Difference between revisions of "Data Governance"
From Clinfowiki
| Line 8: | Line 8: | ||
IBM's Data Governance Council defines data governance as “... a quality control discipline for accessing, managing, monitoring, maintaining, and protecting organization information.” <ref name="ibm"></ref> | IBM's Data Governance Council defines data governance as “... a quality control discipline for accessing, managing, monitoring, maintaining, and protecting organization information.” <ref name="ibm"></ref> | ||
| + | |||
| + | '''Purpose of Data Governance''' | ||
| + | |||
| + | Data Governance provides oversight of a healthcare entity’s data management practices. Its role is to ensure appropriate data quality, data security and data use. In addition, governance activities monitor compliance with regulatory requirements. <ref name=Data governance. Data Governance - SDO Education Playbook. (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/playbook/ambulatory-guide/data-governance/</ref> | ||
| + | |||
| + | 8, 11 | ||
| + | The American Health Information Management Association (AHIMA) defines information governance (IG) as “an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.” 17 | ||
| + | Most larger institutions have a governance committee to discuss and implement policies and procedures that promote best practices for data management and regulatory compliance. In larger institutions, the governance team may be led by a corporate executive such as the Chief Information Officer (CIO). Optimally, the governance committee should include representatives from all areas of the organization in order to provide diverse perspectives. 10 | ||
| + | Information Governance Principles for Healthcare (IGPHC) | ||
| + | AHIMA has developed IGPHC as industry “norms, values, and rules used to comprehensively govern an organization’s information management strategy.” They defined the principles to provide a “framework of IG best practices; a model for program development; a means of benchmarking against peers; and a plan for legislative, judicial, accreditation, and organizational policy mapping.” The IGPHC were created to provide flexible guidance regarding management of both clinical and non-clinical data by a wide variety of healthcare entities, including providers, payers, researchers and health information exchanges. The IGPHC are divided into eight distinct guiding principles. | ||
| + | 1. Accountability | ||
| + | Governance policy should hold staff members accountable for following data management best practices. The EHR system should have auditing capability. | ||
| + | 2. Transparency | ||
| + | All data management operations, policies and procedures should be transparent and verifiable. | ||
| + | 3. Integrity | ||
| + | External sources should be evaluated for reliability to maintain data integrity. | ||
| + | |||
| + | 4. Protection | ||
| + | Security measures should be undertaken to protect data against external breaches. | ||
| + | |||
| + | 5. Compliance | ||
| + | Governance policies should comply with all applicable laws and industry regulations and align with the organization’s internal mission and policies. | ||
| + | 6. Availability | ||
| + | Measures should be taken to make certain that data is readily accessible to patients and staff when use is required. | ||
| + | 7. Retention | ||
| + | Organizations should develop policies for retaining and archiving data in accordance with applicable state and federal laws. | ||
| + | 8. Disposition | ||
| + | Provisions should be made for data to be disposed of in a secure manner. 17, 9 | ||
| + | |||
| + | ONC Patient Demographic Data Quality Profile (PDDQ) | ||
| + | The Office of the National Coordinator for Health Information Technology developed the PDDQ Framework and Ambulatory Guidance document in 2015. In the document, ONC provided methods for assessing data governance structure and critiquing data management policies and procedures. It outlined ways to appraise quality improvement initiatives. The PDDQ document divided data management processes into five main categories. | ||
| + | 1. Data Governance | ||
| + | o Governance Management | ||
| + | A formal data governance structure should exist. Committees and individuals should have defined roles. | ||
| + | o Communications | ||
| + | Data management policies, procedures and best practices should be communicated to all staff members. | ||
| + | o Data Management Function | ||
| + | There should be a person responsible for oversight of data management and data quality improvement to ensure that best practices are followed. | ||
| + | o Business Glossary, Metadata and Data Standards | ||
| + | The entity should create and maintain a business glossary which defines what data will be gathered and in what format it will be recorded. An accompanying metadata nomenclature should be established. | ||
| + | 2. Data Quality | ||
| + | o Data Quality Planning | ||
| + | The organization should have a plan for monitoring and improving data quality. | ||
| + | o Data Profiling | ||
| + | Organizations should regularly review their data to identify quality issues such as missing data, duplicate charts, and policy delinquencies. The review can be done manually or accomplished via vendor reports. | ||
| + | o Data Quality Assessment | ||
| + | Organizations should monitor data quality criteria such as accuracy, completeness, conformity, consistency, timeliness and uniqueness. | ||
| + | o Data Cleansing and Improvement | ||
| + | When data quality issues are identified, data should be cleansed. Changes in data values should be tracked. Processes and workflows should be altered to prevent similar quality issues from occurring in the future. | ||
| + | 3. Data Operations | ||
| + | o Data Requirements Definition | ||
| + | The data requirements should outline the data elements that should be included in the business glossary, as well as the system requirements and metadata standards. | ||
