The pervasive adoption of Electronic Health Records (EHRs) and other technologies is enabling healthcare delivery and payment reform and reshaping the work of healthcare professionals — but perhaps nowhere more directly than in the discipline of Health Information Management (HIM).

Over a relatively short period of time, the millions of dollars invested in EHR acquisition and integration have produced a domino effect of accelerated change in the HIM environment. Physical medical records are being phased out, more stringent regulatory directives have emerged, and demands have evolved. As a result, the essential tasks being asked of HIM professionals are different.

It is often difficult for HIM professionals, deeply immersed in the trenches of this change, to rise above day-to-day demands and envision and develop new opportunities. But that’s exactly what needs to happen. When faced with the ambiguity of change, the surest way to succeed is to fully engage in driving it. Only through this proactive effort will HIM be able to redefine its role and deliver greater value in today’s largely electronic environment.

This paper examines a new paradigm for Health Information and Records Management (HIRM) and provides practical guidance to help HIM professionals unwind paper records, offload the burden of low-value production work and lead the transition from traditional records management to an optimized HIRM model. Leveraging these compelling insights, HIM professionals can establish a clear connection between their expertise and the organization’s ability to improve service, reduce costs and advance the management and use of information to support overarching strategic goals.

Business As Usual is No Longer an Option

Gaps in Information Management Policy Prove Risky for Providers as Well as for the Patients They Serve.

This can result in partially informed patient decisions, loss of record integrity, inaccurate coding and even breaches of sensitive patient information.

The Current State

Healthcare is undergoing a fundamental shift from fee-for-service to value-based delivery and payment, creating wrenching change in markets, financing and regulations. Reimbursement is declining and shifting to at-risk contracting. The impact of expanded healthcare access remains unknown. What everyone agrees on is that success in a value-based system requires rapid access to reliable information across the care continuum. This is placing extraordinary pressure on legacy HIM models and departmental infrastructures.

At the same time, electronic health records are rapidly replacing legacy paper records. The volume and sources of electronic data are eclipsing the information management capacity of most healthcare organizations, creating inadequate information management policy and infrastructure that breed unnecessary risk and require costly workarounds.

A decentralized, siloed approach increases risk, duplication and cost — particularly for functions such as scanning and release of information. Operating high-risk, resource-intensive production functions at the department level limits the efficiencies and risk reduction that could otherwise be realized through centralization and greater standardization.

To succeed, providers must redesign and reinvest in information management for today’s demands. Business as usual is no longer an option.

The Legacy HIM Model

Despite progress made in moving from paper to digital records, HIRM remains highly decentralized. For example, HIM has historically managed health records, exclusive of other records, at the facility level while other types of critical information and data — both clinical and operational— continue to be managed at the departmental or functional level, without the benefit of enterprise policy and guidelines reflecting best practices.

This is problematic for several reasons. First, EHRs have irrevocably changed the framework of the HIM practice. Today, personally identifiable health record data must be linked across the continuum, exchanged with a range of providers and shared with patients. That means these additional sources of information need to be linked with EHR data to support expanded uses for enhanced EHR data. With so many compartmentalized pockets of information it can be difficult to identify, and in turn integrate, data from all available sources. Furthermore, this decentralized approach hinders an organization’s ability to implement, oversee and enforce standardization. As a result, data is being managed to varying levels of completeness, quality and accessibility.

Unfortunately, these complexities are only magnified for multi-facility health systems with affiliated networks. Often facilities are absorbed and integrated into the system, but resources and processes are never rationalized. As a result, providers are left with a patchwork of inconsistent practices and policies that breed redundancy, risk and inefficiency.

In order to connect the silos, reduce the duplication and enable greater standardization and coordination across the continuum of care, healthcare organizations must address this antiquated, decentralized HIM model and begin the process of transitioning to a more fluid, comprehensive HIRM platform.

Information Policy Framework

The efficiency and quality gains from EHRs and other technologies are contingent on the development and enforcement of operational processes and policies that address integrity, accessibility, efficacy and security of data throughout its life cycle. Without organizational change, technology alone will not produce desired results.1

Few providers today have a dynamic inventory and understanding of data sources, characteristics, uses, access requirements and flow of information. Without adequate information about their data, providers will be unable to establish and enforce consistent policies across the enterprise. As a result, digital systems will continue to promulgate the same redundancies and inefficiencies evident in paper, such as:

“…the hoped-for efficiency and quality gains from electronic records and related applications will evaporate if hospitals and medical practices don’t support them with organizational changes.”

