Information Governance Principles for Healthcare (IGPHC)™
3AHIMA
INFORMATION GOVERNANCE Principles for Healthcare (IGPHC)™
Information Governance Principles for Healthcare (IGPHC)™
1
INFORMATION GOVERNANCE Principles for Healthcare (IGPHC)™
Preamble ………………………………………………………………………………………………3
Principle of Accountability ………………………………………………………………….5
Principle of Transparency ……………………………………………………………………6
Principle of Integrity ……………………………………………………………………………7
Principle of Protection…………………………………………………………………………9
Principle of Compliance ……………………………………………………………………. 10
Principle of Availability ……………………………………………………………………… 11
Principle of Retention ……………………………………………………………………….. 12
Principle of Disposition …………………………………………………………………….. 14
IGPHC™ Glossary of Selected Terms ………………………………………………… 15
Acknowledgements…………………………………………………………………………… 19
©2014 by the American Health Information Management Association
Information Governance Principles for Healthcare (IGPHC)™
2 AHIMA
PREAMBLE Complete, current, and accurate information is essential for any organization in the healthcare industry to achieve its goals. Adoption of an information governance program underscores the organization’s commitment to managing its information as a valued strategic asset. Governance of clinical and operational information:
■ Improves quality of care and patient safety ■ Improves population health ■ Increases operational efficiency and effectiveness ■ Reduces costs ■ Reduces risk
Information governance helps manage and control information by supporting the organization’s activities and ensuring compliance with its duties. Drawing from definitions of Gartner and ARMA International, AHIMA defines information governance as an organization-wide framework for managing information throughout its lifecycle and supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements. Information governance establishes policy, prioritizes investments, values and protects informa- tion assets, and determines accountabilities for managing information, making it an imperative for healthcare. It also promotes objectivity through robust, repeatable processes insulated from individ- ual, organizational, political, or other biases, and then protects information with suitable controls. By following information governance principles, organizations conduct their operations effectively, while ensuring compliance with legal requirements and other duties and responsibilities.
Trust plays a critical role in healthcare delivery. Patients entrust their personal information to healthcare organizations, creating distinct requirements for confidentiality, privacy, and security. These organizations, regardless of their roles in healthcare, must earn the confidence of patients and society, through a firm commitment to ethical and responsible handling of personal information. Embedded in trust is the expectation of information integrity, which depends on the completeness and correctness of data.
Heightened focus on integrity to ensure confidence in information is demanded by the nature of healthcare, changes in care delivery and payment models, the increasing adoption of electronic systems, and the importance of reliable information exchange. Healthcare organizations have an obligation to define uses of information and to define the policies and practices for governing use of the information.
This includes protected health information, personally identifiable information, de-identified and anonymized information, aggregate and detailed information used to satisfy mandatory or voluntary reporting purposes, operational needs, secondary uses of data/information, and other uses based on the role and mission of the organization. Research is fundamental to advancing the science of medicine. New guidelines, protocols, treatments, interventions and wellness insights, all developed through research, are essential to elevating population health. Research, whether focused on clinical care, delivery systems, or payment models, depends on trusted information.
“ Trust plays a critical role in healthcare delivery. Patients entrust their personal information to healthcare organizations, creating distinct requirements for confidentiality, privacy, and security. These organizations, regardless of their roles in healthcare, must earn the confidence of patients and society, through a firm commitment to ethical and responsible handling of personal information.”