Data Governance
Data governance is an emerging quality control discipline for managing data integrity, quality, and access in data-driven environments. While no consensus framework yet exists, data governance oversight committees are a frequently cited strategy to monitor enterprise data in healthcare and biomedical research. Furthermore, data governance relates to privacy, confidentiality and security by overseeing policies, practices and controls used by an organization to mitigate risk and protect patient health information. [1]
Provided below are three frequently cited definitions of data governance:
The Data Governance Institute defines data governance as “...a system of decision rights and accountabilities for information-related processes, executed according to agreed upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods." [2]
The Master Data Management Institute defines data governance as "...the formal orchestration of people, process, and technology to enable an organization to leverage data as an enterprise asset." [3]
IBM's Data Governance Council defines data governance as “... a quality control discipline for accessing, managing, monitoring, maintaining, and protecting organization information.” [1]
Contents
Purpose of Data Governance
Data Governance provides oversight of a healthcare entity’s data management practices. Its role is to ensure appropriate data quality, data security and data use. In addition, governance activities monitor compliance with regulatory requirements.[2] [4] The American Health Information Management Association (AHIMA) defines information governance (IG) as “an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.” [5] Most larger institutions have a governance committee to discuss and implement policies and procedures that promote best practices for data management and regulatory compliance. In larger institutions, the governance team may be led by a corporate executive such as the Chief Medical Information Officer(CMIO). Optimally, the governance committee should include representatives from all areas of the organization in order to provide diverse perspectives. [6]
Information Governance Principles for Healthcare (IGPHC)
AHIMA has developed IGPHC as industry “norms, values, and rules used to comprehensively govern an organization’s information management strategy.” They defined the principles to provide a “framework of IG best practices; a model for program development; a means of benchmarking against peers; and a plan for legislative, judicial, accreditation, and organizational policy mapping.”[5] The IGPHC were created to provide flexible guidance regarding management of both clinical and non-clinical data by a wide variety of healthcare entities, including providers, payers, researchers and health information exchanges. The IGPHC are divided into eight distinct guiding principles.
1. Accountability
Governance policy should hold staff members accountable for following data management best practices. The EHR system should have auditing capability.
2. Transparency
All data management operations, policies and procedures should be transparent and verifiable.
3. Integrity
External sources should be evaluated for reliability to maintain data integrity.
4. Protection
Security measures should be undertaken to protect data against external breaches.
5. Compliance
Governance policies should comply with all applicable laws and industry regulations and align with the organization’s internal mission and policies.
6. Availability
Measures should be taken to make certain that data is readily accessible to patients and staff when use is required.
7. Retention
Organizations should develop policies for retaining and archiving data in accordance with applicable state and federal laws.
8. Disposition
Provisions should be made for data to be disposed of in a secure manner. [5] [7]
ONC Patient Demographic Data Quality Profile (PDDQ)
The Office of the National Coordinator for Health Information Technology developed the PDDQ Framework and Ambulatory Guidance document in 2015. In the document, ONC provided methods for assessing data governance structure and critiquing data management policies and procedures. It outlined ways to appraise quality improvement initiatives. The PDDQ document divided data management processes into five main categories.
1. Data Governance
Governance Management
A formal data governance structure should exist. Committees and individuals should have defined roles.
Communications
Data management policies, procedures and best practices should be communicated to all staff members.
Data Management Function
There should be a person responsible for oversight of data management and data quality improvement to ensure that best practices are followed.
Business Glossary, Metadata and Data Standards
The entity should create and maintain a business glossary which defines what data will be gathered and in what format it will be recorded. An accompanying metadata nomenclature should be established.
2. Data Quality
Data Quality Planning
The organization should have a plan for monitoring and improving data quality.
Data Profiling
Organizations should regularly review their data to identify quality issues such as missing data, duplicate charts, and policy delinquencies. The review can be done manually or accomplished via vendor reports.
Data Quality Assessment
Organizations should monitor data quality criteria such as accuracy, completeness, conformity, consistency, timeliness and uniqueness.
Data Cleansing and Improvement
When data quality issues are identified, data should be cleansed. Changes in data values should be tracked. Processes and workflows should be altered to prevent similar quality issues from occurring in the future.
3. Data Operations
Data Requirements Definition
The data requirements should outline the data elements that should be included in the business glossary, as well as the system requirements and metadata standards.