Julia Adler-Milstein

  • Increasing costs due to inefficient storage practices: A typical hospital has dozens or even hundreds of applications, depending on its size. The cost of supporting these applications and associated data continues to increase, and strategic policies for more efficient storage of both digital and legacy paper records are needed to offset real estate, associated labor and IT infrastructure costs.
  • Exposure to preventable risk: In addition to cost, the current state of decentralized, ungoverned information management contributes to organizational risk. These risks include Health Insurance Portability and Accountability (HIPAA) violations due to unauthorized access, data breaches or data loss due to weak or inconsistent practices and decentralized controls.
  • Lack of trust hinders effective use: While less tangible than cost and risk, trust in the accuracy of information is a prerequisite for effective use. Lack of trust reveals itself in slow decision making, questions about accuracy and validity, and a proliferation of “shadow” records. With multiple systems, specialties and facilities, it’s critical for organizations to develop and enforce consistent workflows and policies for data input, integrity and interconnectivity between systems.

The digital side of the house, like the physical side, requires a dedicated focus on organizational policy development. And while the scope of practice is broader and management practices are more complex, it’s a clear gap today hindering effective governance and management planning. Given the unprecedented complexity of the challenge, providers stand in urgent need of a solution.

New World Health Information Management: an enterprise view of HIRM

To arrive at a place where the gap separating the physical and the digital can be bridged, a new model is needed. This new model for HIRM approaches information as a strategic asset whose value must be deliberately managed and augmented. To successfully enact this model, the following foundational elements for information management and governance are required:

Healthcare’s Information Assets: Digital, Physical and Metadata

  • Legal health records and other personally identifiable patient data
  • Personal health records
  • Aggregate patient data
  • Claims and business operations data
  • Registries and quality measures data
  • Case and care management
  • Risk and safety data
  • Research data
  • Reportable vital and public health data
  1. Information is managed as a strategic asset.

    Even though it is not shown on the balance sheet, information is an asset of the healthcare organization as surely as capital, people, research, buildings and reputation. Like other assets, information has strategic and operational value. It is no longer simply a derivative of the work process.

    In order to augment information value and safeguard against poor data quality, privacy and security breaches and other risks, it is important to treat information asset management as a mindset and management strategy. This strategy can be carried out through formalized information governance and enterprise-scoped information management.

  2. Governance is integral to optimized information use and value.

    Information governance is the formulation of policy to optimize, secure and leverage information as an enterprise asset. It formalizes the assignment of responsibility for setting the organization’s information policy framework and ensures that it is carried out across multiple functions and applications.

    Information governance is no longer an option for organizations. It is an enabler that clarifies the values and ground rules for the management and use of information. If the values and rules are not clear, it is impossible to advance and enforce best practices that amplify value, reduce risk and engender trust.

    In a survey of executives of information-intensive companies, a research team from The Economist found that in 81 percent of firms with a formal information governance strategy, “information can be better shared between departments, allowing for better decision-making”.2

  3. Information Management is an enterprise-wide function.

    Enterprise Information Management (EIM) aligns people, processes, data and technology with information policies and best practices. At the foundation of EIM are well-documented and clearly enforceable policies. These policies should address pertinent information management functions such as data quality management, data content standards, life cycle management and securing vital data assets. That said, good policy is only as good as those practicing it. For this reason, employee development specific to establishing and enhancing information management competencies across the organization should also be considered a critical component of EIM.

    EIM, whether centralized or decentralized, involves extensive collaboration with patient care, delivery, business process owners and IT. It is “an essential organizational discipline” which cannot be realized in the absence of a foundational information governance framework.3

The Building Blocks for an Enterprise Model for Information Governance

As depicted in the chart below, an enterprise model for information governance is composed of three primary building blocks and two supporting foundational elements. The three primary building blocks include Design and Capture, Access and Use, and Life Cycle Management of Data. Processes for managing information integrity and quality, as well as privacy, confidentiality and security, support these building blocks, and are foundational to the model. Information governance is shown as enveloping these enterprise functions as part of a broader policy and accountability framework. To establish an enterprise model for information governance, the functions outlined below must be assessed and augmented. In those instances where they do not already exist, they must be established.

Managing information across its life cycle begins with the design and capture functions. These functions address the architecture, content definitions, standards, reference terminologies, metadata and other mechanisms that improve the efficiency and quality of data collection, capture, downstream information use, interoperability and reuse. Ideally, data should be captured once and used for a variety of purposes. Content standards should be explicit to aid interpretation of meaning. While most health systems are some ways away from meeting these ideals, an enterprise view will advance these important goals.