| + | o Data Lifecycle Management | ||
| + | The data lifecycle documentation should outline the path of data from the time of its creation to the time it is archived. This path may include intersections with outside systems such as lab or radiology records. | ||
| + | o Data Provider Management | ||
| + | Requirements for data access should be established for all users, including users external to the organization. | ||
| + | 4. Platform and Standards | ||
| + | o Data Management Platform | ||
| + | Entities should define and follow criteria for selecting appropriate databases and data management systems. | ||
| + | o Data Integration | ||
| + | Organizations should establish policies and procedures that ensure that patient records are matched correctly when information is shared across platforms and from external sources. | ||
| + | o Historical Data Archiving and Retention | ||
| + | Organizations should develop policies for retaining and archiving data. All applicable state and federal laws should be followed. | ||
| + | 5. Supporting Processes | ||
| + | o Measurement and Analysis | ||
| + | Once data issues are identified, quality improvement plans should be developed. Key metrics should be identified and monitored on an ongoing basis to measure progress. | ||
| + | o Process Management | ||
| + | Data management policy and procedures should be kept updated and easily accessible to all staff members. | ||
| + | |||
| + | o Process Quality Assurance | ||
| + | A process should be in place to ensure that quality initiatives are initiated, continued, and assessed. 12 | ||
| + | Topics in Data Governance | ||
| + | 1. Master Patient Index (EMPI) Database Duplicate Rate | ||
| + | The EMPI is a database which matches every individual with their own unique set of data within an organizational database. Duplicate entries compromise data quality and impede information flow. Entities should have standardized workflows and safeguards in place to minimize duplicate records. Duplicate rate should be routinely monitored as part of data quality assurance. 12, 13, 14 | ||
| + | Copy / Paste Functionality | ||
| + | Use of the copy / paste functionality within EHRs is widespread, but should be discouraged. Copied text can degrade data quality by rapidly propagating data inaccuracies, creating internal data inconsistencies and contributing to note bloat. Organizations should adopt policies and procedures that minimize copy / paste ability within the EHR. Copied material and its provenance should be made easily identifiable. Staff should be educated on appropriate use and pitfalls of the copy / paste functionality. Copy and paste activities should be routinely audited. 9, 15 | ||
| + | AHIMA has issued the following Position Statement in regards to copy and paste practices: | ||
| + | “The use of copy/paste functionality in EHRs should be permitted only in the presence of strong technical and administrative controls which include organizational policies and procedures, requirements for participation in user training and education, and ongoing monitoring. Users of the copy/paste functionality should weigh the efficiency and time savings benefits it provides against the potential for creating inaccurate, fraudulent, or unwieldy documentation.” 5 | ||
| + | 2. Data Provenance | ||
| + | Data provenance specifies an individual piece of data’s origin, lists any modifications to the data and indicates the source of any modifications. As interoperability increases and data is imported from external sources, including patient generated health data, provenance takes on greater significance. The HL7 FHIR Specification sets standards for data provenance. 4, 9, 16, 20 | ||
| + | |||
| + | 3. Patient Generated Health Data (PGHD) | ||
| + | In recent years there has been a proliferation of commercially available personal medical devices that produce large volumes of PGHD. PGHD poses special data governance challenges. While PGHD provides valuable insight for patient care and promotes shared decision making, it is often difficult and time consuming for providers to extract clinically meaningful information from PGHD. Additional concerns include the lack of mechanisms to ensure the accuracy of remote monitoring devices and the lack of security and privacy oversight of these devices. Security experts worry that interfacing with these devices may result in data breaches when information is transferred to the EHR. 18 | ||
| + | In response to these concerns, the Veteran’s Administration has published several recommendations for incorporating patient generated data into the electronic health record. They suggest establishing models for the intended use of PGHD. In order to promote physician buy-in, they propose that early PGHD projects should focus on clinical quality measures such as blood glucose monitoring, home blood pressure readings, and depression screening. They recommend creating a taxonomy that is used solely for patient generated data. Their model also includes allotted time for providers to review patient generated data. The VA authors acknowledge that the field of PGHD is rapidly changing and state that “decision makers must balance enterprise requirements that determine what data are defined as PGD and how they are used, with guidance by clinical stakeholders on best practices to address and review PGD. Such practices are likely to change over time as healthcare systems gain experience with and accrue evidence on the impact of PGD on patient care.” 19 | ||
| + | ONC has also published guidance for managing PGHD. In their whitepaper, they encourage organizations to explore innovative ways to summarize and utilize PGHD. They cite the need for further research into the optimal use of PGHD. They urge policymakers to tighten privacy and security regulations governing devices that produce PGHD and compel developers to voluntarily improve security measures. Finally, they state that payers should reimburse clinicians for the time spent reviewing PGHD. 8 | ||
