The Three Key Indicators of IG Maturity for Healthcare Compliance

Published On April 22, 2019

Information governance (IG) is crucial to healthcare compliance. How mature is your healthcare IG program?

Information governance (IG) is essential to secure data management and ensuring healthcare compliance. Without IG, managing information throughout its lifecycle and using that information to support the healthcare organization’s strategy and operations — as well as meeting regulatory, risk and environmental requirements — is not possible.

But what can you do to gauge how mature your healthcare organization’s IG program is? Conduct a self-assessment that engages the wider organization and focuses on the following three key areas.

Information Inventory and Integrity

In order to achieve compliant information management throughout its lifecycle, you have to:

• know what information you have and where it resides

• ensure information is trustworthy

• have processes in place to govern policies meant to protect the integrity of information

Hitting all three of these points will help you begin to lay the foundation for IG in your healthcare organization.

In order to achieve this, you’ll need to first stand up a cross-functional committee to address and identify any policy or process gaps. This committee should also assess information types, systems and requirements on an ongoing and routine basis.

You will also need to take inventory of information systems in the healthcare organization and identify primary uses, process owners, source flow and ownership for each information type.

Retention Policy Management and Defensible Disposition

The need for compliant retention and disposition practices to be adopted and enforced across the healthcare organization is more crucial than ever. With increasing privacy concerns and the exponential rate at which information is being created in the healthcare industry, information kept beyond the required retention period opens your organization up to increased costs and risks.

To avoid these costs and risks, make sure your healthcare organization is doing several things:

• create a process for policy development, dissemination and maintenance

• educate employees to facilitate adoption

• refresh your retention schedule and policies frequently

• implement a centralized change management and governance process

Privacy and Security

Healthcare organizations face threats from all sides: both internal and external. In fact, employee theft has been identified as a leading cause of breaches. This means, more than ever, it’s critical to ensure privacy and security controls are in place to protect information according to HIPAA, legal and operational requirements throughout its lifecycle no matter where it is stored.

Focus on these five fundamental components to better ensure healthcare compliance and security:

1. physical safeguards and access controls

2. information classification

3. disclosure management

4. policies to ensure timely identification, notification and communication of a data breach

5. employee training to properly handle PHI

IG Maturity in Healthcare

In order to better ensure you have a mature IG program in place at your healthcare organization, it’s important to make sure you:

1. have an inventory of your information and its integrity is still in tact

2. effectively manage your retention policy and also securely dispose of information once it is no longer needed

3. ensure healthcare compliance and security by having the proper controls in place

Without a mature IG program, you can’t have effective compliance in healthcare.