Redefining the Role of Health Information Management in the New World of Information Governance
The pervasive adoption of Electronic Health Records (EHRs) and other
technologies is enabling healthcare delivery and payment reform and reshaping
the work of healthcare professionals — but perhaps nowhere more directly than
in the discipline of Health Information Management (HIM).
Over a relatively short period of time, the millions of dollars invested in EHR
acquisition and integration have produced a domino effect of accelerated
change in the HIM environment. Physical medical records are being phased out,
more stringent regulatory directives have emerged, and demands have evolved.
As a result, the essential tasks being asked of HIM professionals are different.
It is often difficult for HIM professionals, deeply immersed in the trenches of
this change, to rise above day-to-day demands and envision and develop new
opportunities. But that’s exactly what needs to happen. When faced with the
ambiguity of change, the surest way to succeed is to fully engage in driving it.
Only through this proactive effort will HIM be able to redefine its role and
deliver greater value in today’s largely electronic environment.
This paper examines a new paradigm for Health Information and Records
Management (HIRM) and provides practical guidance to help HIM professionals
unwind paper records, offload the burden of low-value production work and lead
the transition from traditional records management to an optimized HIRM
model. Leveraging these compelling insights, HIM professionals can establish a
clear connection between their expertise and the organization’s ability to
improve service, reduce costs and advance the management and use of
information to support overarching strategic goals.
Business As Usual is No Longer an Option
Gaps in Information
Management Policy Prove
Risky for Providers as
Well as for the Patients
This can result in partially informed patient
decisions, loss of record integrity,
inaccurate coding and even breaches of
sensitive patient information.
The Current State
Healthcare is undergoing a fundamental shift from
fee-for-service to value-based delivery and
payment, creating wrenching change in markets,
financing and regulations. Reimbursement is
declining and shifting to at-risk contracting. The
impact of expanded healthcare access remains
unknown. What everyone agrees on is that success
in a value-based system requires rapid access to
reliable information across the care continuum. This
is placing extraordinary pressure on legacy HIM
models and departmental infrastructures.
At the same time, electronic health records
are rapidly replacing legacy paper records. The
volume and sources of electronic data are
eclipsing the information management capacity
of most healthcare organizations, creating
inadequate information management policy and
infrastructure that breed unnecessary risk and
require costly workarounds.
A decentralized, siloed approach increases risk,
duplication and cost — particularly for functions such
as scanning and release of information. Operating
high-risk, resource-intensive production functions at
the department level limits the efficiencies and risk
reduction that could otherwise be realized through
centralization and greater standardization.
To succeed, providers must redesign and reinvest
in information management for today’s demands.
Business as usual is no longer an option.
The Legacy HIM Model
Despite progress made in moving from paper to
digital records, HIRM remains highly decentralized.
For example, HIM has historically managed health
records, exclusive of other records, at the facility level while other types of critical information and
data — both clinical and operational— continue to be
managed at the departmental or functional level,
without the benefit of enterprise policy and
guidelines reflecting best practices.
This is problematic for several reasons. First, EHRs
have irrevocably changed the framework of the HIM
practice. Today, personally identifiable health record
data must be linked across the continuum,
exchanged with a range of providers and shared
with patients. That means these additional sources
of information need to be linked with EHR data to
support expanded uses for enhanced EHR data.
With so many compartmentalized pockets of
information it can be difficult to identify, and in turn
integrate, data from all available sources.
Furthermore, this decentralized approach hinders
an organization’s ability to implement, oversee and
enforce standardization. As a result, data is being
managed to varying levels of completeness, quality
Unfortunately, these complexities are only
magnified for multi-facility health systems with
affiliated networks. Often facilities are absorbed
and integrated into the system, but resources
and processes are never rationalized. As a result,
providers are left with a patchwork of inconsistent
practices and policies that breed redundancy, risk
In order to connect the silos, reduce the
duplication and enable greater standardization
and coordination across the continuum of care,
healthcare organizations must address this
antiquated, decentralized HIM model and begin
the process of transitioning to a more fluid,
comprehensive HIRM platform.
Information Policy Framework
The efficiency and quality gains from EHRs and
other technologies are contingent on the development
and enforcement of operational processes and policies
that address integrity, accessibility, efficacy and
security of data throughout its life cycle. Without
organizational change, technology alone will not
produce desired results.1
Few providers today have a dynamic inventory and
understanding of data sources, characteristics, uses,
access requirements and flow of information. Without
adequate information about their data, providers will
be unable to establish and enforce consistent policies
across the enterprise. As a result, digital systems will
continue to promulgate the same redundancies and
inefficiencies evident in paper, such as:
“…the hoped-for efficiency
and quality gains from
electronic records and
related applications will
evaporate if hospitals and
medical practices don’t
support them with
- Increasing costs due to inefficient storage
practices: A typical hospital has dozens or even
hundreds of applications, depending on its size.
