What is Data Governance in Healthcare?
The American Health Information Management Association (AHIMA) defines data governance as, “The overall administration, through clearly defined procedures and plans, that assures the availability, integrity, security, and usability of the structured and unstructured data available to an organization.” Effective data governance is crucial for healthcare organizations to make informed decisions, improve patient outcomes, and reduce costs. It encompasses both structured and unstructured data, including electronic health records, medical imaging, and patient-generated data.
Since this is an industry that deals in life and death scenarios, the stakes cannot be any higher. In its Mastering healthcare data governance with data lineage
Benefits of Effective Data Governance
No other industry deals with such valuable and personal data as the healthcare industry. While the banking and Fintech industries handle highly important financial data, the healthcare industry collects, processes, and models massive amounts of data to make informed decisions about a person’s healthcare. “One broken or incomplete piece of data can trigger not only noncompliance and audit issues but also harm real people,” warns the IBM Data and AI Team .
Medical records are used to diagnose health issues as well as to develop patient treatment plans. Any errors in them can lead to misdiagnoses, medication errors or delayed patient care. These can have serious or even life-threatening consequences, says the IBM Data and AI Team . Inaccuracies in patient records can lead to delays, complications, or even the outright denial of insurance coverage. This is particularly problematic today as insurance companies seem to be turning the denial of patient claims into an artform.
As the KFF, the leading health policy organization in the U.S., explains , “Insurers of qualified health plans (QHPs) sold on HealthCare.gov denied 19% of in-network claims in 2023 and 37% of out-of-network claims for a combined average of 20% of all claims.” Robust data governance can help protect both the patient and the healthcare provider to ensure claims are proper and paid quickly. Data on past coverage can be used to ensure future billing is accurate. A false claim can be spotted and rejected with enough back-up the rejection won’t be questioned by a patient.
Medical Errors
In their Americans’ Experiences with Medical Errors and Views on Patient Safety
Although a large majority of Americans believe they have had a positive experience when receiving health care, a high percentage of them report personal or close experiences with medical errors. These errors are due to a combination of systemic, human, and communication-related failures. They include the complexity of today’s healthcare system, the fragmented nature of healthcare, communication breakdowns, medication and diagnostic errors, technological issues as well as human factors, like fatigue, stress, and/or cognitive overload.
The Institute for Healthcare Improvement found that, “While 1 in 5 Americans say they have experienced a medical error in their own care, just 10 percent say that they have been harmed physically or emotionally when receiving medical care, possibly suggesting that Americans see medical errors and harm differently. However, there is a clear connection between medical errors and harm — 36 percent of those who have personally experienced a medical error say they have been harmed when receiving medical care, compared with 4 percent of those without firsthand error experience.”
Personal Medical Errors
20%
of people experience a medical error
Overall, 2 in 5 Americans say they have either personally experienced a medical error or had a medical error occur in the care of someone close to them.
As figure 1 shows, harm includes serious things like a medical error during a medical procedure (19%), poor or careless treatment (15%), verbal abuse (10%), a misdiagnosis (7%), requests for treatment ignored (5%), unnecessary treatment delays (2%), among others. Robust data governance can help with most, if not all, of these mistakes.
Figure 1: Percent of those harmed while receiving medical care Key Regulations Shaping Healthcare Data Governance
The healthcare regulatory landscape is constantly evolving. Established in 1996, The Health Insurance Portability and Accountability Act (HIPAA) regulates the use and disclosure of protected health information. In general, it prohibits healthcare providers and businesses from disclosing a patient’s protected information to anyone other than the patient or his or hers authorized representatives without consent. Patients can get their health information from providers as well as voluntarily share it however they choose.
Enacted in the United States in 2009 as part of the American Recovery and Reinvestment Act (ARRA), The Health Information Technology for Economic and Clinical Health (HITECH) Act expanded on HIPAA’s privacy and security provisions. It aimed to promote the adoption and meaningful use of health information technology to improve healthcare quality, safety, and efficiency.
The 21st Century CURES Act is a comprehensive piece of legislation. Enacted in December 2016, it aimed to advance medical innovation, improve mental health services, and enhance healthcare delivery in the US. It addressed various aspects of healthcare, including research funding, drug approval processes, mental health, and health information technology.
