Having returned recently from the NJ/Delaware HIMSS Fall meeting in Atlantic City, I am recalling multiple conversations and sidebars on the topic of data governance.
But here’s the thing. To my knowledge, there wasn’t a single presentation on the topic.
Now I admit I may have had a glass or two of Cabernet at the reception. But my clear recollection is that data governance, while not on the official agenda, seemed to be the unofficial theme of the meeting in the minds of many attendees.
What is data governance and why is it claiming our attention? These are good questions to ponder.
In healthcare, as in other industries, data is seen as a valued asset, and data that is inaccurate is recognized as a lethal (sometimes literally) liability. As data is transformed into information for decision makers, in healthcare enterprises there is a rising appreciation of the need to have “right” data all the time.
Innocently, one may think data is data. Why the need for governance, meetings, committees and enterprise attention on data?
Well, the temperature of the room is the temperature of the room, right? But is the temperature in degrees Centigrade, Kelvin or Fahrenheit? And who measures the temperature? How is it measured? Who records it and where? Is there a backup record? And who decided we should measure room temperature anyway?
And to further the need of a structure, suppose different end users had different meanings for the word “temperature.” Expressions such as “Admission Time” and “census” have different meanings for HHS and those staffing hospitals. Admission Time for HHS is when the attending physician writes the order to admit the patient. Some patients are admitted and never occupy a licensed hospital bed, spending three days in a bay in the ER. What is your census then?
The challenges of responsible data management seem endless. Even when a parameter is defined, i.e., serum sodium, enterprises need stewardship of the metric. Depending on which chemical analyzer is used in a lab or system, the range of normal values will be different. Data governance demands a prominent place in the enterprise that values and uses data.
Data governance has multiple definitions. The May 2011 Oracle white paper, Enterprise Information Management: Best Practices in Data Governance, nicely summarizes some of them.
In distillation, data governance is the formalized authority and responsibility for managing the enterprise’s data assets. This management addresses definitions, standards, processes, security, integrity, recognizes stakeholders and supervises the creation, reading, updating and deletion (CRUD) of data.
There is another similar and also increasingly popular term, information governance. As data and information are different concepts but occasionally used interchangeably, so are data governance (DG) and information governance (IG) innocently interchanged. Data governance and information governance, while reasonably having some overlap, are different, as Robert Smallwood points out in his August 2014 post.
I see the simple distinction as follows: Information governance is the enterprise’s front end, strategic, 30,000-foot view, and data governance is back end, tactical and granular.
Where IG and DG intersect seems to be in the area of security and confidentiality. Information arising from PHI data, duties the controllers of information to the same HIPAA confidentiality requirements.
The interests in data governance shared by the Atlantic City meeting participants were timely, confirmed by the release on November 25 by ECRI of their Top 10 Technology Hazards for 2015. Validating the concerns in Atlantic City, ECRI identified as the number-two hazard for 2015, “Data Integrity: Incorrect or Missing Data in EHRs and Other Health IT Systems.”
The ECRI report highlights the complexity of the data integrity challenge, “What makes this problem so troubling is that the integrity of the data in health IT (HIT) systems can be compromised in a number of ways, and once errors are introduced, they can be difficult to spot and correct.” This is the classic dilemma – you don’t know what you don’t know – and a call for data provenance.
Drilling down on corrupted data, the report identifies patient data appearing in wrong patient EHR. Before there were electronic records, unique name identifiers challenged and still challenge our brightest wits. Who is John Paul Jones? Is he the same patient as J.P. Jones? Well, clearly he is not the same patient as John Paul, as they have different last names, right? Wait, wasn’t one a Captain in the U.S. Navy and another an Admiral in the Russian Navy? Well, at least we can be assured that John Paul Jones is the one buried at the U.S. Naval Academy.
ECRI also reminds on the chaos that follows default values. I saw a great institution routinely send critical patient information to a deceased physician with the help of the auto-population function during registration.
The 2015 Hazard Report offered four recommendations for data degradation:
- Understand the end user work flow
- Test, test and test some more (which works for ICD-10, too)
- Train the users and make super-users/experts available
- Monitor and report HIT adverse events
I’d like to add a fifth recommendation: Embrace data governance.
And by the way, John Paul and a Russian Admiral are also buried at Annapolis.