The cost of supporting these applications and
associated data continues to increase, and
strategic policies for more efficient storage of
both digital and legacy paper records are needed
to offset real estate, associated labor and IT
- Exposure to preventable risk: In addition
to cost, the current state of decentralized,
ungoverned information management contributes
to organizational risk. These risks include Health
Insurance Portability and Accountability (HIPAA)
violations due to unauthorized access, data
breaches or data loss due to weak or inconsistent
practices and decentralized controls.
- Lack of trust hinders effective use: While less
tangible than cost and risk, trust in the accuracy
of information is a prerequisite for effective use.
Lack of trust reveals itself in slow decision making,
questions about accuracy and validity,
and a proliferation of “shadow” records. With
multiple systems, specialties and facilities, it’s
critical for organizations to develop and enforce
consistent workflows and policies for data input,
integrity and interconnectivity between systems.
The digital side of the house, like the physical side,
requires a dedicated focus on organizational policy
development. And while the scope of practice is
broader and management practices are more
complex, it’s a clear gap today hindering effective
governance and management planning. Given the
unprecedented complexity of the challenge,
providers stand in urgent need of a solution.
New World Health Information Management:
an enterprise view of HIRM
To arrive at a place where the gap separating the
physical and the digital can be bridged, a new
model is needed. This new model for HIRM
approaches information as a strategic asset whose
value must be deliberately managed and
augmented. To successfully enact this model, the
following foundational elements for information
management and governance are required:
Healthcare’s Information Assets:
Digital, Physical and Metadata
- Legal health records and other
personally identifiable patient data
- Personal health records
- Aggregate patient data
- Claims and business operations data
- Registries and quality measures data
- Case and care management
- Risk and safety data
- Research data
- Reportable vital and public health data
- Information is managed as a strategic asset.
Even though it is not shown on the balance sheet,
information is an asset of the healthcare
organization as surely as capital, people, research,
buildings and reputation. Like other assets,
information has strategic and operational value. It is
no longer simply a derivative of the work process.
In order to augment information value and
safeguard against poor data quality, privacy and
security breaches and other risks, it is important
to treat information asset management as a mindset and management strategy. This strategy
can be carried out through formalized
information governance and enterprise-scoped
- Governance is integral to optimized
information use and value.
is the formulation of policy to optimize, secure and
leverage information as an enterprise asset. It
formalizes the assignment of responsibility for setting
the organization’s information policy framework and
ensures that it is carried out across multiple functions
Information governance is no longer an option for
organizations. It is an enabler that clarifies the
values and ground rules for the management and
use of information. If the values and rules are not
clear, it is impossible to advance and enforce best
practices that amplify value, reduce risk and
In a survey of executives of information-intensive
companies, a research team from The Economist
found that in 81 percent of firms with a formal
information governance strategy, “information can
be better shared between departments, allowing for
- Information Management is an enterprise-wide
Enterprise Information Management (EIM)
aligns people, processes, data and technology with
information policies and best practices. At the
foundation of EIM are well-documented and clearly
enforceable policies. These policies should address
pertinent information management functions such as
data quality management, data content standards, life cycle management and securing vital data assets.
That said, good policy is only as good as those
practicing it. For this reason, employee development
specific to establishing and enhancing information
management competencies across the organization
should also be considered a critical component of EIM.
EIM, whether centralized or decentralized, involves
extensive collaboration with patient care, delivery,
business process owners and IT. It is “an essential
organizational discipline” which cannot be realized in
the absence of a foundational information
The Building Blocks for an Enterprise
Model for Information Governance
As depicted in the chart below, an enterprise model
for information governance is composed of three
primary building blocks and two supporting
foundational elements. The three primary building
blocks include Design and Capture, Access and Use,
and Life Cycle Management of Data. Processes for
managing information integrity and quality, as well
as privacy, confidentiality and security, support
these building blocks, and are foundational to the
model. Information governance is shown as
enveloping these enterprise functions as part of
a broader policy and accountability framework. To establish an enterprise model for information
governance, the functions outlined below must be
assessed and augmented. In those instances where
they do not already exist, they must be established.
Managing information across its life cycle begins
with the design and capture functions. These
functions address the architecture, content
definitions, standards, reference terminologies,
metadata and other mechanisms that improve the
efficiency and quality of data collection, capture,
downstream information use, interoperability and
reuse. Ideally, data should be captured once and
used for a variety of purposes. Content standards
should be explicit to aid interpretation of meaning.
