Every industry needs the solid foundations of enterprise information management to have a successful present and future, especially with data-intensive analytical processes. Healthcare organizations need to build and maintain robust enterprise data management capabilities
Across healthcare, the demand and pressures for access to data are overwhelming organizations. In many organizations, the only access to structured data for performing analysis is through finance / accounting. In addition, the demands for providing external reporting of core measures and demonstration of meaningful use have inundated organizations while the external financial pressures have forced organizations to look at business operations for process improvement. For many health insurers and providers, access to data has been finding it through random search, exposing security and privacy gaps. In many organizations, there is no enterprise approach to data management.
A combination of a lack of required data being captured, the increasing need for information access, and new security regulations around data and its usage has many organizations searching to understand what to do and how to do respond quickly and safely. These functions are at the center of the roles and responsibilities of enterprise information management.
While technical architectures and solutions are never easy, the biggest is enterprise data governance, a core component of enterprise information management. Implementing data security, access rights, and providing technical solutions is an IT requirement, but defining what, how, who, and where those processes should apply is the responsibility of business / clinical staff. In healthcare, traditionally there has been a lack of formal data governance and that seems to stem from the challenges with getting access to key clinical/business domain experts. These are the senior staff who can define data and all of its characteristics, and who may manage who can access it. This is an industry with over-burdened resources, have significant time demands, and are working with shrinking financial resources. In many cases, the business / clinical staff leaves IT to define the rules instead of focused on building the solution.
Health Care’s Unique Challenges
While it is always good to take best practice examples from other industries, it is also prudent to understand the unique aspects to the industry you are in. Healthcare has several dynamics that make data governance more complex and challenging than other industries. Let’s take a high-level look at some of these:
- Breadth of systems needs
- Unlike other industries – unique systems for many individual areas of practice and associated services abound. Having massive numbers of systems often causes confusion and similar tools being deployed for the same need. This is often magnified by the geographic dispersion of offices – i.e. identical areas of practice in two different sites may have completely different systems for billing, registration, Electronic Medical Record (EMR), etc…
- Systems costs – while all industries have the need for comprehensive solutions to run their businesses, it is rare that other industries incur software costs like what the healthcare industry does. While almost all industries need ERP vendors, healthcare also has the EMR that frequently cost more than $100M to implement.
- External files – while many organizations have external information they want to leverage on clients/customers, healthcare has an abundance of external files and tools that they need to both run their business and to improve the quality of care they provide. It is common to see organizations pay multiple times for enterprise licenses of shared data sets – like the USDA nutrients database, Social Security Death Index, CPT codes (Current Procedural Terminology), pharmacy vendor lists, and many others.
- Reporting/analysis needs – As noted in many previous articles, the reporting and analysis demands around healthcare data are extensive. These demands cover areas like internal operational management and analysis, external regulatory reporting, quality improvement efforts, practice management, and even medical research. Yet, with HIPAA (Health Insurance Portability and Accountability Act) and data privacy/security concerns, organizations must be careful who gets to see what data and make sure they have auditing to back up their processes and controls.
- Data breadth and depth – the type of data that can be collected in healthcare is extremely wide and very deep. This includes extensive volumes of data with a variety of measurements, lots of views of data, and complex data types (like unstructured notes, images, and genomics). There are also various standards and vocabularies that tie/connect to clinical data that must be considered.
- Budget – IT budgets in healthcare are similar or even less than IT budgets in other industries. Even though the number of systems to implement and maintain is much greater than that of most other industries, the budgets don’t change to accommodate that. The other impact of high numbers of systems is the infrastructure (servers/network/disk/etc…) required to support them. Recent comments from organizations I have worked with report that up to 70% of IT costs are infrastructure related.
Governance In General
So what does governance in healthcare need to look like? Traditionally, healthcare organizations saw needs and acquired solutions that would fit them. Often the person or clinical area with the need would see and acquire software directly related to it to solve a specific need/demand. Unfortunately, that is how many healthcare organizations came to have hundreds or even thousands of independent systems that were in no way linked together. EMR vendors have tried to lead providers to believe that they can solve all data capture needs. While they have made great strides and are improving significantly in process and completeness, the reality is that there are just too many specialty areas and unique data needs that a comprehensive offering isn’t feasible.
