Taking Information Governance from Concept to Reality

by Mary Butler

The HIM Problem

AHIMA has been taking great strides in promoting information governance (IG) in healthcare, particularly with its development of the Information Governance Principles for Healthcare (IGPHC). But getting programs up and running has been a challenge for HIM professionals. Conveying the need for IG and extracting executive buy-in will continue to be a hurdle, but one that’s getting easier to clear.

The HIM Problem Solver

Sofia Empel, PhD, IGP, CRM, is the director of information governance at Connolly iHealth Technologies, and a member of AHIMA’s Information Governance Task Force. She has spent over 30 years as an IG consultant, working with clients in numerous industries, including healthcare, finance, banking, and many others. She wrote her doctoral thesis on IG in healthcare and is currently building Connolly iHealth Technologies’ IG capacity.

Information Governance Gaining Ground

Healthcare organizations—be they insurers, providers, billing auditors, or any company that handles high volumes of protected health information (PHI)—have started to express more interest in IG in recent years because of the potential risks of not handling data properly. In her role as an IG consultant, Empel says healthcare companies came to her for help because they were most concerned with maintaining the integrity of their data and preventing breaches.

However, despite records managers, including health information management (HIM) professionals, showing an appetite for governance, IG programs have been slow to gain traction. Empel says this stems from the fact that healthcare organizations see patient care—not data management—as their primary concern. But change is in the air.

“I would say that more healthcare companies are concerned with the integrity of the data. I think that’s a major IG driver,” Empel says. “Though data breaches have put the fire under people, they still should be concerned with ensuring their data is complete, accurate, and current.”

Finding Consensus on IG

Despite growing interest, Empel says it’s often still difficult to get healthcare organizations to commit to an IG program. Part of that is due to the fact that everyone has a different idea about what exactly IG is.

“If you talk to IT, they have one definition of IG, while legal, security, and even the users will have their own definitions. Depending on who you talk to, the perspectives of IG change. In my current role as an IG Director, I try to balance all these perspectives,” Empel stresses.

The challenge, she says, is to get all of those people into the same room and on the same page. The reason IG programs fail to get off the ground, says Empel, is because they lack executive support. HIM professionals who want IG in their organizations need to partner with IT, as well as communicate the business case for the IG initiative to the C-suite.

“Data is electronic now. If you don’t have a relationship with IT, you won’t get anything done. Beyond that, information goes from the board room to the mail room. To get that reach, you have to have somebody in a senior level position championing your program,” says Empel.

Getting Started

Once an entity embarks on an IG program, the first step is doing an assessment to establish an IG baseline that be used to measure improvement down the road. AHIMA’s IG Task Force is helping with this in their development of an IG maturity model that’s still in development. Following an assessment, Empel advises doing a gap analysis. When all of that information is compiled, it’s time to find a champion in executive and senior level management. The assessment and gap analysis gives IG organizers “ammunition” to make their business case at the top of the chain.

AHIMA’s Information Governance Principles for Healthcare (IGPHC) guide organizations launching their own IG programs, says Empel. The IGPHC provides a framework, so that IG can be approached from an enterprise-wide perspective.

“IGPHC is not only a standards-based best practice framework, it also provides a common language for all the various stakeholders. It has real meaning to individuals, even those outside of IG, allowing us to get the conversation started and to move forward with governing our information assets more effectively,” Empel says.