Data Lifecycle Management
The data lifecycle documentation should outline the path of data from the time of its creation to the time it is archived. This path may include intersections with outside systems such as lab or radiology records.
Data Provider Management
Requirements for data access should be established for all users, including users external to the organization.
4. Platform and Standards
Data Management Platform
Entities should define and follow criteria for selecting appropriate databases and data management systems.
Data Integration
Organizations should establish policies and procedures that ensure that patient records are matched correctly when information is shared across platforms and from external sources.
Historical Data Archiving and Retention
Organizations should develop policies for retaining and archiving data. All applicable state and federal laws should be followed.
5. Supporting Processes
Measurement and Analysis
Once data issues are identified, quality improvement plans should be developed. Key metrics should be identified and monitored on an ongoing basis to measure progress.
Process Management
Data management policy and procedures should be kept updated and easily accessible to all staff members.
Process Quality Assurance
A process should be in place to ensure that quality initiatives are initiated, continued, and assessed.[8]
Data Governance Issues
1. Enterprise Master Patient Index (EMPI) Database Duplicate Rate
The Enterprise Master patient index is a database which matches every individual with their own unique set of data within an organizational database. Duplicate entries compromise data quality and impede information flow. Entities should have standardized workflows and safeguards in place to minimize duplicate records. Duplicate rate should be routinely monitored as part of data quality assurance.[8] [9] [10]
2. Copy and Paste Functionality
Use of the Copy and paste functionality within EHRs is widespread, but should be discouraged. Copied text can degrade data quality by rapidly propagating data inaccuracies, creating internal data inconsistencies and contributing to note bloat. Organizations should adopt policies and procedures that minimize copy / paste ability within the EHR. Copied material and its provenance should be made easily identifiable. Staff should be educated on appropriate use and pitfalls of the copy / paste functionality. Copy and paste activities should be routinely audited. [7] [11]
AHIMA has issued the following Position Statement in regards to copy and paste practices: “The use of copy/paste functionality in EHRs should be permitted only in the presence of strong technical and administrative controls which include organizational policies and procedures, requirements for participation in user training and education, and ongoing monitoring. Users of the copy/paste functionality should weigh the efficiency and time savings benefits it provides against the potential for creating inaccurate, fraudulent, or unwieldy documentation.” [12]
3. Data Provenance
Data provenance specifies an individual piece of data’s origin, lists any modifications to the data and indicates the source of those modifications. As interoperability increases and data is imported from external sources, provenance gains greater significance. In addition, the continued growth of Patient entered data presents unique challenges to provenance tracing. The HL7 FHIR Specification sets standards for the documentation of data provenance. [13] [7] [14] [15]
4. Patient Generated Health Data (PGHD)
In recent years there has been a proliferation of commercially available personal medical devices that produce large volumes of PGHD. PGHD poses special data governance challenges. While PGHD provides valuable insight for patient care and promotes shared decision making, it is often difficult and time consuming for providers to extract clinically meaningful information from PGHD. Additional concerns include the lack of mechanisms to ensure the accuracy of remote monitoring devices and the lack of security and privacy oversight of these devices. Security experts worry that interfacing with these devices may result in data breaches when information is transferred to the EHR.[16]
In response to these concerns, the Veteran’s Administration has published several recommendations for incorporating patient generated data into the electronic health record. They suggest establishing models for the intended use of PGHD. In order to promote physician buy-in, they propose that early PGHD projects should focus on clinical quality measures such as blood glucose monitoring, home blood pressure readings, and depression screening. They recommend creating a taxonomy that is used solely for patient generated data. Their model also includes allotted time for providers to review patient generated data. The VA authors acknowledge that the field of PGHD is rapidly changing and state that “decision makers must balance enterprise requirements that determine what data are defined as PGD and how they are used, with guidance by clinical stakeholders on best practices to address and review PGD. Such practices are likely to change over time as healthcare systems gain experience with and accrue evidence on the impact of PGD on patient care.” [17]
