Realizing the true value of information governance requires ongoing collaboration, monitoring, assessment and education to promote process improvement. Organizations guided by successful IG programs are well poised to drive process improvement across the entire enterprise—one project at a time.

The first step is to recognize problems and then carefully analyze organizational data—from all data sources—to achieve change. This article explores how one health system used data analysis in conjunction with IG to turn potentially damaging privacy and security incidents into mission-critical process improvement initiatives.

Part of any solution is knowing the right questions to ask, and engaging the right partners. This is true for any type of negative event, trend or outcome.

Elizabeth A. Delahoussaye
Elizabeth A. Delahoussaye

Consider this scenario. As the volume of release of information (ROI) requests rises steadily, an organization notices a spike in unauthorized disclosures. Employees are under tremendous pressure to maintain appropriate turnaround times, often by contract agreement with a business associate.

Partnering with operations or IT is a practical starting point. Another option is to present the issue to a multidisciplinary IG team. The following questions can lead to process improvement before the situation escalates:

  • What processes need to be evaluated?
  • How can we use our data as a roadmap to find the root cause?
  • Do we need to hire more staff?
  • Is additional training needed?
  • Are our policies and procedures current and relevant to our organization?

Tackling major project improvement initiatives is daunting and disruptive. However, small proactive steps lead to big, positive change. This is especially true when organizational efforts are backed by data and strong IG support.

In the first example, we encountered an organization where ROI staff were choosing an incorrect address for mailing patient records. The wrong patients were receiving the wrong information, a tremendous privacy risk. A close look at the ROI data confirmed the issue, and the IG team was engaged.

Further analysis with IT revealed the need for a pop-up screen within the ROI processing workflow, including an option to double-check and confirm the correct patient address. Now, just before an employee closes out the order, the pop-up screen displays the address with a prompt to confirm the choice. If it is incorrect, the employee catches the error and corrects it.

The result was a drastic drop in the error rate, and hundreds of potential privacy breaches avoided. A small system change mitigated what could have become a pervasive problem, and the organization was able to achieve ROI process improvement across the enterprise.

The second issue stemmed from multitasking on one screen within an organization’s internal ROI process. With several windows pulled up, it was easy for staff to pull the wrong information inadvertently. Partnering with IT led to a simple solution; using dual monitors across the enterprise quickly resulted in a significant decrease in errors.

A proactive enterprise-wide approach to information governance is needed to address ever-increasing risks and promote process improvement. When an incident occurs, such as the breach scenarios just described, the best place to begin is with your data. Here are five steps and key questions to consider:

Define the problem. Focus on the data to conduct a root-cause analysis. What can you glean from information intelligence?

Partner with IT, Operations, Privacy and Security, and other members of your IG team.

Look at policies and procedures. Do they cover the incident? If not, develop and implement appropriate practices.

Identify opportunities to train staff so the problem does not recur.

Use the information to improve processes. Questions to ask include: What do the numbers mean in terms of processes? Can we roll out this solution across the enterprise? What outcomes can we expect as a result? Are we seeing the same level of improvement in various areas? What is working for the good of the whole—our organization, our patients, our community?

Taking a proactive approach to data-driven process improvement also guides enterprise efforts to achieve accountability and transparency. These are core tenets that drive data integrity and the business value of IG.

IG is not a silo—it touches every system, department, data source, policy, procedure and person within the healthcare organization. The misconception that the EHR contains and controls everything is diminishing as executives realize the need for a clear, concise framework for governing and managing information throughout its lifetime. To be truly successful, an IG program must be guided by a senior leader dedicated to the effort and working collaboratively with a multidisciplinary team.

According to Linda Kloss, the former CEO of AHIMA digital healthcare has elevated the importance and the stakes of privacy and security governance, and enterprise management. Leading organizations understand that yesterday’s solutions will not be adequate for today’s risks and threats, and those certain to emerge in the near future. They also understand that a compliance mindset does not fully serve the interests of the patients they serve. Still, errors will occur, and leading organizations have mechanisms in place to respond and learn from the inevitable lapses. Their sound governance of privacy and security considers ethical, compliance and fiduciary responsibilities.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Elizabeth A. Delahoussaye

Elizabeth A. Delahoussaye

Elizabeth A. Delahoussaye is the privacy officer and senior vice president of compliance for CIOX Health.