| + | |||
| + | |||
| + | 4. 6.3 resource provenance - content. visit the hl7 website. (n.d.). Retrieved October 25, 2021, from http://www.hl7.org/FHIR/provenance.html. | ||
| + | 5. Appropriate use of the copy and paste functionality in ... (n.d.). Retrieved October 25, 2021, from https://bok.ahima.org/PdfView?oid=300306. | ||
| + | 6. Collins, S. A., Gesner, E., Morgan, S., Mar, P., Maviglia, S., Colburn, D., Tierney, D., & Rocha, R. (2015). A Practical Approach to Governance and Optimization of Structured Data Elements. Stud Health Technol Inform., 216, 7–11. | ||
| + | 7. Conceptualizing a data infrastructure for the capture, use ... (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/sites/default/files/onc_pghd_final_white_paper.pdf. | ||
| + | 8. Data governance. Data Governance - SDO Education Playbook. (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/playbook/ambulatory-guide/data-governance/. | ||
| + | 9. EHRIntelligence. (2017, August 7). How strong health data governance ensures EHR Data Integrity. EHRIntelligence. Retrieved October 25, 2021, from https://ehrintelligence.com/news/how-strong-health-data-governance-ensures-ehr-data-integrity. | ||
| + | 10. Group, T. H. C. I. (n.d.). EHR implementation: The who, what, and why of Governance Structures. EHR Implementation: The Who, What, and Why of Governance Structures. Retrieved October 25, 2021, from https://blog.thehcigroup.com/ehr-implementation-the-who-what-and-why-of-governance-structures. | ||
| + | 11. John D’Amore, M. S. (2021, September 20). Electronic health record data governance and data quality in the real world. HIMSS. Retrieved October 25, 2021, from https://www.himss.org/resources/electronic-health-record-data-governance-and-data-quality-real-world. | ||
| + | 12. Patient demographic data quality framework. Document. (n.d.). Retrieved October 25, 2021, from https://www.healthit.gov/playbook/pddq-framework/data-governance/. | ||
| + | 13. Patient identity and patient record matching. HealthIT.gov. (2021, June 15). Retrieved October 25, 2021, from https://www.healthit.gov/topic/patient-identity-and-patient-record-matching. | ||
| + | 14. PMC, E. (n.d.). Just, Beth Haenke et al. “Why Patient Matching Is a Challenge: Research on Master Patient Index (MPI) Data Discrepancies in Key Identifying Fields.” Perspectives in health information management vol. 13,Spring 1e. 1 Apr. 2016. Europe PMC. Retrieved October 25, 2021, from http://europepmc.org/abstract/MED/26261999. | ||
| + | 15. Tsou, A., Lehmann, C., Michel, J., Solomon, R., Possanza, L., & Gandhi, T. (2017). Safe practices for copy and paste in the Ehr. Applied Clinical Informatics, 26(01), 12–34. https://doi.org/10.4338/aci-2016-09-r-0150 | ||
| + | 16. Wang, M. D., Khanna, R., & Najafi, N. (2017). Characterizing the source of text in electronic health record progress notes. JAMA Internal Medicine, 177(8), 1212. https://doi.org/10.1001/jamainternmed.2017.1548 | ||
| + | 17. Way forward: Ahima develops information governance principles to lead healthcare toward Better Data Management. Journal of AHIMA. (n.d.). Retrieved October 25, 2021, from https://library.ahima.org/doc?oid=107468#.YXYnsBrMLb2. | ||
| + | 18. Winter, J., & Davidson, E. J. (2020). Harmonizing regulatory spheres to overcome challenges for governance of patient-generated health data in the age of Artificial Intelligence and big data. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3749529 | ||
| + | 19. Woods, S. S., Evans, N. C., & Frisbee, K. L. (2016). Integrating patient voices into health information for self-care and patient-clinician partnerships: Veterans Affairs Design Recommendations for patient-generated data applications. Journal of the American Medical Informatics Association, 23(3), 491–495. https://doi.org/10.1093/jamia/ocv199 | ||
| + | 20. Xu, S., Fairweather, E., Rogers, T., & Curcin, V. (2018). Implementing data provenance in health data analytics software. Lecture Notes in Computer Science, 173–176. https://doi.org/10.1007/978-3-319-98379-0_13 | ||
| + | |||
| + | |||
| + | |||
==References == | ==References == | ||
Revision as of 23:39, 25 October 2021
Data governance is an emerging quality control discipline for managing data integrity, quality, and access in data-driven environments. While no consensus framework yet exists, data governance oversight committees are a frequently cited strategy to monitor enterprise data in healthcare and biomedical research. Furthermore, data governance relates to privacy, confidentiality and security by overseeing policies, practices and controls used by an organization to mitigate risk and protect patient health information. [1]
Provided below are three frequently cited definitions of data governance:
The Data Governance Institute defines data governance as “...a system of decision rights and accountabilities for information-related processes, executed according to agreed upon models which describe who can take what actions with what information, and when, under what circumstances, using what methods." [2]
The Master Data Management Institute defines data governance as "...the formal orchestration of people, process, and technology to enable an organization to leverage data as an enterprise asset." [3]
IBM's Data Governance Council defines data governance as “... a quality control discipline for accessing, managing, monitoring, maintaining, and protecting organization information.” [1]
Purpose of Data Governance
Data Governance provides oversight of a healthcare entity’s data management practices. Its role is to ensure appropriate data quality, data security and data use. In addition, governance activities monitor compliance with regulatory requirements. [4]
Cite error: <ref> tags exist, but no <references/> tag was found
