Standards and Information Governance Share a Symbiotic Relationship

By Mary Butler

Two professional dancers can separately practice their portion of a couples routine all they want—but when it comes to creating an artful performance, the two must share a symbiotic relationship in order to succeed. Each individual must bring their respective portion of the dance to the performance, complementing the other dancer with their individual traits, while also providing and giving support where needed and keeping the other dancer on step and in hold. It takes both dancers working together to achieve the singular goal. This is also the case with standards and information governance (IG), which must share a symbiotic relationship in order to achieve the goal of quality healthcare.

Standards are essential to information governance (IG), and IG is essential for standards, says Deborah Green, MBA, RHIA, AHIMA’s executive vice president and chief innovation and global services officer. However, “because standards exist does not mean that they will be adopted and followed. Information governance provides the framework for not only standards, but all the components essential to enabling trust in data and information in healthcare. Standards and IG complement each other, but moreover neither can succeed without the other.”

Standardizing the way health information is captured, shared, managed, and governed improves patient care and lowers costs. This is also a goal of IG. There are many examples of how standards govern health information. For example, there are data standards, like the International Statistical Classification of Diseases and Related Health Problems, 10th Revision (ICD-10), Logical Observation Identifiers Names and Codes (LOINC), Systematized Nomenclature of Medicine – Clinical Terms (SNOMED CT), and RxNorm that enable the capture and processing of medical information in electronic health record (EHR) systems and ancillary systems. There are information content standards, like Health Level Seven (HL7) Clinical Document Architecture (CDA) and Fast Healthcare Interoperability Resources (FHIR), that allow data to be communicated between systems. There are information exchange and privacy and security standards that allow information to be exchanged in a secure manner. And there are workforce standards that enable an organization’s staff to operate standards-based health IT products.

In summary, there are many standards—and all of them have to work together to deliver the right information to the right person in the right form and at the right time. That is where IG comes in.

IG plays the coordinating role in making all these standards dance fluidly together—ensuring the standards work together where they are needed, and supporting individual patient’s care delivery needs as well as healthcare organization’s business needs.

The Intersection of IG and Standards

IG and standards essentially have the same goal: to leverage organizations’ data into a valued asset of the healthcare industry.

“I think that’s where synergies lie between the two,” says Tami Montroy, MS, RHIA, CCS, health information manager at the College of Medicine at Drexel University, and a member of AHIMA’s Standards Task Force. “I think standards support IG by laying that foundation for the expectations of industry data. I think once standards are established, it’s certainly easier to govern them. That’s part of what IG is, the governance of that information. I think that there are standards and there’s IG—but there’s a symbiosis between the two.”

Valerie Wilson, RHIA, CHDA, CSPO, senior consulting product analyst for HCA Healthcare’s (HCA) information technology services, who also serves on the AHIMA Standards Task Force, sees the relationship between IG and standards similarly.

“From my perspective, IG and standards intersect around how we can be consistent with regards to our data capture and maintain that same consistency from the perspective of interoperability,” Wilson says.

In her role with HCA, Wilson works with a team of people to ensure the data complies with specified standards from the Office of the National Coordinator for Health IT (ONC) from an interoperability perspective (ONC Interoperability Standards Advisories), including implementation of data standards (vocabularies) and the HL7 Consolidated-CDA (C-CDA) standard. “So there’s information governance decisions that have to be made that say ‘This is how we will do this, and why.’ Entities make guiding decisions that support the business needs and the regulatory needs of the organization,” Wilson explains.

Information Governance Standards in Development

Standards are under development to supplement AHIMA’s Information Governance Adoption Model (IGAMTM) and IGHealthRate™ and provide clear practice expectations for IG in healthcare. These are known as the “AHIMA Standards for Information Governance in Healthcare,” and they support compliance with practices, providing clarity and guidance to organizations in advancing the maturity of their IG efforts. Working together, IG, health information management (HIM), health IT, and informatics standards enable broader IG adoption and ensure trusted information.

Successful collaboration between AHIMA’s IG and AHIMA standards teams resulted in the development of several HIM practice standards at the various standards development organizations (SDOs) in the last few years. Guided by the IGAM competencies of data governance, enterprise information management, IT governance, compliance, privacy and security, and others, the AHIMA Standards Task Force has been developing HIM practice standards at various SDOs, including:

  • Integrating the Healthcare Enterprise (IHE)—health IT vendor and professional association:
    • HIT Standards for HIM Practices White Paper, 2015.1
    • Patient Registration Demographic for Data Capture and Exchange White Paper, 2017.2
    • Patient Administration Management (PAM) Integration Profile. US National Extension for Patient Registration. 2017. Under development.3
  • International Organization for Standardization, Technical Committee 215 Health Informatics (ISO/TC215)—leading international SDO
    • ISO/TR 18638. Guidance on Health Information Privacy Education in Healthcare Organizations. Technical Report (TR). 2017.4
    • ISO/TS 22287. Workforce Roles and Capabilities for Terminology and Terminology Services (TermS). Technical Specification (TS). 2017. Under development.5
  • HL7 International—SDO of vendors, government, and professional associations6
    • Record Management and Evidentiary Support Project
    • Patient Administration Project

AHIMA is planning to release the “Standards for Information Governance in Healthcare” in early 2018. Once released, standards developers can use the business standards to guide the development of technical standards (where applicable), and educators can use the standards to teach HIM students about IG and standards’ complementary interactions, preparing them to work in the eHealth world.

