By Galina Datskovsky, PhD; Ron Hedges, JD; Sofia Empel, PhD; and Lydia Washington, MS, RHIA
Editor’s Note: This is the final installment in a series of four articles that discuss the eight Information Governance Principles for Healthcare™.
AHIMA’s Information Governance Principles for Healthcare™ (IGPHC) provide a framework for healthcare organizations to enhance their ability to leverage information in order to achieve the organization’s goals, conduct their operations effectively while ensuring compliance with legal requirements, and other duties and responsibilities.
IGPHC is a set of eight principles that, when considered in whole or in part, are intended to inform an organization’s information governance (IG) strategy. This final installment of the IGPHC article series focuses on the meaning and intent of the Retention and Disposition principles.
The retention principle is central to successful IG. The principle is defined as “An organization shall maintain its information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, risk, and historical requirements.” In other words, keep what you need and dispose of what you do not. As the principle notes, “[t]he ability to properly and consistently retain all relevant information is especially important, as organizations create and store large quantities—most of it in electronic form.”
Organizations should recognize that all “information has a lifecycle, which begins at its creation and ends at its final disposition,” the IGPHC state, and it must be managed accordingly. Oversight through effective information governance will ensure effective retention. Information that needs to be retained for extended periods of time includes the health records of infants and children, those maintained for occupational health, and those maintained as part of clinical research. Retention needs vary by facility role and mission. As genomic and other advances in medical science become more common and important in longitudinal studies, some information may even need to be kept permanently. If information is kept for extended periods of time, its usability will depend on the capacity to read and access the information far into the future. Hence, the principle of retention is especially important.
For every class of records or information, retention decisions must consider:
- Legal and regulatory requirements
- Operational considerations
- Risk considerations
- Historical value
Once an organization makes its retention decisions and creates a retention schedule, the policy should be reviewed and communicated on a regular basis and modified as needed based on both internal and external requirements. Moreover, “to minimize risks and costs associated with retention, it is essential to immediately dispose of information after the retention period expires, in accordance with the organization’s retention policy,” the IGPHC states. It is equally important to maintain information that needs to be retained in a format that remains accessible and readable for the duration of its lifecycle.
The disposition principle states that an organization ensure “secure and appropriate disposition for information no longer required to be maintained by applicable laws and the organization’s policies.”
The principle applies to all information in the custody of an organization. Final disposition does not necessarily imply destruction. Although destruction may be appropriate in most instances, disposition also encompasses the transfer of information to a third-party, such as the individual to whom it pertains (i.e., a patient) or a business partner in an acquisition.
However disposition is carried out, it should be formally documented and the disposition documentation itself should be retained according to the retention schedule. Disposition may also have legal significance. “A duty to suspend disposition may arise in the event of pending or reasonably anticipated litigation or a regulatory action,” the IGPHC warns.
Retention and Disposition are Directly Related
Retention and disposition are mirror images of each other. Retention ensures that information is kept in a systematic manner and is available as needed by an organization. Disposition is the recognition that information has a lifespan and that, when an organization’s need for information has ended, the information becomes a burden to the organization and should be discarded according to the retention schedule and in an appropriate manner. When a merger or acquisition occurs, information may need to be disposed of by one organization and transferred to another. Only good information governance allows for this to happen smoothly.
Retention and Disposition Improve IG
This series has illuminated the eight principles of the IGPHC. The first article addressed accountability and transparency, which demonstrates that an organization “governs its information responsibly and openly” which increases trust in the overall information governance program. The second article looked to integrity and protection. These principles enable both information and an information governance program to be relied upon. The third article considered compliance and availability: “Information that is consistent with rules and regulations and that can be accessed in a timely and reliable manner furthers information governance under the IGPHC,” the IGPHC states.
And so the circle of IG is closed with retention and disposition. Every preceding principle built up to decisions that an organization must make to establish and maintain trustworthy, reliable, accessible information retention policies. To further trustworthiness, reliability, and accountability, records must be maintained in a consistent manner across their lifetimes and must be disposed of when appropriate. Absent appropriate retention and disposition, the goals of the IGPHC, as expressed in all of the principles, cannot be met.
AHIMA thanks ARMA International for use of the following in adapting and creating materials for healthcare industry use in IG adoption: Generally Accepted Recordkeeping Principles® and the Information Governance Maturity Model. www.arma.org/principles. ARMA International 2013.
Galina Datskovsky (firstname.lastname@example.org) is CEO, North America, at Covertix. Ron Hedges (email@example.com) is a former US Magistrate Judge in the District of New Jersey and is currently a writer, lecturer, and consultant on topics related to electronic information. Sofia Empel (firstname.lastname@example.org) is director, information governance, at Connolly iHealth. Lydia Washington (email@example.com) is senior director of HIM practice excellence at AHIMA.
Datskovsky, Galina; Hedges, Ron; Empel, Sofia; Washington, Lydia.
"Evaluating the Information Governance Principles for Healthcare: Retention and Disposition"
Journal of AHIMA