Slow to the Information Governance Starting Line: First-of-its-kind Survey Tracks Healthcare’s IG efforts, Shows Most Organizations are Behind

By Chris Dimick

Majority of Healthcare Organizations Lack Vital Information Governance Strategy

AHIMA has fired the starting pistol heralding in the urgent race to implement information governance (IG) practices within the healthcare industry. While some organizations were quick off the blocks and have been making broad strides in IG, the majority of healthcare stakeholders are still moseying up to the starting line.

This is the picture painted by the “2014 Information Governance in Healthcare Benchmarking White Paper,” which analyzes the first major survey conducted to study the information governance practices of healthcare organizations. Developed by AHIMA and Cohasset Associates, and released in May, the study revealed that only 35 percent of healthcare organizations have a comprehensive strategy guiding information governance efforts.

Two-thirds of the respondents, or 65 percent, said they lack a strategy for information governance—well below what AHIMA experts say is warranted given the rising importance of quality health information in reimbursement, audits, and delivering effective care.

AHIMA officials are using the results of the study, subtitled “A Call to Adopt Information Governance Practices,” to gauge what next steps they should take to help lead healthcare organizations toward better IG practices. The mission is core to that of all health information management (HIM) professionals, with AHIMA publicly stating that information governance practices are the key to the future of the health information management field and necessary if healthcare ever wants to use health data and information to improve its care and financial processes.

“Information governance is a strategic imperative for all organizations within the healthcare ecosystem,” says AHIMA’s Chief Operating Officer and Executive Vice President Deborah Green, MBA, RHIA. “Improved quality and patient safety, cost control, care delivery redesign, and responding to regulatory changes are top goals for healthcare organizations, and all are dependent on trustworthy information.”

IG in Healthcare Benchmarking Survey: Organizations’ Main Drivers for IG

Cohasset Associates and AHIMA. “Information Governance in Healthcare – A Call to Adopt Information Governance Practices.” 2014.

Healthcare IG Less Mature than Warranted

The IG survey and white paper evaluate and quantify the state of healthcare information governance maturity and effectiveness, address the information challenges facing the healthcare industry, and offer a roadmap for organizations to effectively govern their health and business information.

Information governance has been defined by AHIMA as: “An organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

The low adoption rate may be due to information governance being a relatively new initiative for the healthcare industry. While most organizations have governance programs for certain healthcare functions, such as privacy and security policies, the survey showed that an organization-wide information governance program had not yet been established in the majority of provider organizations.

Privacy and security policies had the highest maturity ranking at 50 percent, while information preservation policies were only at 30 percent and information deletion and destruction policies at 26 percent. These maturity levels are below acceptable for an industry that handles highly sensitive personal information, Green says.

The survey showed four trends in the current state of healthcare IG awareness and practices:

  1. Overall, IG programs are less prevalent and less mature in healthcare organizations than is warranted, given the importance of information.
  2. Most organizations have not yet established a comprehensive strategy for information governance, or approached information governance in a formal way.
  3. The information governance framework and its foundational components call for strengthening and expansion.
  4. Information lifecycle management practices related to core functions require improvement.

These are issues that need to be addressed as soon as possible in healthcare in order to maxmize the use of data as an asset and improve care processes. AHIMA officials hope it will be HIM professionals who grab the racing baton and lead their organizations down the information governance track.

Survey: Do You Have a Comprehensive Strategy for IG in Place?

Cohasset Associates and AHIMA. “Information Governance in Healthcare – A Call to Adopt Information Governance Practices.” 2014.

Healthcare Sees Need for IG Practices, But Slow to Start

The majority of the 1,000 healthcare-based survey respondents, 65 percent, stated that they recognize the need to formalize information governance practices and align how information is managed across all functional areas. Of these respondents, however, only 43 percent have actually initiated an information governance program and 22 percent have not started an IG program at all.

While information governance practices currently have a low adoption rate, the need is on healthcare professionals’ radar and efforts are rising. A total of 84 percent of respondents have seen governance measures improve, and 91 percent anticipate a significant rise in information governance practices in the next three years.

“We need information we can trust if we are going to achieve the ‘Triple Aim’ of healthcare,” Green said during an August webinar discussing the results of the study.

Information governance is also central to health information exchange, since providers need to first trust that the information they are receiving from another provider is accurate and properly managed, then they need internal governance processes to ensure that the information is properly integrated into their electronic health record (EHR) systems.