Information access and use functions advance and support critical uses of data and information. They support the work of the clinical and business process owners who must use data in their work. They also support patient access to health information, health information exchange functions and other release of information functions. Information management has a role in helping to educate data users about data characteristics, reliability and accuracy and to work collaboratively to build trust in data for population health management, community and public health.

Life cycle management functions define and maintain designated records sets, including legal health records and other types of records, in accordance with the clinical and business needs of the organization and all applicable legal and regulatory requirements. They manage the explicit plans and processes for storage, retention and disposition of medical and business records, balancing access needs, compliance and cost effectiveness. They address special records management issues such as formal hold orders and eDiscovery.

Information integrity and data quality functions ensure that data and content are accurate, reliable, up-to-date, consistent and “fit for use.” Information integrity begins with data architecture, definitions and relationships, including metadata and data capture processes. It addresses the provenance or lineage of data and processes for error correction and amendments. Analysis of medical records for completeness and accuracy has long been an important HIM function. Redesigning these practices for a real-time, electronic environment is an important focus for enterprise HIRM practice.

Privacy, confidentiality and security functions protect personally identifiable and other sensitive information. These functions ensure that information is available only to authorized persons and used only for specific purposes. Risk assessment and audits are important tools for security and the demonstration of HIPAA compliance and, as with data quality, they present more complex management challenges today due to technology, including mobile health information exchange and the expansion of uses and users.

A sound enterprise model for information management and governance will:

  • View information as an asset that must be deliberately managed.
  • Encompass patient records and other clinical and business data, information and records, files and reports.
  • Put in place and continuously improve on the component functions reflected in the model.
  • Encompass the life cycle of information and records.
  • Be guided by effective governance and stewardship values and policies, focusing on getting it right where it matters most.
  • Strive for measurable and sustainable improvement over time.

Accelerating the Journey to EIM and Governance

Forward-thinking HIM leaders understand the need to transition from traditional HIM to enterprise information management. While many are making forward progress, some continue to be bogged down with production and transactional tasks and regulatory changes with tight deadlines. As a result, far reaching improvements that truly advance the ball get deferred and the cycle continues.

Too many HIM leaders were left out of critical decisions such as EHR selection, only to be called upon later to find workarounds for information and records management shortcomings that would have been foreseen and avoided had they been involved at the outset. With a unique understanding of information content and records, information flow, user needs and compliance, HIM professionals are uniquely positioned to play a critical role in enterprise information management. That said, this is a team sport, and effective collaboration like never before is required among HIM, CIOs, IT, clinical informatics and business process owners.

Transitioning from traditional HIM to enterprise HIRM is a journey, and like any journey this transition takes vision, preparation and flawless execution. What’s my destination and what route should I take? Who is on my team and whose support do I need? What unexpected events should I plan for? As shown in the Commencing the Journey to EIM and Governance chart on page 10, a five-phase road map is offered as a proven way to advance from departmental to enterprise HIM. Organizations that have followed this road map have seen significant improvements in information quality, integrity, efficacy and overall usability.

Phase I: Shift resources to higher-value work

Priorities such as the transition to ICD-10, demonstrating meaningful use and strengthening privacy and security require dedicated HIM resources. Budget constraints and cuts preclude adding new resources, so HIM leaders must shift existing scarce HIM resources to higher-value priorities. An effective way to accomplish this is to eliminate, reduce or outsource the storage of physical records and related transactional work.

For example, as an EHR implementation progresses, it is no longer necessary or cost-effective to maintain onsite storage of archival records. An effective strategy is to make the file room a thing of the past by:

  • Developing and applying retention policies to eliminate obsolete records
  • Scanning frequently accessed paper records to make them readily available.
  • Centralizing and relocating formerly active records to low-cost offsite storage.
  • Scanning archival paper records as they are requested thereafter.
  • Outsourcing resource-heavy processing functions such as release of information and scanning to multiply efficiencies and cost savings.

Through strategic outsourcing of these types of paper-based functions, HIM can alleviate bandwidth constraints and seamlessly redeploy resources to more valuable roles such as data quality or master person index management.

That said, it’s important to understand that transitioning to enterprise HIM requires a deliberate focus on eliminating or outsourcing lower-value work in order to shift staff to new roles. This always involves making trade-offs. By inventorying and evaluating the current return on time invested for legacy processes, HIM can identify where trade-offs should be made to free up resources for newly emerging, higher-value work.

