Enterprise Risk Management

Hospitals, Health Plans Should Treat Information as a Prime Asset

March 15, 2018 2:46 pm

You’re going to do what with that information? An information governance program can help healthcare leaders answer that question and more.

To some finance and clinical executives, information governance (IG) may come off as a somewhat academic concept that is better suited for the legal, health information management (HIM), and IT wonks in their organizations. Yet leaders across the enterprise have much to gain by optimizing information in the same way they strive to enhance patient safety or improve quality—with a systematic framework of policies and procedures that are continually reinforced and updated so they become part of the culture, says Robert Smallwood, IGP, managing director of the Institute for Information Governance.

The Benefits of IG

Enterprise-wide IG programs provide a coordinated approach to help organizations optimize the value of their information assets while reducing privacy and security risks and ensuring legal and regulatory compliance. 

“Overall, information governance is about knowing what your information holdings are, where they are stored, and governing them properly based on their level of sensitivity or confidentiality,” says Smallwood, who has authored several IG books.

In the general business sector, IG has been largely viewed as a strategy to cull unnecessary and duplicate files that bloat an organization’s storage footprint. In health care, IG offers several benefits that are particularly useful as organizations move toward value-based payment. For example, IG helps generate cleaner data that can be used to streamline service delivery, reduce costs, and spur innovation, Smallwood says. After a merger, IG can help the restructured organization get a better handle on information assets that are widely diffused across the enterprise.

IG also can help promote organizational alignment and foster collaboration among traditionally siloed functions such as quality and the revenue cycle. “One of the aims of information governance programs is to leverage information as an asset across the organization,” Smallwood says. Ideally, IG programs should foster information sharing that promotes improvements in overall population health as well as the financial health of the hospital, health system, or health plan. 

Applying IG at the Service Line Level

Although many healthcare organizations entered 2018 with more-mature IG programs than they had just 12 months ago, hospitals, in particular, still lag behind other sectors in their level of IG maturity. A 2017 survey of primarily provider organizations by the American Health Information Management Association (AHIMA) found that the top three barriers to making progress with IG are awareness and understanding of the concept, budgeting/funding issues, and communication/cooperation across silos (click on the exhibit below).

Getting all stakeholders within an organization on board—and determining who is in charge—can be a major challenge, says Melissa Martin, who spent 18 years as associate vice president of privacy and HIM and chief privacy and HIM officer for West Virginia University Medicine, Morgantown, W.V. 

“You have to get past whether this is owned by HIM or IT or business analytics and bring those groups together so you can move forward with information governance,” says Martin, who is also a past president and chair of AHIMA.

She recommends not getting caught up in the term information governance but instead focusing on developing the framework around security, privacy, records management, and data integrity in general. “It’s already occurring in some organizations, but successful information governance programs pull it all together and break down the silos between different entities and departments in their organization,” she says. 

At the same time that WVU Medicine was preparing to roll out a shared electronic health record to all of its hospitals, Martin and her team developed an enterprise-wide IG steering committee with leaders from HIM, IT, business analytics, hospital billing, physician billing, and other areas. But the initiative picked up even more momentum when the committee engaged clinicians in efforts to bring quality reporting under the IG umbrella. Working together, leaders at WVU Medicine created policies and procedures on data quality and storage, records retention, privacy and security, and other areas.

In her role as assistant vice president for the new WVU Heart and Vascular Institute, Martin (pictured at right) continues to apply her IG acumen. “It became pretty clear when I stepped into this role that we still had plenty of work to do on information governance,” she says. For example, creating the new service line meant pulling together the data from two academic departments—not just on the main campus but from sister hospitals as well. Collection and integration of information from disparate sources was essential to help service line leaders, business analysts, and the finance team create financial pro formas to determine which heart services to offer where, as well as how to price them.

WVU Medicine’s enterprise-wide IG framework has continued to be helpful as the service line has grown. “We’ve had a number of acquisitions over the past year, and without the ability to pull together that information from those areas, it would have been difficult to get approval from our board to acquire practices or develop clinics in certain rural areas, which is extremely important to our overall mission,” Martin says.

‘Building Walls’ With an IG Program

While hospitals have been slow to embrace IG, health plans tend to be further along on the IG journey, says Matt McClelland, a member of the Information Governance Initiative’s advisory board and former manager of the information governance office at Blue Cross Blue Shield of North Carolina, where he oversaw traditional records management, file analytics, e-discovery, and other areas.

“One of the main benefits of IG is the ability to comply with external regulatory pressures, whether those are audits or litigation,” McClelland says. “When you’re dealing with large amounts of unstructured data, a robust information governance program allows you to know what you have, know where it is, and know the relevance to any kind of investigation, litigation, or audit and provide that in a timely manner.”

