Case Study #8: Standardizing Information Governance Audits at Children’s Health System of Texas

By Anita Doupnik, RHIA, and Katherine Lusk, MHSM, RHIA, FAHIMA

Editor’s Note: This is the eighth installment in an ongoing series highlighting information governance case studies.

Auditing in healthcare is an internal and/or external process intended to assess, evaluate, and improve quality of care and services while also ensuring compliance with regulations, guidelines, practices, or policies. Providers, payers, health plans, and federal agencies such as the Centers for Medicare and Medicaid Services (CMS) use audits and monitoring as a way to ensure the following:

  • Claims are being billed and paid appropriately
  • Correct documentation exists to substantiate claims
  • Quality of care is being delivered to patients
  • Information is secure and managed appropriately throughout its lifecycle

Auditing is also a key part of an information governance (IG) program and is a way to ensure that information is trustworthy and can be relied upon to achieve the goals and strategies of an organization. It is also an opportunity to ensure that the organization is streamlining operations for maximum efficiency, cost savings potential, and legal and regulatory compliance.

Within the Information Governance Adoption Model (IGAM™), there is a maturity marker for “Regulatory Audit Response,” which falls under the Regulatory and Legal competency. An organization can achieve the highest level of IG maturity (Level 5) when the organization ensures availability of the right information in a timely manner to support regulatory audit requirements, even in the most unfavorable conditions. The organization also uses advanced tools and technologies to enable accurate, expedient, and auditable response. This article focuses on a case study at Children’s Health System of Texas (Children’s Health) and demonstrates best practices in aligning audit practices with their IG program.

Organizational Description

Located in Dallas, TX, Children’s Health is home to the only academic healthcare system in North Texas that is dedicated exclusively to the comprehensive care of children from birth to age 18. Children’s Health is one of the top pediatric hospitals in the country and the fifth largest healthcare provider in the nation.

The campus includes:

  • 616 licensed beds
  • 282,687 unique patients
  • 28,366 surgeries
  • 163,972 emergency room visits
  • 367,655 ambulatory visits
  • 6,997 employees

Children’s Health has more than 360,000 patient visits each year ranging from simple eye exams to specialized treatment in areas such as heart disease, hematology-oncology, organ transplantation, and cystic fibrosis. Licensed for 616 beds, the inpatient portion of the hospital provides patients and families with comfort and conveniences during their stay.

The hospital has four specialized critical care units, including a neonatal ICU. The main campus is also home to the first designated Level I trauma center for pediatrics in Texas, demonstrating commitment to the highest level of care for children as well as dedication to research, advocacy, and education.

Information Governance Adoption Model

Information Governance Program Description

The organization has had an IG program underway for several years with the support of executive leadership and an engaged IG committee, as well as many workgroups that have demonstrated success with numerous information governance projects.


The value of information as an asset is essential for advancing the goals and priorities of Children’s Health. Governance of clinical and operational information will provide a platform supporting improvements in quality, patient safety, and population health. Information governance allows the organization to support strategic initiatives with improvements in operational efficiency and effectiveness while reducing cost and managing risk. Information governance encompasses the people, processes, and technology required to create consistent and proper handling of information throughout the lifecycle, from data creation to archival, while providing a framework that is irrespective of organizational structural boundaries.

A multidisciplinary council including clinicians, information technology, privacy and security, regulatory, legal, health information management (HIM), finance, and population health providing subject matter expertise in the aforementioned disciplines, at a minimum, oversees information governance for the organization. The multidisciplinary group is assembled as a council. The council reports activities to executive senior leadership who has final authority when a consensus is not achieved within the information governance council.

The information governance council membership oversees the program and adheres to principles, core tenets, and membership responsibilities, while providing a solid foundation for ensuring the organization is able to sustain the vision and mission of the information governance program.