ONC has also published guidance for managing PGHD. In their whitepaper, they encourage organizations to explore innovative ways to summarize and utilize PGHD. They cite the need for further research into the optimal use of PGHD. They urge policymakers to tighten privacy and security regulations governing devices that produce PGHD and compel developers to voluntarily improve security measures. Finally, they state that payers should reimburse clinicians for the time spent reviewing PGHD. [18]
Submitted by (Kelly O'Malia, M.D)
References
- ↑ 1.0 1.1 International Business Machines IBM. The IBM data governance blueprint: Leveraging best practices and proven technologies. http://www-935.ibm.com/services/us/cio/pdf/data-governance-best-practices.pdf
- ↑ 2.0 2.1 Data Governance Institute. Definition of Data Governance. http://www.datagovernance.com/adg_data_governance_definition/
- ↑ Master Data Management (MDM) Institute. MDM and Data Governance: Readiness Assessment. http://tcdii.com/PDF/A%20Summary%20Practical%20Guide%20to%20Systems%20Integrators%20&%20Consultancies%20for%20MDM%20&%20DG.pdf
- ↑ John D’Amore, M. S. (2021, September 20). Electronic health record data governance and data quality in the real world. HIMSS. Retrieved October 25, 2021, from https://www.himss.org/resources/electronic-health-record-data-governance-and-data-quality-real-world
- ↑ 5.0 5.1 5.2 Way forward: Ahima develops information governance principles to lead healthcare toward Better Data Management. Journal of AHIMA. (n.d.). Retrieved October 25, 2021, from https://library.ahima.org/doc?oid=107468#.YXYnsBrMLb2
- ↑ Group, T. H. C. I. (n.d.). EHR implementation: The who, what, and why of Governance Structures. EHR Implementation: The Who, What, and Why of Governance Structures. Retrieved October 25, 2021, from https://blog.thehcigroup.com/ehr-implementation-the-who-what-and-why-of-governance-structures
- ↑ 7.0 7.1 7.2 EHRIntelligence. (2017, August 7). How strong health data governance ensures EHR Data Integrity. EHRIntelligence. Retrieved October 25, 2021, from https://ehrintelligence.com/news/how-strong-health-data-governance-ensures-ehr-data-integrity
- ↑ 8.0 8.1 Patient demographic data quality framework. Document. (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/playbook/pddq-framework/data-governance/
- ↑ Patient identity and patient record matching. HealthIT.gov. (2021, June 15). Retrieved October 25, 2021, from https://www.healthit.gov/topic/patient-identity-and-patient-record-matching
- ↑ PMC, E. (n.d.). Just, Beth Haenke et al. “Why Patient Matching Is a Challenge: Research on Master Patient Index (MPI) Data Discrepancies in Key Identifying Fields.” Perspectives in health information management vol. 13,Spring 1e. 1 Apr. 2016. Europe PMC. Retrieved October 25, 2021, from http://europepmc.org/abstract/MED/26261999
- ↑ Tsou, A., Lehmann, C., Michel, J., Solomon, R., Possanza, L., & Gandhi, T. (2017). Safe practices for copy and paste in the Ehr. Applied Clinical Informatics, 26(01), 12–34. https://doi.org/10.4338/aci-2016-09-r-0150
- ↑ Appropriate use of the copy and paste functionality in ... (n.d.). Retrieved October 25, 2021, from https://bok.ahima.org/PdfView?oid=300306.
- ↑ 6.3 resource provenance - content. visit the hl7 website. (n.d.). Retrieved October 25, 2021, from http://www.hl7.org/FHIR/provenance.html.
- ↑ Wang, M. D., Khanna, R., & Najafi, N. (2017). Characterizing the source of text in electronic health record progress notes. JAMA Internal Medicine, 177(8), 1212. https://doi.org/10.1001/jamainternmed.2017.1548
- ↑ Xu, S., Fairweather, E., Rogers, T., & Curcin, V. (2018). Implementing data provenance in health data analytics software. Lecture Notes in Computer Science, 173–176. https://doi.org/10.1007/978-3-319-98379-0_13
- ↑ Winter, J., & Davidson, E. J. (2020). Harmonizing regulatory spheres to overcome challenges for governance of patient-generated health data in the age of Artificial Intelligence and big data. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3749529
- ↑ Woods, S. S., Evans, N. C., & Frisbee, K. L. (2016). Integrating patient voices into health information for self-care and patient-clinician partnerships: Veterans Affairs Design Recommendations for patient-generated data applications. Journal of the American Medical Informatics Association, 23(3), 491–495. https://doi.org/10.1093/jamia/ocv199
- ↑ Conceptualizing a data infrastructure for the capture, use ... (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/sites/default/files/onc_pghd_final_white_paper.pdf