Many health plans also embrace IG because such programs can help protect their organizations against security threats, including breaches that occur at providers and other business partners. “By reducing your footprint through good information governance practices—such as only keeping what you need to keep and only sharing certain information with partners—you can build walls around what needs to have walls,” says McClelland, who works with health plans that have varying levels of IG maturity in his current role as a principal consultant with Doculabs, Inc.

IG also can help health plans and other organizations minimize information like files and emails that need to be migrated to other platforms, and thus help to contain costs. “Most organizations are dealing with at least hundreds of terabytes of unstructured data that is on network shared drives and email, and most of that has not been managed very well,” McClelland says. This includes redundant, outdated, and trivial information, also known as ROT. For this reason, most organizations embarking on IG should use a file analytics tool that will scan content like emails, slide decks, and Word documents that have unstructured data (e.g., text, numbers, videos) to determine its age, its key users, and whether it is duplicated elsewhere in the organization.

During his 10 years working on IG at Blue Cross Blue Shield of North Carolina, McClelland developed what he believes is a four-step process for moving forward that applies to hospitals as well as health plans.

Gain the authority to do the work. IG requires an executive champion to drive the program forward as well as a director or vice president to run the day-to-day operations and align the program to the goals of the organization. Some organizations also are creating a chief information governance officer role, although such titles are not common in health care. In other organizations, the CIO, HIM director, privacy director, or another leader might take on the key leadership role.

Develop the foundational components of the program. These components include retention schedules and electronically stored information (ESI) maps, which depict the flow of information in an organization. Other key pieces include standards, policies, data and records inventories, disaster recovery plans, and educational programs for staff.

Create goals and targets. McClelland recommends establishing roadmaps that span one, three, and five years. “Be reasonable about what you can and cannot achieve,” he says. 

Execute on the plan but be patient. Recognize that an IG program is constantly evolving and does not have to achieve everything at once. Leaders might choose one particular area of focus, such as regulatory or privacy, at the outset.

Lessons Learned

Not sure where to start? Experts offer the following advice to leaders who are interested in developing enterprise-wide IG programs.

Assess your organization’s IG maturity. Both Martin and McClelland suggest looking at AHIMA’s IG Adoption Model (IGAM). In December, the Office of the National Coordinator for Health Information Technology (ONC) released a patient demographic data-quality framework that endorsed the model, which includes 10 organizational competencies such as IG structure, strategic alignment, and data governance (view a PDF of the model).

Smallwood believes the IGAM is a useful tool but also points to the IG Process Maturity Model (IGPMM) from the Compliance, Governance and Oversight Council (CGOC). The IGPMM was originally developed in 2012 and rates organizations on 22 key IG processes. It was updated in 2017 to include an emphasis on legal, privacy, information security, and cloud security issues. “Perhaps the best approach is a hybrid one, combining relevant aspects of both maturity models to customize the assessment for a particular organization’s needs and IG program goals,” Smallwood says.

Determine what resources you need. Even though leaders may perceive that funding is a barrier to developing IG programs, a basic IG framework does not require a major investment and often can leverage internal resources, Martin says. Cross-functional partnerships also can help leaders make the most of limited funds and staff to advance IG, McClelland suggests.

Give clinicians a reason to participate. Poor IG across a physician practice, hospital, and affiliated post-acute provider can lead to inconsistent data quality in an organization and may affect the quality of care. Clinical leaders may be more likely to get involved if they understand that IG programs can help them deliver better care, McClelland says. 

Engage human resources in developing a formal kickoff as well as continued training. Consider launching an IG program with an enterprise-wide security awareness or privacy training event, Smallwood says. Ongoing staff education might include monthly IG tips presented in an employee newsletter or brief quizzes on issues like privacy and security.

Use metrics to audit your IG program’s success . An IG project to promote cleaner data to reduce medical errors might aim for a 5 or 10 percent reduction after 12 months, Smallwood says. Another project under the IG program umbrella might be to clean up shared drives and major information stores to eliminate ROT and reduce the storage footprint, setting a goal to at least stop or slow the growth of electronic storage costs—or, more aggressively, to cut costs by 10 to 15 percent.

Using IG Strategically

Although IG is underutilized in health care, that trend is shifting as more organizations begin to recognize the benefits, experts say. As adoption of IG programs grows, leaders should not get overwhelmed in their early efforts to manage information more strategically across the enterprise.

“Pick a project and just get started,” Martin says. “Then you will see that framework really come to life.”

Laura Ramos Hegwer is a freelance writer and editor based in Lake Bluff, Ill.

Interviewed for this article: Melissa Martin, MLS, RHIA, CCS, CHTS-IM, assistant vice president, WVU Heart and Vascular Institute, Morgantown, W.V.; Matt McClelland, principal consultant, Doculabs, Inc., Raleigh, N.C.; Robert Smallwood, IGP, managing director, Institute for Information Governance, San Diego.


googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text1' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text2' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text3' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text4' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text5' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text6' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-text7' ); } );
googletag.cmd.push( function () { googletag.display( 'hfma-gpt-leaderboard' ); } );