While most health systems are some ways away
from meeting these ideals, an enterprise view will
advance these important goals.
Information access and use functions advance
and support critical uses of data and information.
They support the work of the clinical and business
process owners who must use data in their work.
They also support patient access to health
information, health information exchange functions
and other release of information functions.
Information management has a role in helping to
educate data users about data characteristics,
reliability and accuracy and to work collaboratively
to build trust in data for population health
management, community and public health.
Life cycle management functions define and
maintain designated records sets, including legal
health records and other types of records, in
accordance with the clinical and business needs of
the organization and all applicable legal and
regulatory requirements. They manage the explicit
plans and processes for storage, retention and
disposition of medical and business records,
balancing access needs, compliance and cost
effectiveness. They address special records
management issues such as formal hold orders
Information integrity and data quality functions
ensure that data and content are accurate, reliable,
up-to-date, consistent and “fit for use.” Information
integrity begins with data architecture, definitions
and relationships, including metadata and data
capture processes. It addresses the provenance or
lineage of data and processes for error correction
and amendments. Analysis of medical records for
completeness and accuracy has long been an
important HIM function. Redesigning these
practices for a real-time, electronic environment is
an important focus for enterprise HIRM practice.
Privacy, confidentiality and security functions
protect personally identifiable and other sensitive
information. These functions ensure that
information is available only to authorized persons
and used only for specific purposes. Risk
assessment and audits are important tools for
security and the demonstration of HIPAA
compliance and, as with data quality, they present
more complex management challenges today due to
technology, including mobile health information
exchange and the expansion of uses and users.
A sound enterprise
model for information
- View information as
an asset that must be
- Encompass patient
records and other clinical
and business data,
information and records,
files and reports.
- Put in place and
continuously improve on
the component functions
reflected in the model.
- Encompass the life cycle
of information and
- Be guided by effective
stewardship values and
policies, focusing on
getting it right where it
- Strive for measurable and
Accelerating the Journey to EIM and Governance
Forward-thinking HIM leaders understand the need to transition
from traditional HIM to enterprise information management.
While many are making forward progress, some continue to be
bogged down with production and transactional tasks and
regulatory changes with tight deadlines. As a result, far reaching
improvements that truly advance the ball get deferred
and the cycle continues.
Too many HIM leaders were left out of critical decisions such as
EHR selection, only to be called upon later to find workarounds
for information and records management shortcomings that
would have been foreseen and avoided had they been involved
at the outset. With a unique understanding of information
content and records, information flow, user needs and
compliance, HIM professionals are uniquely positioned to play a
critical role in enterprise information management. That said,
this is a team sport, and effective collaboration like never before
is required among HIM, CIOs, IT, clinical informatics and
business process owners.
Transitioning from traditional HIM to enterprise HIRM is a
journey, and like any journey this transition takes vision,
preparation and flawless execution. What’s my destination and
what route should I take? Who is on my team and whose
support do I need? What unexpected events should I plan for?
As shown in the Commencing the Journey to EIM and
Governance chart on page 10, a five-phase road map is offered
as a proven way to advance from departmental to enterprise
HIM. Organizations that have followed this road map have seen
significant improvements in information quality, integrity,
efficacy and overall usability.
Phase I: Shift resources to higher-value
Priorities such as the transition to ICD-10,
demonstrating meaningful use and strengthening
privacy and security require dedicated HIM
resources. Budget constraints and cuts preclude
adding new resources, so HIM leaders must shift
existing scarce HIM resources to higher-value
priorities. An effective way to accomplish this is to
eliminate, reduce or outsource the storage of
physical records and related transactional work.
For example, as an EHR implementation
progresses, it is no longer necessary or cost-effective
to maintain onsite storage of archival records.
An effective strategy is to make the file room a
thing of the past by:
- Developing and applying retention policies to
eliminate obsolete records
- Scanning frequently accessed paper records to
make them readily available.
- Centralizing and relocating formerly active
records to low-cost offsite storage.
- Scanning archival paper records as they are
- Outsourcing resource-heavy processing functions
such as release of information and scanning to
multiply efficiencies and cost savings.
Through strategic outsourcing of these types of
paper-based functions, HIM can alleviate bandwidth
constraints and seamlessly redeploy resources to
more valuable roles such as data quality or master
person index management.
