Enterprise IM and information governance are essential strengthening strategies to address a range of information stressors. This article offers a framework that can be used to take stock of which stress fields are currently under reasonable control in your organization and which will benefit from more targeted attention. It challenges organizations to approach IM and information governance from the perspective of asset management focusing on gaining real value from investments in EHRs and other information and communication technologies.
Implementing I.T. does not automatically ensure that information is complete, accurate, reliable, secure or used appropriately. In fact, research shows that data errors and other information- related unintended consequences may impede safe use of technology. Most health care organizations need more robust policy frameworks and formalized strategies for IM and information governance. These are important disciplines for any organization seeking to improve the safe and effective use of I.T.
Revisiting Information Management and Governance
Contemporary Information management practices rest on three key principles: Information Asset Management, Enterprise Information Management, and Information Governance.
First, enterprise information should be managed as a valued asset on par with other critical assets (physical, human resource, financial, intellectual property). The information assets of the health care organization include medical records, but also e-mails, Web content, business data, images, video and other content in both physical and digital form. Health care organizations are eager to use data to improve patient care and operations, but their behaviors don’t always match this stated goal. Too often information management is a secondary concern. The quality of information and how it is handled depends on the preference of the process owner. When information is not viewed as an asset—including board of trustee mechanisms for oversight---synergies are lost, politics trump mission, and it is difficult to realize return on investments. Sound familiar?
Second, an information asset approach requires explicit structures, policies, processes, technology and controls which taken together describes the discipline of enterprise information management (EIM). The scope of EIM may be expanded as information assets come under better control, but the nexus of healthcare EIM are the primary and secondary patient data, structured and unstructured, residing in enterprise and departmental systems regardless of media. Billing and payment information, e-mail, personal health record data, employee and contractor information, quality improvement data, health information exchange and other information must begin to be viewed as elements of the information asset mosaic and managed accordingly.
__________________________
SIDEBAR: Systemic Evidence
- According to the HHS Office of Civil Rights, during the first 15 months under new breach notification requirements about 7.8 million individuals were affected by large data breaches due to theft, intentional unauthorized access, use, or disclosure, human error, or loss of media.
- Researchers found that about one in 10 computer-generated prescriptions received by a commercial outpatient pharmacy chain in three states in 2008 included at least one error, of which a third had potential for harm. This rate is consistent with the literature on manual handwritten prescription error rates.
- Industry experts estimate current error rates for provider maintained master person indices (MPIs) are between 7 and 10 percent, and HIEs report that identity management is a top level operational challenge.
- The Centers for Medicare & Medicaid Services reported to Congress that the national Medicare fee for service billing error rate for FY 2010 was 10.5 percent, or $34.3 billion in estimated improper claims payments.
- More than 500,000 Americans were victims of medical identity theft in 2009, and the incidence is on the rise.
___________________________
The third principle is that of information governance. According to Gartner, enterprise information management (EIM) is an essential organizational discipline and information governance is a crucial building block of EIM. Information governance is becoming a key focus for businesses in other information intensive and regulated sectors, particularly those such as financial services, energy and utilities, and pharmaceuticals. Like all effective governance, Information Governance begins with the boards of trustees and senior leaders.
Taken together, IAM, EIM and IG have potential to mitigate risk, improve organizational performance and reduce costs. In research conducted by The Economist, businesses with formalized information governance report improved decision-making and business results due to better access to information and improved information-sharing. They cite service and product quality gains because information is more accurate and reliable. They also report improved business risk management and enhanced reputation due to better information security practices. They attribute improved cost control of I.T. and I.T.-related services because of tighter and more strategic planning and acquisition processes.
The Building Blocks of EIM
There are four functional building blocks for healthcare EIM: information integrity, information use, confidentiality and protection, records and information life cycle. As shown the Figure 1 Framework these functions are encircled by Information Governance which ensures that reasonable management structures, policies, processes, technologies, training, and controls are in place for each function.
Information integrity is the continuous improvement of the value of the information asset by ensuring that data and content are accurate, reliable, up to data, consistent and is “fit for use.” Information integrity begins with data architecture, definitions and relationships, including metadata, and data capture processes. It ensures that the provenance or lineage of data is captured and that processes for error correction and amendments preserve the story about the data. Auditing is an important function and one that requires a deep understanding of both the consequence of particular types of data and events such as interface or system upgrades that can compromise data.