There are many different characteristics of healthcare organizations that dictate the formality, attention, and rigor required of governance, especially data governance. The most critical factor is that it is right sized to the organization, its current state and its future direction. That being considered, there are five main focus areas that all healthcare organizations should establish to some extent:
- Oversight: Having business, clinical, and research leadership accountable and overseeing the connection between processes, workflows, data, and information systems is a precursor to having a responsible, responsive, and cost effective corporate culture. This oversight group is led by a key executive level person and has many various responsibilities, but basically oversees all planning and activities for the 4 other focus areas listed below. The main key here is that this group is not an IT committee, nor is it led by IT. In fact, only a maximum of 1 or 2 IT resources should attend – A key IT leader (like a CIO) and an expert data resource with broad knowledge of the organization and an understanding of enterprise data and data architectures.
- Data: This group should be focused on the capture, management, and usage of data across the enterprise. Figure 1 shows a comprehensive data approach that serves many needs across healthcare and where data governance is critical to make it accurate, secure, and valuable to all those that use it. The support for data governance includes data stewardship, a program led by a Chief Data Steward who is a non-IT person with extensive knowledge of the enterprise. This group should work closely with IT resources that build source systems, establish data models/designs, any data warehousing activities, as well as working with key business areas that need data for reporting and analysis activities.
- Security: Ensuring the protection and valid access to all data captured within a healthcare organization is very difficult without a formal data architecture. The presence of an enterprise data architecture and systems architecture certainly makes governance much easier to implement and manage, but it is usually only organizations that have taken governance seriously that would have those items anyway. This group should be chaired by someone from Compliance/Privacy, Auditing, or Institutional Review Board (IRB). It would have a close relationship with IT and with the Chief Data Steward. Key functions of this group would include policy creation and management, auditing processes and producing formal results. An IT Security Officer should ensure that all the processes that protect data, and implementation of those access permissions and restrictions are defined by this group.
- Solutions: This is the IT resources who build the systems that are used to capture, manage, and deliver data across the organization. With usage of data by data warehousing/analytic solutions often driving data capture requirements, this is typically driven and heavily attended by data warehousing resources. Key interaction points overseeing all solutions include Security and Data Stewardship leaders.
- Process: As solutions are defined, tested, and rolled out to clinical/research areas within healthcare organizations, there is a need for ownership and coordination by resources outside of IT. Typically IT resources are not experts at these aspects of systems delivery and to be honest, do we really want them getting direct calls from physicians that don’t understand the data, don’t believe it, or don’t know how to fit the workflow in with their practice. Resources are needed that can work directly with clinical areas on training, planning, helping with adoption, etc… One example of this type of resource is a quality specialist. This resource works closely with Quality/Safety offices, typically has a clinical background, and generally knows the resources and areas that use the systems and tools. These resources are often closely connected to data stewards (sometimes even in that organization) and also IT.
Figure 2 shows a sample governance structure for a healthcare organization that covers both practice and research.
One thing any organization, no matter what industry, how large, how established, or how desperate needs to remember in creating a plan for implementing effective governance is to be pragmatic. Probably the most common failure in implementing governance in healthcare organizations is the drive to create the best governance organization possible. This takes years of establishing and maturing to accomplish. No organization can develop plans, entrench resources, and move from a place with no governance to a mature governance overnight – although those that try will spend lots of time, money, and ultimately become very frustrated. This is a surefire recipe for bringing projects and other progress across your organization to a screeching halt.
It is important for all healthcare organizations to understand the value of data management, and put energy to the definition, collection, and oversight of data and technology. Some organizations have formalized their approach to data governance and are building processes that enable them to stay focused and coordinated in their efforts to contain overall costs, increase continuity/standardization, and decrease time to delivery. This has positive effects on all future projects/needs and helps minimize any one-off spending on pet-projects that don’t fit the organizational key mission and strategy. They become more effective, focused, and truly find a way to do more with less.