That said, it’s important to understand that
transitioning to enterprise HIM requires a deliberate
focus on eliminating or outsourcing lower-value
work in order to shift staff to new roles. This always
involves making trade-offs. By inventorying and
evaluating the current return on time invested for
legacy processes, HIM can identify where trade-offs
should be made to free up resources for newly
emerging, higher-value work.
A leading provider in Denver
realized a 20 percent
reduction in records
management costs — and a
more reliable and efficient
process — by outsourcing
storage to an offsite vendor.
In turn, savings could be
redeployed to fund other
Phase II: Identify short-term EIM priorities
To identify short-term EIM priorities, it is important
to gain a more complete view of information across
the enterprise. Inventory the information systems
and identify for each the primary uses, the clinical
and business process owners, and the source and
flow of data. Include major applications like EHRs and
PACs. Examine ancillary sources like research and
clinical trials data and disease and procedure
registries. Account for expanding sources and uses
like telemedicine systems, digital pathology and
While this may seem a daunting task, the CIO most
likely has an inventory of systems and applications.
What HIM can add is a more complete analysis of
information content characteristics and how it is
used. Each application captures, processes, moves
and stores data. Each has process owners who
serve in an information management role, setting
and administering policy for access, retention, data
quality and even release of information. Consider
what, if any, data content standards govern the
capture and management of particular data types.
As information proliferates, so does variation — in
content, controls and quality.
A more complete understanding of this information is
an essential initial step in moving from a siloed to an
enterprise view of information life cycle management.
It reveals areas of vulnerability and leads to insights
about ways to unify content and records management.
From this broader assessment of the current
information environment, identify areas of greatest
vulnerability for short-term work on information
policy, content and workflows. Use the EIM model as a
high-level guide for categorizing these vulnerabilities.
Do they relate to life cycle management, including
how records or digital information are stored and
retained? Do they relate to how data is defined or
captured? Are they indicative of poor data quality or
weak privacy and security controls?
Information assessment leading to a manageable set of
compelling short-term priorities will demonstrate the value of an enterprise view of information management.
This will help build the case for governance.
Phase III: Organize for information
Establishing an information governance authority
and process requires executive sponsorship and a
multi-disciplinary steering group. Gaining support to
implement these important steps will require
salesmanship. The insights from the information
inventory and assessment of vulnerabilities help
build the case, but the case must still be made, and
this requires an awareness of the strategic landscape
and the political climate to gain allies for change.
Step 1. Secure executive sponsors. Executive
sponsorship is crucial to the success of any strategic
initiative. Depending on the size of the organization
and the political environment, sponsorship may
come from the CEO, COO, CMIO, CFO or CIO.
Executive sponsors provide direction, protection,
budget and problem-resolution. To secure
sponsorship, the positive steps and knowledge from
Phases I and II should be framed in terms of
strategic priorities such as cost reduction, quality
improvement or preparing for payment reform.
Step 2. Convene a multidisciplinary steering
committee. A steering committee is the nexus
for governance decision-making with broad
representation across departments and functions
such as physician and nursing leaders, the CFO , CIO,
CMIO, IT, IM, informatics, legal, finance, compliance
and risk. Like the historical medical records
committee, this steering committee will be the go-to
cross-functional group charged with goal-setting,
approving and enforcing policies, allocating
resources and measuring results.
Step 3. Assign working groups and staff. Steering committees in larger organizations
require that pre-work on policies, process design,
evaluation and monitoring be done by working
groups or staff. Working groups offer a multidisciplinary
perspective. The Organizing for
Information Governance chart shows working
groups focused on the three elements of the EIM
model. Alternatively, the working groups may have
a specific project focus such as ICD-10 or
implementation of updated privacy regulations.
The Information Integrity and Quality and Privacy,
Security and Confidentiality functions depicted
below are shown as staff or line functions with an
Phase IV: Extend work on EIM priorities
With executive sponsorship and interdisciplinary
participation, the centralized records management
approach that began in Phase I can be expanded to
include additional record types such as invoices,
human resources records and lab notebooks, as well
as electronic records and medical images. This is a
natural progression of governance that is not only
recommended, but necessary.
Keep in mind, silos of information managed
independently and uniquely, outside the scope of
the governance committees, create inconsistencies
in data quality, gaps in data security and hinder
In order to eliminate these information silos and
the associated challenges, the committee must
establish policies for the storage and management
of all paper records, medical images and other
unstructured digital and physical archives across
the organization within the context of a centralized
framework. Through this process, opportunities for
consolidation, standardization and integration will
be identified, resulting in cost and risk reductions
and improved patient care.
Benefits of consolidation, standardization and integration
- Cost Reductions. Streamlining vendors and leveraging purchasing power across the
health system can lower costs. A consistent, policy-driven approach to managing
information will optimize capacity and reduce redundancy and complexity.
