptops, removable disc drives, or other transportable media. Such breaches can have financial ramifications for provider organizations and lead to loss of community trust and potential market share.

Senior leaders should be aware of these concerns and implement data management programs to assess data integrity and accuracy in digital environments. Enter data governance.

Data governance emerged as a way to ensure that data flowing into the EHR are accurate and complete. Now, the need for effective data governance is ubiquitous across all clinical, financial, and operational information systems.

As an early adopter of an EHR, Vanderbilt University Medical Center (VUMC), Nashville, Tenn., established a data governance program in 2009. VUMC’s experience sheds light on how to effectively launch and maintain this important initiative.

Launching Data Governance at VUMC

VUMC includes three hospitals and The Vanderbilt Clinic. With 918 licensed beds, 53,000 annual discharges, and 1.6 million annual clinic visits, the organization maintains an 83 percent occupancy rate and has achieved HIMSS Stage 6 hospital EHR adoption.

Having begun its EHR efforts in 1997, VUMC was swimming in data after only a few years. By fall 2009, the need for stronger data management was clear, and hospital leaders took the initial steps to build a data governance infrastructure.

At the outset, VUMC’s leadership team had several concerns. First, informatics tools had evolved at a rapid pace but were not being governed by HIM policies and procedures. Second, as more of the medical record became electronic, information became easier to transmit and share, which presented security issues. Finally, new and greater uses of electronic information were emerging, and the medical center was struggling to keep up.

Initially, VUMC’s leaders addressed these process and workflow issues through the organization’s traditional medical records committee. But this approach proved to be ineffective. Eventually, leaders enlisted a consulting group to help the organization develop a data governance structure. This effort involved creating a new health record executive committee to guide that structure.

The health record executive committee oversees data governance throughout the organization. It reports to the medical center medical board and clinical enterprise executive committee, ensuring executive involvement and sponsorship. The committee’s primary focus is to develop the strategy for standardizing health record practices while reducing risk and enhancing compliance. To guide its efforts, the committee has developed a charter that spells out its key responsibilities, which include establishing guiding principles for creation and use of the health record as well as ensuring the continued migration and evolution of the health record.

Committee members include the chief medical information officer (CMIO), CIO, and legal counsel. In addition, the committee has representatives from the medical staff, nursing informatics, HIM, administration, risk management, compliance, accreditation and standards, and advanced practice nursing. Subcommittees have been established around policies, migration, and deployment of the EHR.

Establishing a Team and Defining the Program’s Scope

When designing VUMC’s program, health system leaders established a legal medical record team to support additions, corrections, and deletions within the EHR. This team addresses how users submit requests for retractions, how users move documentation in the EHR, and other issues.

The scope of what a legal medical record team addresses varies from organization to organization. Some of these tasks might include:

  • Monitoring and correcting duplicate medical record numbers
  • Creating a complete inventory of information assets and assigning a data steward (a business leader or subject matter expert for a given healthcare domain) to each system
  • Defining each data element (usually by creating a data dictionary) and determining the effectiveness, usability, life span, and possible outcome of each element (i.e., where information flows and how it is repurposed)
  • Plotting data flow for every element within—and between—information systems
  • Formalizing policies for data management and audit compliance
  • Monitoring and managing the “cut and paste” feature within EHR documentation

Once team members have defined the scope of the program, they can seek the support they need from the rest of the organization. This effort begins with developing a proper business case.

Calculating the Return

When developing a data governance model, a successful business case is crucial to securing buy-in from executive management and organizational stakeholders. To make their case, finance leaders should estimate the organization’s ROI. Quantifying an exact ROI for data governance is difficult because there are so many degrees of separation from the ultimate benefit—reduced risk of medical errors and data breaches.

The best practice is to base justifications on both business strategy and IT strategy, as suggested by Alex Berson and Larry Dubov in their book, Master Data Management and Data Governance.

It is important to align both business and IT strategies to ensure that the available funds are used to best meet the organization’s objectives. This alignment can be achieved only by fully analyzing how the IT system works for a focused specialty, how the information needed from other systems is received, and how easily the output data can be communicated and/or repurposed within other specialty IT systems. The total picture must flow together to build complete documentation and support claims submitted for reimbursement. It also is important to quantify the costs—tangible and intangible—of risks and adverse events due to information failure. Here are some examples:

  • Cost associated with rework in data collection
  • Cost of business lost due to information failure (because data is not reliable or fit for use)
  • Cost of patient safety errors
  • Cost of malpractice cases incurred due to information failures (because of faulty or unavailable data)
  • Delays in accounts receivable if requested information is delayed or unavailable for coding and billing

One metric that can be used to measure the value of a data governance program is confidence in data-dependent assumptions (CIDDA). CIDDA is measured as follows:

CIDDA = G x M x TS
G = Confidence that data are good enough for their intended purpose
M = Confidence that data mean what you think they do
TS = Confidence that you know where the data come from and trust their source

Although there are no industry benchmarks yet for CIDDA, each organization can assign its own values and goals to the metric.

Budgeting for Data Governance

The cost to implement a data governance program varies greatly depending on an organization’s level of sophistication with health information privacy and data management. At VUMC, costs included the use of an external consulting group to evaluate EHR govenance and of additional FTEs to staff and support the effort, and the development of a health record executive committee along with several subcommittees and work groups. A medical director was appointed to chair the executive committee. The organization also created and updated policies related to use of the EHR and EHR data.

When budgeting, finance leaders should consider the following six questions to identify specific areas of deficiency:

  • What data go into our EHR and core systems?
  • How is information edited and signed, and when is the record complete?
  • What is our legal medical record?
  • Who cleans up duplicate patient records and erroneous information?
  • What data move from the EHR to the patient portal?
  • Do we allow physicians to cut and paste their documentation? If so, how?

At a minimum, budgets should take into account time for staff involvement, meetings, and so on. If individuals with proper experience and expertise are not currently within the organization, outside consultants or qualified staff may need to be hired. Finally, a project manager should be appointed for the ongoing project. The project manager should be responsible for ensuring that the project stays on course and that its scope does not increase, adding costs to the project and potentially derailing the expected timeline.

Driving Benefits through Data Governance

Data are health care’s most valuable asset. Yet they are also a hot potato for healthcare organizations. There is real risk in handling data. If not already top of mind, data governance should be a priority for healthcare leaders, especially for any organization with an EHR. EHRs are effective only if the information contained within them is valid, reliable, and useful to support patient care. Effective data governance is the path to that goal.

That said, the act of building a data governance program should not be considered a “one size fits all” approach or simply a matter of purchasing a solution. Data governance is a step toward managing information as a key resource and then continuing to treat it as such. The current age of accountability in health care demands compliance with strong data governance efforts. The cost of information failure is simply too high not to invest in a data governance initiative.

Mary G. Reeves, RHIA, is administrative director, medical information services, Vanderbilt University Medical Center, Nashville, Tenn. (

Rita Bowen, RHIA, CHPS, SSGB, is senior vice president of health information management and privacy officer, HealthPort, Alpharetta, Ga. (


Data Governance Deliverables for Health Care An effective data governance program should deliver the following:

  • Strategy
  • Organization
  • Technology and architecture
  • Investigation and monitoring
  • Policies
  • Procedures

  • Publication Date: Friday, February 01, 2013

    Login Required

    If you are an existing member, please log in below. Username and password are required.



    Forgot User Name?
    Forgot Password?

    If you are not an HFMA member and would like to access portions of our content for 30 days, please fill out the following.

    First Name:

    Last Name:


       Become an HFMA member instead