A leading provider in Denver realized a 20 percent reduction in records management costs — and a more reliable and efficient process — by outsourcing storage to an offsite vendor. In turn, savings could be redeployed to fund other strategic initiatives.

Phase II: Identify short-term EIM priorities

To identify short-term EIM priorities, it is important to gain a more complete view of information across the enterprise. Inventory the information systems and identify for each the primary uses, the clinical and business process owners, and the source and flow of data. Include major applications like EHRs and PACs. Examine ancillary sources like research and clinical trials data and disease and procedure registries. Account for expanding sources and uses like telemedicine systems, digital pathology and patient-provider emails.

While this may seem a daunting task, the CIO most likely has an inventory of systems and applications. What HIM can add is a more complete analysis of information content characteristics and how it is used. Each application captures, processes, moves and stores data. Each has process owners who serve in an information management role, setting and administering policy for access, retention, data quality and even release of information. Consider what, if any, data content standards govern the capture and management of particular data types. As information proliferates, so does variation — in content, controls and quality.

A more complete understanding of this information is an essential initial step in moving from a siloed to an enterprise view of information life cycle management. It reveals areas of vulnerability and leads to insights about ways to unify content and records management.

From this broader assessment of the current information environment, identify areas of greatest vulnerability for short-term work on information policy, content and workflows. Use the EIM model as a high-level guide for categorizing these vulnerabilities. Do they relate to life cycle management, including how records or digital information are stored and retained? Do they relate to how data is defined or captured? Are they indicative of poor data quality or weak privacy and security controls?

Information assessment leading to a manageable set of compelling short-term priorities will demonstrate the value of an enterprise view of information management. This will help build the case for governance.

Phase III: Organize for information governance

Establishing an information governance authority and process requires executive sponsorship and a multi-disciplinary steering group. Gaining support to implement these important steps will require salesmanship. The insights from the information inventory and assessment of vulnerabilities help build the case, but the case must still be made, and this requires an awareness of the strategic landscape and the political climate to gain allies for change.

Step 1. Secure executive sponsors. Executive sponsorship is crucial to the success of any strategic initiative. Depending on the size of the organization and the political environment, sponsorship may come from the CEO, COO, CMIO, CFO or CIO. Executive sponsors provide direction, protection, budget and problem-resolution. To secure sponsorship, the positive steps and knowledge from Phases I and II should be framed in terms of strategic priorities such as cost reduction, quality improvement or preparing for payment reform.

Step 2. Convene a multidisciplinary steering committee. A steering committee is the nexus for governance decision-making with broad representation across departments and functions such as physician and nursing leaders, the CFO , CIO, CMIO, IT, IM, informatics, legal, finance, compliance and risk. Like the historical medical records committee, this steering committee will be the go-to cross-functional group charged with goal-setting, approving and enforcing policies, allocating resources and measuring results.

Step 3. Assign working groups and staff. Steering committees in larger organizations require that pre-work on policies, process design, evaluation and monitoring be done by working groups or staff. Working groups offer a multidisciplinary perspective. The Organizing for Information Governance chart shows working groups focused on the three elements of the EIM model. Alternatively, the working groups may have a specific project focus such as ICD-10 or implementation of updated privacy regulations.

The Information Integrity and Quality and Privacy, Security and Confidentiality functions depicted below are shown as staff or line functions with an appointed manager.

Phase IV: Extend work on EIM priorities

With executive sponsorship and interdisciplinary participation, the centralized records management approach that began in Phase I can be expanded to include additional record types such as invoices, human resources records and lab notebooks, as well as electronic records and medical images. This is a natural progression of governance that is not only recommended, but necessary.

Keep in mind, silos of information managed independently and uniquely, outside the scope of the governance committees, create inconsistencies in data quality, gaps in data security and hinder timely access.

In order to eliminate these information silos and the associated challenges, the committee must establish policies for the storage and management of all paper records, medical images and other unstructured digital and physical archives across the organization within the context of a centralized framework. Through this process, opportunities for consolidation, standardization and integration will be identified, resulting in cost and risk reductions and improved patient care.

Benefits of consolidation, standardization and integration

  • Cost Reductions. Streamlining vendors and leveraging purchasing power across the health system can lower costs. A consistent, policy-driven approach to managing information will optimize capacity and reduce redundancy and complexity.
  • Risk Reductions. A central platform will improve security and compliance, and better enable discovery management.
  • Improved Patient Care. A center of excellence approach enables a centralized, complete patient record, providing better access to patient information.

