Without our physical and mental health, we’re unable to fully enjoy our lives each day. And we entrust institutions like hospitals, pharmaceutical companies, family doctors, and insurance companies to handle, hold, and secure our personal information throughout our treatment lifecycle.
While those medical professionals are doing their best to diagnose and treat whatever issues their patients face, there are droves of technical experts behind them working to ensure data security, privacy, and regulatory compliance is being met and personal information remains as private as possible for each and every patient.
The amount of data being produced — approximately 30% of the world’s data volume is generated by the healthcare industry — is becoming more and more difficult to govern and de-risk, putting immense pressure on the stewards of that information.
So, how can the healthcare industry focus on digitizing its records and data while keeping that information private?
What are the challenges to managing healthcare data?
First and foremost, there’s just so much data. And so many types of it — everything from personal health information to insurance carrier information and billing details.
Aside from the data itself, there are a multitude of internal issues most healthcare institutions are dealing with, including:
- Lack of internal support: Executives and the board often don’t provide enough support for a holistic foundation for data governance.
- Not enough resources: Significant staff bandwidth is required for a governance committee, including executives, service leaders, data owners, data stewards, data architects, and data analysts.
- Internal knowledge and communication gaps: Data owners or system owners are too far removed from business operations to easily integrate into a data governance framework.
- Little trust in the data: Siloed, inaccurate, inconsistent, and unstandardized data results in lack of trust.
- Difficulty of training: Many organizations lack a strategy for educating, training, and supporting users on data governance practices.
- Inconsistent data protections: Lack of appropriate, consistent data access, restrictions, and protections.
- Knowing which data to govern: The types of data span a wide spectrum, including:
- PHI (protected health information), patient data, and medical records
- Customer PI (personal information)
- Employee data
- HI-TRUST, HIPAA, and IRB-regulated data
How does data governance fit in?
Data governance provides healthcare organizations with a means to integrate both clinical and business policy requirements, and it gives leadership quality information that allows them to make timely decisions for continuous improvement through analytics. To deliver good patient outcomes and maintain trust, organizations need to be able to use sensitive patient data safely, which requires knowing where it lives, how it’s protected, and managing its lifecycle according to the consent given by the patient.
Data governance provides the framework for defining the information included in systems and analytics environments and guides the processes of data users so they can use it responsibly.
The need for data lifecycle management is also key. From collection of data in health information systems to the destruction and disposal of data per applicable retention schedule, ensuring the organization is properly handling ROT data should be a top the priority list when it comes to proper data governance.
This can be simply maintained through data policy automation, which would enable the translation of written data governance policies into technical controls to ensure appropriate access/sharing/collaboration as well as retention and deletion of files.