Because of the life and death nature of their patient data, healthcare organizations must remain fully compliant with data privacy regulations like the HIPAA, HITECH, and the CURES acts. Noncompliance means potential fines as well as reputational damage. There is also always the danger a data breach might pose to a patient, warns the IBM Data and AI Team .
Healthcare Data Breaches Are Second to None
According to his HIPAA Journal’s article, IBM: Average Cost of a Healthcare Data Breach Increases to Almost $11 Million
Phishing attacks and compromised credentials were the most common causes of a data breach, with phishing the initial method of attack in 16% of data breaches and compromised credentials in the other 15%, says Alder.
“The average cost of a phishing attack was $4.76 million and an attack caused by stolen or compromised credentials cost an average of $4.62 million. The costliest breaches were caused by malicious insiders, with those incidents costing an average of $4.90 million per breach, although these breaches were relatively rare, accounting for 6% of the total,” claims Alder.
Since the enactment of laws like HIPAA, HITECH, and the CURES act, there has been a proactive shift in most companies’ attitudes towards data security. Insurance and healthcare companies have taken an active rather than a passive role towards data governance. Even so, IBM reports that, “Only one-third (33%) of data breaches were detected by the breached entity, with a benign third party such as law enforcement or a security researcher notifying the victim about the breach in 40% of cases, and the attacker notifying the breached entity about the attack in 27% of cases.” In the case of an attacker informing the victim, the cost for the victim was “around $1 million more than breaches that were detected by the victim ($5.23 million vs. $4.3 million),” states Alder. These took much longer to contain — 79 days longer than breaches that were victim-identified, reports Alder.
Data Breach Cost
$11M
IBM: Average Cost of a Healthcare Data Breach
For the 13th year in a row, healthcare data breaches were found to be the costliest of data breaches, with the average cost increasing to $10.93 million.
Passing the Cost of Breaches onto the Consumers
The HIPAA Journal’s report “revealed 95% of organizations had suffered more than one breach and the costs of these breaches were passed onto consumers by 57% of organizations, with only 51% of organizations increasing security investments following a data breach.” In this inflationary world, consumers haven’t shown much willingness to absorb price increases. Companies who continue to raise prices on a wary public might find themselves in a situation where customers drop coverage. On the flipside, consumers often show appreciation to companies who don’t take advantage of them financially with steadfast loyalty.
Implementing Data Governance in Healthcare
Healthcare companies need to establish a strong data governance framework that outlines policies, procedures, and standards for data management. Data governance roles and responsibilities, including for data stewards, data owners, and data users, should be clearly defined. Checks on data quality help ensure all data is accurate and complete. Data governance policies and procedures for data access, use, and sharing should also be developed. Healthcare staff should be given training and education on data governance principles and best practices.
Data Quality
A big part of data governance is ensuring data quality. The AHIMA characterizes data quality in the following way:
Accuracy: The data should be free of errors and is correct.
Accessibility: Proper safeguards established to ensure data is available when needed.
Comprehensiveness: The data contains all required elements.
Consistency: The data is reliable and the same across the entire patient encounter.
Currency: Data is current and up to date.
Definition: Clearly define all data elements.
Granularity: The data is at the appropriate level of detail.
Precision: The data is precise and collected in their exact form.
Relevancy: Data is relevant only for the purpose collected
Timeliness: Documentation is entered promptly, is up-to-date and available within specified and required time frames.
Confidence in the accuracy and consistency of one’s data can minimize the risk of adverse health outcomes for patients. In addition, using predictive analytics can help identify trends, patterns and potential future health risks in a patient.
Data Governance Framework: Key Components
As I state in my article, The Evolution of Data Governance
Data Policies
Data Quality Management
Data Stewardship
Compliance and Security
Metadata Management
Data Architecture
In its Mastering healthcare data governance with data lineage
Healthcare companies must address data silos and fragmentation through data integration and interoperability. Data governance policies and procedures must balance security and accessibility, ensuring data quality and accuracy. They must provide training and education to healthcare staff on data governance principles and best practices while continuously monitoring and evaluating data governance effectiveness.