Excerpts from AHIMA’s Standards for Information Governance in Healthcare

Below are two examples of the Standards for Information Governance that are being developed by AHIMA: “Incident Management/Breach Management” and “Effective Use of Data Stewards.” These two examples demonstrate the importance of proactive policies, procedures, and workflow practices that result in effective management of data and information assets.

Incident Management/Breach Management

The Standard: The organization has a proactive monitoring system to prevent breaches.

Guidance: Incident management is a set of activities to identify, analyze, and correct hazards to prevent a future reoccurrence related to information access, use, disclosure, or destruction.

The organization has a formalized incident/breach response team with a documented plan that addresses enterprise-wide information breaches, not just those involving HIPAA-protected health information (PHI). It may be reasonable to combine this activity with what may already be in place for breaches of PHI. The breach response plan should include investigating each incident swiftly and completely; developing corrective action steps; determining appropriate workforce sanctions; and conducting a periodic review of any potential problematic processes.

Business partners that use, access, or store information are included in the breach management process and expectations. Members of the workforce are educated about the incident/breach management process.

The Incident Management/Breach Management IGAM Standard represents one of the Privacy and Security Competency maturity markers. A number of organizations have recognized the need for IG after a disaster event such as a breach or other incident occurs. These organizations are left with no choice but to reactively address the negative outcomes of such an incident, costing a significant amount of money, time, and other resources.

Effective Use of Data Stewards

The Standard: Data stewards are established throughout the organization for appropriate management of data assets.

Guidance: The organization assigns a network of business unit data stewards throughout the organization who have the responsibility and accountability for data across the data lifecycle. Their responsibility includes such things as development of data definitions, resolution of data issues, monitoring of data quality, testing and approval of data security, and data modeling and compliance.

Data stewards are given appropriate tools and training and enlisted and empowered to enforce adherence to data-related policies, procedures, and standards. Data stewards lead and/or participate in operational excellence programs that advocate data governance best practices throughout the organization.

The Effective Use of Data Stewards Standard supports one of the Data Governance IGAM Competency maturity markers. Data stewardship is defined as a formalization of accountability for data. Data stewardship is a continuum of responsibilities across the data life cycle and across the enterprise carried out by a network of data stewards. Identification of data quality standards, communicating data issues, and ensuring data is available to support business processes are some of the roles of a data steward.

Effective data stewards ensure their assigned data system houses data that can be successfully used for analytics, business development, and strategic decision-making.

Measuring IG Adoption

As an assessment tool with a set of 10 competencies and over 80 maturity markers, IGAM helps healthcare organizations measure the status of their IG practices that capture, manage, use, reuse, and share clinical, public health, and business information within the healthcare organization and across organizations involved in a healthcare enterprise. IGAM organizes and measures IG risks in a structure that can be easily understood and implemented by healthcare organizations.

AHIMA has also developed IGHealthRate, a web-based tool that providers, vendors, health information exchanges, and other information intensive organizations in healthcare can use to assess and measure their progress with IG adoption. Success with the implementation of IGAM in a healthcare organization is measured by IGHealthRate on a scale of one to five, with one signaling that the organization’s information is at risk and processes need to be implemented for risk mitigation. A five dictates that the organization has mastered the 10 competencies and achieved IG maturity.

According to Kristi Fahy, RHIA, an information governance analyst at AHIMA, each of the newly developed IG policies and business standards correlates with the maturity markers in each of the 10 IGAM competencies. “In the IGHealthRate tool, each of the competencies includes an overview of the competency, why it’s important, a recap of each of the maturity markers, the related standard(s), and guidance on each of the standards,” Fahy explains.

Bringing Standards Out of the Shadows

Standards enable consistency, reliability, and quality. HIM professionals constantly use standards, whether they realize it or not. In addition, they often develop organization-specific standards (standard operational procedures (SOPs)) for privacy and security, compliance, audit, and release of information policies. These SOPs are also developed for clinical documentation improvement (case definition and document templates), and information sharing (data agreements). Many of these organization-specific efforts will be provided to the AHIMA IG Practice Council and Standards Task Force members for discussion and assessment—with the teams working to define best practices and lessons learned and then formalize the recommendations into business and functional standards via a consensus-based process.


[1] Integrating the Healthcare Enterprise. “Health IT Standards for Health Information Management Practices.” White Paper. September 18, 2015.

[2] Integrating the Healthcare Enterprise. “Patient Registration Demographic Data Capture and Exchange.” White Paper. June 16, 2017.

[3] Integrating the Healthcare Enterprise. “Patient Administration Management (PAM) Integration Profile. US National Extension for Patient Registration.” 2017. Under development.

[4] International Organization for Standardization, Technical Committee 215 Health Informatics. “ISO/TR 18638. Guidance on Health Information Privacy Education in Healthcare Organizations.” June 2017. 

[5] International Organization for Standardization, Technical Committee 215 Health Informatics. “ISO/TS 22287. Workforce Roles and Capabilities for Terminology and Terminology Services (TermS). Technical Specification (TS).” 2017. Under development.

[6] AHIMA. “AHIMA Standards Fact Sheet: AHIMA at Health Level Seven (HL7).” 2017. 

Mary Butler ( is associate editor at the Journal of AHIMA.

Article citation:
Butler, Mary. "Standards and Information Governance Share a Symbiotic Relationship" Journal of AHIMA 88, no.11 (November 2017): 14-17.