Most importantly, the comprehensive development and application of policy to the various silos of information across the enterprise will help organizations break down legacy barriers such as function, department and geography, resulting in a higher level of integration and interconnectivity.

The Road map for Information Governance

  • Make a break from paper. Implement a plan that outsources records storage, production functions and transactional work.
  • Build the case for EIM by understanding the current state of information and records management across the enterprise.
  • Organize for information governance at the enterprise or functional level. Get as far as is politically possible, extending support through effective collaboration.
  • Measure results including cost savings, operational improvement and risk reduction — at each step of the journey.
  • Capture the organizational learning. EIM is a discipline to be built and improved upon over time. It begins with raising awareness and initiating a dialogue about how you manage high-value information assets.

Phase V: Develop a unified information policy framework

At the heart of information governance is a framework of unifying policies for information management. Policies set forth the ground rules and intent and should reflect relevant standards and best practices. They serve to communicate, educate and facilitate compliance and enforcement.

Developing and maintaining these policies is a key EIM function and a major way that HIM contributes to overall governance. Policy management for an enterprise involves creating or resourcing the following processes and artifacts:

  • A process for policy development, dissemination and maintenance.
  • A priority matrix to guide policy work.
  • A policy leader or policy development group(s).
  • Web technologies to link policies to implementation guides, education and other resources.
  • Enforcement protocols.

HIM professionals leading enterprise information management should provide a useable policy framework that reflects governance decisions, standards and best practices. Governance ensures that it is clear who is responsible for applying these policies, and what the consequences are for failing to do so.

Leveraging HIM Skills: Knowledge Work for Enterprise Information Management

The road map to EIM is intended to help accelerate the pace of change. Freed from the constraints of managing paper records and transactional work, HIM professionals can leverage their uniquely valuable skills to assume a range of managerial and subject matter expert roles that advance EIM and governance.

Enterprise information management encompasses a range of knowledge work functions. In smaller organizations these will be combined and assigned based on the skills of the workforce and the needs of the organization. In larger organizations, there will be specialization and more than one person in a number of these roles.

These knowledge roles rest on foundational HIM competencies, but may require additional training and even advanced degrees.

Redefining the role of HIM in the new world of Information Governance is a call to action grounded on practical and tested experience. The drivers for EIM and information governance are not new, but the rapid adoption of technology and volume of data has made the challenges far more complex and costly.

Even so, getting organizational buy-in from senior management and clinical and business leaders around concepts like data quality, stewardship and life cycle management will be very difficult. To be successful, you must relate these concepts to organizational goals, and translate them to dollars saved, performance improved and risks mitigated.

A range of knowledge roles are available under the broader framework of enterprise information management. Depending on one’s skills and interests, roles include:

  • Enterprise Information Management leadership.
  • Privacy and/or security officer.
  • Revenue cycle management.
  • Data quality and integrity.
  • Clinical vocabulary and classification.
  • Compliance and risk.
  • Information policy and standards.
  • Records life cycle management.
  • Information access and release.
  • Health data analyst.
  • Data dictionary.
  • Patient information advocates.
  • Health information exchange.

Establishing your Action Plan

To build a successful business case for information governance, leverage the following best practices:5

  1. Align the business case for information governance to strategic corporate initiatives and key stakeholders.
  2. Identify the top-level business benefits such as increasing revenue, reducing costs, managing under new forms of reimbursement, improving quality and engaging patients.
  3. Identify detailed, quantifiable business benefits, such as reduced operating costs and exposure to risk, and qualitative benefits such as improved trust in data.
  4. Undertake improvements in the areas where you have the authority and responsibility to innovate. As an example, the road map on page 10 demonstrates the value of redesigning records management using a centralized offsite storage model.
  5. Set performance indicators and measure impact. Each improvement experience strengthens the case.
  6. Prioritize projects based on relative business value as aligned with organizational priorities.

The new world of HIM offers enormous opportunities for high-impact work that contributes to the value of information assets for the good of healthcare organizations and the patients they serve. These opportunities, however, can only be realized through organizational innovation. HIM professionals must be willing and prepared to address the status quo, rationalize legacy processes, and most importantly, transfer their experience and expertise to shape the vision of information governance. Only then will healthcare providers achieve an optimized HIRM platform that delivers optimal cost savings, maximum usability and superior interconnectivity across the continuum of care.