Skip to Content

Information governance practices must help protect patient data

Nearly always, the first question I get asked in regard to information governance is “how do I sell the value? I know things are bad, but no one is willing to put money or resources behind the effort.”

An unpopular, but effective, technique is to let the train go off the track. Yes. Brace yourself and take the hit. You can see the information train barreling down the track, and part of the track is missing. Every instinct you have tells you to stop the train. You can’t stop the train. You can recommend stopping the train, but many times another crisis du jour takes precedence. If you are in this situation, follow these guides:

  1. Measure where you are now in whatever way you can.
  2. Write down how you could tell that the train was going to go off the track.
  3. Measure the impact of the immediate derailment—as well as adjacent costs. Now you’re prepared to make the case for information governance.

You must be prepared for this conversation. In a recent article from The Irish Times, the government–Health Information and Quality Authority (Hiqa)–warned health care professionals that ignorance is not a good enough excuse anymore in regard to information governance practices protecting patient data. What You Should Know about Information Governance: a Guide for Health and Social Care Staff helps health professionals understand both the law and best practices.

The article highlights several hair-raising stories:

  • Patient records were found in bins
  • Patient records sent for transcription accessed and disclosed by unauthorized people

Prof Grimson said “Good information governance is a core component of safer, better healthcare. It is not something that takes place in isolation, or separate from healthcare provision, but underlies safe effective care.” Why? Because more and more healthcare records are going digital. This explosion of rich content is complicated by  hand-written notes, which require transcription. Rich metadata and monitoring of that information is also required in real-time—which patient has not been visited in the last 4 hours? How many beds are available in a specific department? Were the test results returned according to service level agreements with the lab?

The article also cites “Internationally, it is estimated that almost 30 per cent of the total health budget is spent on handling information, collecting it, looking for it or storing it.”

How, specifically, does information governance help?

  • Establish access and privacy policies. Write these down. And then track how compliant you are to these policies.
  • Establish a global definition framework: what does it mean to be a patient? Is there a single record stored that represents that patient (no copy is laying around in a file cabinet?) Your access and privacy policies are much easier to enforce when you have this single definition and storage of a patient record.
  • Use technology to automate as much of the data movement, enrichment, and transcription as possible. Reliable technology reduces the human touch-points, which helps you control access policies more tightly.

You can do some of these things before the train derails. Unfortunately, sometimes you have to let the train derail to gain internal sponsorship. But you must be ready to describe which information governance principles you would use to not only solve the problem, but prevent it from occurring again. 

Be the first to leave a comment
You must be Logged on to comment or reply to a post.