The health care sector continues to be increasingly driven by technology and electronic environments. Electronic health records (“EHR”) have, in many clinical settings, replaced traditional paper charts. Clinical information systems are consolidating years of patient data, and advances in medical technologies are generating new types of data and data sets that never before existed. The development of health information technology (“HIT”) has led to an unprecedented increase in the volume of health care data. As a result, the need for appropriate and effective health care information governance (“IG”) has never been greater.
Maximizing the value of data and minimizing the privacy risks
IG enables health care organizations to implement organization-wide strategies to manage the information lifecycle and support an organization’s strategic goals and operations. While more data can enhance the quality of patient care and health services, it can also create additional challenges for compliance with privacy and data protection laws. An effective IG program can provide health care organizations with a framework for maximizing the value of large and diverse data sets, while minimizing the risk of non-compliance and data breach.
Providing a framework in which big data and predictive analytics can thrive
When properly implemented, IG can provide a structural framework for turning structured (quantifiable and measurable) data into useful information that can be used by various stakeholders within a health care organization. To that end, IG can facilitate the use of predictive analytics which is the process of analyzing big data to predict future events or outcomes. Why does this matter? Health care practitioners and public health organizations can use data analytics to more reliably diagnose patients, predict illnesses and epidemics, monitor the effects of treatments, slow the spread of dangerous viruses, and even cure diseases. While data analytics performs the dance, IG sets the stage. When properly implemented, IG provides a platform for sorting and storing data, assessing data quality, and facilitating data integration.
Delivering stronger legal compliance with less risk
As health care organizations deal with growing quantities of data, complying with privacy and data protection requirements inevitably becomes more challenging. In 2015, there were a record number of data breaches in the health care sector. According to the U.S. Department of Health and Human Services Office for Civil Rights, in the United States alone the records of over 112 million individuals were lost to cyber-attacks, theft, and other unauthorized disclosures. Privacy laws impose strict requirements for how organizations can handle personal information and for how long it can be retained. Data protection laws impose media-format requirements and cross-border transfer restrictions on personal data to protect against potential breaches. A comprehensive, up to date, industry-specific records retention strategy is an invaluable resource for compliance and security, and is a core component of a good IG program.
As innovators continue to push the use and boundaries of HIT and EHR, new sources of data will surely emerge and the health care sector will continue to experience a rapid acceleration in the growth of data. IG is, and will continue to be, an integral part of the data-driven health care model of the future.
Contributors – J. Andrew Sprague, Randeep Nijjar, and Lisa Douglas