Vision and Mission

The vision for IG at Children’s Health is that information is a valued asset that enables operational excellence, evidence-based care for patients, and preventive services to the hospital’s communities. The mission is to establish the structure, policies, processes, and technologies to ensure that the enterprise information sustains and extends the organization’s mission and goals, delivers value, complies with laws and regulations, and reflects good stewardship practices that minimize risk to stakeholders and advance the public good.

Prior State Analysis

While working with the AHIMA IGAdvisors® using the IGAM, it was identified that ongoing auditing, both internal and external, was required to achieve the highest level of IG maturity, Level 5 (actualized). The information governance council at Children’s Health set out to standardize the IG audit process across the entire organization.

Future State

As the information governance council began its work to standardize the IG audit process, the following was developed and agreed upon:

  • Standardization of internal and external audits, including risk-based controls and remediation protocols, can be achieved with a set of questions to be utilized during IG audits regardless of the discipline.
  • A standardized IG audit process provides the foundation for leveraging findings for IG opportunity identification.
  • The results of the standard questions should be compiled and provided to the organization’s compliance department.

The information governance council developed a set of questions and worked with IGAdvisors to refine and finalize the list.

Audit questions included:

  • What is the leadership oversight? Is the oversight at a vice president or higher level?
  • Are policies and procedures in place?
  • If policies and procedures are in place how often are they reviewed?
  • Does the review of policies and procedures include verification of regulatory requirements?
  • Is training on policies and procedures provided?
  • Is human resources education and auditing in place to ensure employees follow the policies and procedures?
  • Do the policies and procedures outline internal controls?
  • What internal controls are in place? Are the internal controls being utilized?
  • Is there a staff competency component?
  • Is a process for reporting audit findings to the executive leadership in place?
  • Are audits conducted annually?
  • Are action plans put in place when negative findings are identified?

These questions are asked by internal auditors, as well as any external auditor that is used. An example includes periodic coding audits that take place to ensure that ICD-10 and HCPCS and CPT codes are assigned accurately based on documentation in the medical record. Further, abstracting of any codes or data otherwise collected would be subject to this audit.

Organizational Impact

By having a standardized set of audit questions, each business unit of the organization knows the expectations and accountabilities around information governance. Each question provides the necessary guidance to ensure the organization’s IG program is aligned. Where there are gaps in the IG program within various business units, the standardized audit easily identifies them and the business unit can then put processes in place to address those gaps.

Benefits Realized

Information is an asset and awareness of the value of information, organization-wide, is important. Likewise, each business unit of the organization must understand its role in information governance and be held accountable to ensure that information is trustworthy and that the right information is available in a timely manner to support regulatory audit requirements. Standardizing the audit function process across all business units allows for greater consistency and results in the audit process.

Technology as an IG Enabler

Standardization of audit processes is enabled with the use of technology. Children’s Health has implemented several tools to support standardization, such as with the use of a Recovery Audit Contractor (RAC) audit tool for management of this process. The tool manages the process from RAC request to final appeal, providing a means for communication across multiple departments including HIM, case management, revenue cycle, and compliance. Implementing the technology provided an opportunity to streamline and standardize the process. As a collaborative process there is faith in the accuracy of the data.

Other examples include security audit tools utilized in the monitoring of incoming e-mails for external phishing attacks and auto-encryption of e-mails being sent outside of the organization with personal health information. While these tools are very different, the standardization of the process and the rigor for supporting the IG processes have allowed for greater maturity in the organization’s information governance program.

IG Program Now More Mature

Through use of AHIMA’s IGAM and IGHealthRate™, Children’s Health standardized the audit process for its information governance program, resulting in organizational buy-in and a move toward a more mature IG program.

Anita Doupnik ( is the senior director, sales and business development, information governance, at AHIMA. Katherine Lusk ( is the chief health information management and exchange officer at Children’s Health System of Texas.

Article citation:
Doupnik, Anita; Lusk, Katherine. "Case Study #8: Standardizing Information Governance Audits at Children’s Health System of Texas" Journal of AHIMA 88, no.9 (September 2017): 46-48.