March 2017

HIM Happenings: HIM Involvement Essential to Effective IG
By Rita Bowen, MA, RHIA, CHPS, SSGB
For The Record
Vol. 29 No. 3 P. 5

Given the growing influx and importance of health care data, developing information governance (IG) policies and procedures is mandatory for any health care organization. In doing so, however, health care organizations must not become too focused on the "how" and "where" of data access and flow. These questions are essential, but priority must be given to contextual questions surrounding data, such as the following:

• What type of information is this?
• Why will it be disclosed and accessed?
• Who are the users, and what do they need from the data?

To fully answer these questions, HIM staff must play an integral role in the IG committee. HIM understands how data are exchanged not only with providers and staff but also with payers and patients, who play an increasingly active role in requesting and accessing information.

HIM offers the most holistic, integrated perspective on why data are exchanged, what stakeholders want to know, and how to ensure accurate and complete information is disclosed. A fuller picture of this process facilitates effective and efficient information exchange for faster, less expensive care decisions and revenue cycle operations. For this reason, it is important to involve HIM early in the process, as well as throughout the program's development and once it has been established.

At the Heart of IG Answers
Health care organizations that have made significant financial and time investments in EHR adoption now have an enormous enterprisewide data repository that may be accessible to a large portion of staff members. Furthermore, provider organization merger and acquisition activity has reached record levels over the last several years, including 2016.

This increase in data access points, as well as the influx of information from merger partners, demands an IG program that standardizes the input, access, and disclosure of protected health information (PHI). Putting such rules in place requires HIM guidance.

When developing an IG program, HIM leaders may apply a Six Sigma approach to ensure no assumptions are made when learning about the workflows of the various departments and facilities that access and disclose data. This allows for a full vetting of issues and the mapping of information to develop an action plan and improvement activities. HIM also can recommend best practices, such as partnering with a skilled and knowledgeable PHI disclosure management company that has proven expertise in understanding IG principles and can integrate with the hospital's electronic source systems. Such a partner is often engaged in the discussion and definition of the source of truth for information, an essential concept to master in IG development. Also, as a partner that manages PHI on behalf of the covered entity utilizing advanced technologies, the vendor can provide feedback regarding data quality so that appropriate mitigation efforts are taken to resolve issues and/or processes.

Ensuring Data Integrity
Ensuring data in the EHR and other systems are accurate is at the heart of the IG development process. Technology plays a critical role in protecting that data integrity. Most IT departments already have interface mapping, which is often a good starting point to dive deeper into the process of data location and exchange protocols. An accurate and complete data map, which can be given deeper context through HIM involvement, allows a facility to collect information once and repurpose it as needed for maximum efficiency. This assists in driving predictive analytics for care, and also improves quality and leads to greater patient and clinician satisfaction.

HIM leaders are familiar with other tools as well. For example, record integrity IT applications utilize optical character recognition technology to scan every page of a record to prevent comingled pages. Such a tool is essential for accurate and compliant PHI disclosure and when combining charts following a merger. A complete IG program needs to include such technology that can improve data integrity and help prevent unauthorized PHI disclosure.

A Living Document
Implementation of IG policies and procedures is only the beginning. IG is an ongoing process that continually needs reviewing and updating as new technology is adopted, new facilities are integrated, and HIPAA regulations change.

Once implemented, organizations often request HIM departments to take ownership moving forward. IG, however, truly is an enterprisewide effort among staff and clinicians—much in the same way that improving quality of care, lowering costs, and increasing patient satisfaction are group endeavors.

In fact, effective IG drives the success of all stakeholders regardless of their data needs or goals.

— Rita Bowen, MA, RHIA, CHPS, SSGB, is vice president of privacy, compliance, and HIM policy for MRO.