Data Governance in Healthcare: Protecting Patient Information

Every year, data breaches in healthcare put the private health information of millions of Americans at risk. In 2022 alone, healthcare data breaches directly affected nearly one in seven people — 49.6 million — in the U.S., with a 35% increase seen in the latter half of the year over the first half. 

One of the most important protections for private information that healthcare organizations can develop is the practice of data governance. This guide explores the role of data governance in healthcare and outlines basic practices for organizations to establish effective data governance. 

Key Takeaways:

• Data governance has become an increasingly important component of secure and effective data management for healthcare organizations.
• Data governance is a practice for maintaining the availability, integrity, and security of data in complex IT systems.
• Healthcare organizations can develop strong data governance programs based on identifying protected health information (PHI), enforcing the least privilege principle, and eliminating stale data.
  
  

What Is Data Governance?

Data governance refers to the set of organizational practices that ensure the availability, integrity, and security of data in IT systems. Policies, standards, and technologies enable these practices. Effective data governance in an organization both guarantees the delivery of consistent, reliable data to authorized users and protects data from accidental and malicious exposure. Data governance is critical to enabling actionable data analytics and maintaining compliance in regulated industries that handle legally protected information.

Who Implements Data Governance?

Image Source: Techtarget

Effective data governance programs comprise several standardized roles. Typically, these include:

Key Takeaways:

• Chief data officer (CDO): Carries overall responsibility and accountability for the program.
• Data governance committee: Consists of leaders from different departments and coordinates to write policies and standards.
• Data governance team: Oversees the procurement and maintenance of the technical requirements of the program.
• Data stewards: Monitor compliance in individual departments.
• Data quality analysts and engineers: Handle day-to-day operations such as tracking metrics and gauging data quality.
  
  

5 Ways to Implement Data Governance in Your Healthcare Organization

Here are five practices healthcare organizations can use to establish data governance programs.

1. Map Protected Health Information (PHI) in Your Systems

Image Source: TotalHIPAA

Locating data by type in modern healthcare IT environments can be challenging, especially with federally regulated categories of data such as protected health information (PHI).

To put sufficient technical and operational protections in place, data governance teams must first write rules for classifying data as PHI and then audit systems to apply classifying tags to PHI. Mapping PHI allows organizations to quantify their risk factors and design appropriate security measures.

2. Harden Privileges and Authorizations

In 2022, 61% of data breaches involved leaked or misused IT credentials. With the average cost of enterprise-level data breaches coming in at $4.35 million in 2022, the dark market value of mid to top-tier privileges and credentials in large organizations continues to encourage users to take advantage of lax standards.

To ensure compliance with applicable regulations and guard patient PHI, healthcare organizations must make the principle of least privilege (PoLP) a high priority in their data governance programs. In security operations, this means granting users only the minimum necessary access to systems and information and assigning only unique account credentials.

Minimizing authorizations reduces the risk of incidental exposure to sensitive information. Unique credentials also allow organizations to trace malicious activity to a single user, making it difficult for inside actors to get away with leaking or selling credentials.

3. Remove Stale Data

Stale data refers to data that has no current relevance or value. Stale data in the form of out-of-date or incomplete provider information or old prescription profiles accumulates rapidly in healthcare organizations. Over time, the growth of stale data:

• Skews the accuracy of data analytics
• Raises data storage costs
• Introduces unnecessary security risks

In large organizations, the problem of stale data is endemic across industries. Overall, 82% of organizations use stale data in analytics-driven decision-making processes, resulting in lost revenue 85% of the time. Identifying and eliminating stale data should be a foundational goal of healthcare data governance teams. 

4. Assign and Train Key Data Governance Roles

Data governance is an example of the people-process-technology (PPT) approach to problem-solving. Data governance programs need trained, responsible personnel in clearly defined roles just as much as they need policies and the IT tools to implement them. While these roles traditionally divide into five core areas of responsibility, choosing how to fill those roles is a task that varies by individual organization.

It may be tempting to assume that high-responsibility roles such as CDO should always be filled by outside hires based purely on technical merits. However, healthcare is a unique industry with a complex web of obligations to patients, regulations, and shareholders. To address these challenges, cross-assigning high-level data governance roles to individuals with both healthcare experience and requisite IT competence may prove more effective than relying on tech credentials alone.

5. Track Progress

Having policies on paper that represent the industry’s current best practices means nothing at the bottom line if enforcement fails somewhere in the PPT framework. On the first day of a new data governance program, the data governance committee should define goals specific to your organization’s needs and the KPIs to measure them. Going forward, team members in every role should regularly report on their progress, allowing decision-makers to see incremental improvements and added value over time.

Master Data Management for Healthcare and the Life Sciences with Coperor by Gaine

Enabling collaboration without introducing unmanaged risk is a persistent challenge in healthcare data management. Coperor’s master data management platform supports collaborative data governance to help organizations make data-mastering decisions across autonomous systems.

To learn more, watch this brief video and contact us.