Three Components of Data Governance
In its Designing data governance that delivers value , McKinsey claims, “a typical governance structure includes three components:
a central data management office (DMO), typically led by a chief data officer (CDO), with a targeted data strategy and governance leaders who set the overall direction and standards
governance roles organized by data domain where the day-to-day work occurs
a data council that brings domain leaders and the DMO together to connect the data strategy and priorities to the corporate strategy, approve funding, and address issues.”
McKinsey claims Figure 1 works as the foundation for data governance. The employees creating, using, and overseeing the data’s management must balance central oversight, proper prioritization, and data consistency.
Figure 1: A best-practice data-governance model. Source: McKinsey’s Designing data governance that delivers value . As the AHIMA claims in their Healthcare Data Governance
The Future of Healthcare Data Governance
In the future, there will be an increased focus on patient-centered data governance and patient engagement. In their article, The Convergence of Healthcare and Technology
Drawing upon inspiration from concepts like “genome”, “Data-ome” refers to the comprehensive collection and integration of various types of data within a specific domain. It often emphasizes the interconnectedness and holistic view of that data. A “Data-ome” encompasses the complete set of data that can be analyzed and utilized for insights, decision-making, and research. In their article, The Open Microscopy Environment (OME) Data Model and XML file: open tools for informatics and quantitative analysis in biological imaging , Goldberg et al. describe Open Microscopy Environment (OME) as “a data model and a software implementation to serve as an informatics framework for imaging in biological microscopy experiments, including representation of acquisition parameters, annotations and image analysis results.”
Wearables, Biometric Sensors, and Patient Monitoring Devices
Wiederrecht, Darwish, and Callaway state, “Today, approximately 30% of the world’s data volume is being generated by the healthcare industry. By 2025, the compound annual growth rate of data for healthcare will reach 36%.”
Humans are expected to reach nearly 5,000 digital device interactions per person per day by the end of 2025, say Wiederrecht, Darwish, and Callaway. Much of this data will be healthcare data. This isn’t a surprising statistic. From wearable sensors, like fitness trackers that monitor physical activity, heart rate, and sleep patterns, to smart clothing that tracks biometrics, such as heart rate, respiration, and muscle activity, to vital signs monitors that measure blood oxygen levels and heart rate non-invasively, to remote patient monitoring devices, to smart pill bottles, implantable sensors, and biometric sensors, there’s a tsunami of healthcare data on the horizon.
There will be a greater emphasis on data quality and accuracy through AI-powered data validation and quality checks. Cloud-based data governance solutions will be increasingly adopted because of their flexibility and almost endless scalability. There will also be a greater emphasis on data security and privacy through advanced threat detection and response.
From Healthcare to Health, From Treatment to Prevention
To say data governance goes to the very heart of healthcare isn’t hyperbolic — it’s the truth. “In healthcare, managing the accuracy, quality and integrity of data is the focus of data governance. When healthcare organizations excel at this, it can lead to better clinical decision-making, improved patient outcomes and prevention of medical errors,” claims the IBM Data and AI Team . For both patients and providers, the stakes couldn’t be higher. The quality and integrity of data directly impacts patient outcomes.
As highlighted by AHIMA and IBM, effective data governance ensures the accuracy, security, and usability of data. This enables healthcare organizations to make informed decisions, reduce medical errors, and comply with stringent regulatory requirements. Without robust data governance, the consequences can be dire. They range from misdiagnoses and treatment delays to life-threatening errors as well as costly data breaches.
Effective data governance is critical for healthcare organizations to make informed decisions, improve patient outcomes, and reduce costs. Data governance policies and procedures must balance security and accessibility to ensure compliance with regulatory requirements. Data governance is essential for supporting personalized medicine and precision health through data-driven insights. Continuous monitoring and evaluation of data governance effectiveness is necessary to ensure the accuracy and security of patient data.
The future of healthcare data governance will be shaped by advancements in technology and the proliferation of biometric sensors. These innovations promise to enhance data quality, accessibility, and security. However, they also introduce new challenges, such as managing the sheer volume of data produced. In addition, ensuring patient privacy in an increasingly interconnected world won’t be easy. As healthcare continues to evolve, a patient-centered approach to data governance will be essential. This will empower individuals to take control of their health data while fostering trust and transparency in it.
155+
Successful Client Partners
25+
Years of Excellence
Transform Your Data Strategy