- Risk Reductions. A central platform will improve security and compliance, and better
enable discovery management.
- Improved Patient Care. A center of excellence approach enables a centralized, complete
patient record, providing better access to patient information.
Most importantly, the comprehensive development and application of policy to the various silos of information
across the enterprise will help organizations break down legacy barriers such as function, department and
geography, resulting in a higher level of integration and interconnectivity.
The Road map for Information Governance
- Make a break from paper.
Implement a plan that
outsources records storage,
production functions and
- Build the case for EIM by
understanding the current
state of information and
records management across
- Organize for information
governance at the enterprise
or functional level. Get as far
as is politically possible,
extending support through
- Measure results including
cost savings, operational
improvement and risk
reduction — at each step of
- Capture the organizational
learning. EIM is a discipline
to be built and improved
upon over time. It begins
with raising awareness and
initiating a dialogue about
how you manage high-value
Phase V: Develop a unified information policy
At the heart of information governance is a framework of unifying
policies for information management. Policies set forth the ground
rules and intent and should reflect relevant standards and best
practices. They serve to communicate, educate and facilitate
compliance and enforcement.
Developing and maintaining these policies is a key EIM function and
a major way that HIM contributes to overall governance. Policy
management for an enterprise involves creating or resourcing the
following processes and artifacts:
- A process for policy development, dissemination
- A priority matrix to guide policy work.
- A policy leader or policy development group(s).
- Web technologies to link policies to implementation
guides, education and other resources.
- Enforcement protocols.
HIM professionals leading enterprise information management
should provide a useable policy framework that reflects governance
decisions, standards and best practices. Governance ensures that it
is clear who is responsible for applying these policies, and what the
consequences are for failing to do so.
Leveraging HIM Skills:
Knowledge Work for Enterprise Information Management
The road map to EIM is intended to help accelerate
the pace of change. Freed from the constraints
of managing paper records and transactional
work, HIM professionals can leverage their uniquely
valuable skills to assume a range of managerial
and subject matter expert roles that advance EIM
Enterprise information management encompasses
a range of knowledge work functions. In smaller
organizations these will be combined and assigned
based on the skills of the workforce and the needs
of the organization. In larger organizations, there
will be specialization and more than one person in
a number of these roles.
These knowledge roles rest on foundational HIM
competencies, but may require additional training
and even advanced degrees.
Redefining the role of HIM in the new world of
Information Governance is a call to action grounded
on practical and tested experience. The drivers
for EIM and information governance are not new,
but the rapid adoption of technology and volume
of data has made the challenges far more complex
Even so, getting organizational buy-in from
senior management and clinical and business
leaders around concepts like data quality,
stewardship and life cycle management will be
very difficult. To be successful, you must relate
these concepts to organizational goals, and
translate them to dollars saved, performance
improved and risks mitigated.
A range of knowledge roles are available under the broader framework of enterprise
information management. Depending on one’s skills and interests, roles include:
- Enterprise Information Management
- Privacy and/or security officer.
- Revenue cycle management.
- Data quality and integrity.
- Clinical vocabulary and classification.
- Compliance and risk.
- Information policy and standards.
- Records life cycle management.
- Information access and release.
- Health data analyst.
- Data dictionary.
- Patient information advocates.
- Health information exchange.
Establishing your Action Plan
To build a successful business case for information
governance, leverage the following best practices:5
- Align the business case for information
governance to strategic corporate initiatives
and key stakeholders.
- Identify the top-level business benefits such as
increasing revenue, reducing costs, managing
under new forms of reimbursement, improving
quality and engaging patients.
- Identify detailed, quantifiable business
benefits, such as reduced operating costs and
exposure to risk, and qualitative benefits such
as improved trust in data.
- Undertake improvements in the areas where
you have the authority and responsibility
to innovate. As an example, the road map on
page 10 demonstrates the value of redesigning
records management using a centralized offsite
- Set performance indicators and measure
impact. Each improvement experience
strengthens the case.
- Prioritize projects based on relative business
value as aligned with organizational priorities.
The new world of HIM offers enormous opportunities
for high-impact work that contributes to the value
of information assets for the good of healthcare
organizations and the patients they serve. These
opportunities, however, can only be realized through
organizational innovation. HIM professionals must
be willing and prepared to address the status quo,
rationalize legacy processes, and most importantly,
transfer their experience and expertise to shape the
vision of information governance. Only then will
healthcare providers achieve an optimized HIRM
platform that delivers optimal cost savings,
maximum usability and superior interconnectivity
across the continuum of care.