The study showed healthcare organizations agree that there are compelling drivers for formally launching an information governance program and improving practices, with 95 percent stating the ability to improve quality and safety of patient care as a key driver for implementing IG practices. Managing and containing costs and responding to a changing payment environment were also noted as key drivers for formalizing IG practices.

“The survey results are undeniable. Information governance is a strategic imperative: regulatory compliance, safe quality care, cost control, responding to changing reimbursement systems and evolving delivery models, are top goals for healthcare organizations,” the white paper states. “All are highly dependent on trustworthy information. These organizational goals are advanced through the adoption of information governance practices; the absence of IG will impede their achievement.”

The key drivers for adopting IG practices identified by respondents were regulatory compliance (98 percent), improving patient safety/patient care (95 percent), and to manage and contain costs (93 percent). The lowest ranked driver was “lack of trust or confidence in data” at 56 percent, which Green says she is surprised by. This shows many providers just implicitly trust their data are correct without having the proper governance controls in place to ensure it is actually trustworthy.

“There are important implications for data quality here as results showed that ‘foundational work in measures and metrics’ were immature. If we haven’t defined metrics for our expectations, how can we say we trust our data?” Green says.

Survey findings on quality controls and quality improvement programs showed that attributes of quality, metrics, and improvement protocols are not as well defined or well understood as expected.

Education and Buy-In Still Needed

Industry-wide education on the benefits of information governance is necessary, according to the study. While 65 percent recognize the need for IG programs, 24 percent didn’t know if their organization had a formal plan.

This statistic is concerning, Green says, since the survey respondents were individuals who should know whether an IG plan exists or not. The IG survey of AHIMA and non-AHIMA members targeted clinical and non-clinical executives, officers, directors, and managers in provider and non-provider organizations within the healthcare industry. The survey received more than 1,000 responses between March and April 2014.

The highest number of respondents were in information/records management job roles, followed by information and data quality, and then privacy and data protection. A total of 46 percent of respondents were directors, with 20 percent at the C-suite level and 15 percent at the management level.

When adopting an information governance strategy, AHIMA recommended creating IG programs that are cross-functional and have the support of senior-level staff. An organization’s governance focus should not just be on clinical information, but on non-clinical, business, and operations information as well.

“I encourage my colleagues in the C-suite to make a comprehensive information governance strategy an organizational priority,” says AHIMA CEO Lynne Thomas Gordon, MBA, RHIA, FACHE, CAE, FAHIMA. “It’s easy to think it can be put on hold or maintained in one department while executives deal with other challenges, but this is a mistake.

“Developing a strategy should be a collaborative effort and is essential to realizing the benefits of governance.”

Effective information governance programs need to have clear measures for success and a pointed mission. When discussing quality improvement programs instituted as part of information governance activities, the survey respondents showed they were focusing on some, but not all, areas identified by AHIMA for improvement. For example, 68 percent stated that they are formally assessing the impact of system upgrades on information quality. But only 60 percent said they have been working to improve the rate of their master patient index (MPI) accuracy over the past three years, and 26 percent said they didn’t know if this measure was being tracked. “That is an issue,” Green says, since errors in the MPI can have significant effects on the quality of care provided. Part of the issue could be finding focus in providers’ IG efforts. When asked if “the desired attributes of information quality are explicit and understood,” only 24 percent “strongly agreed” and 44 percent “mostly agreed.”

Even Mature Governance Programs Need Attention

Even mature specialized governance programs need attention, according to the survey. While 97 percent of respondents said essential policies for maintaining private and secure protected personal health information were in place in their organizations, only 81 percent reported that business associate agreements were enforced and routinely audited. Just 80 percent report routine and comprehensive auditing for compliance with privacy and information security practices. Since these are core HIM compliance areas, the result should be closer to 100 percent, AHIMA officials say. The recent changes to HIPAA law—and increased penalties for data breaches—have made it even more important for healthcare organizations to monitor their privacy and security, as well as their association with third-party businesses.

Also, only 37 percent of healthcare organizations said they had the ability to preserve only relevant information—in either paper or EHRs—in response to a legal hold. One of the first strides organizations should take when implementing IG practices is to enact detailed information disposition policies that govern when information is retained and destroyed, as well as transferred if moving to a new electronic system or merging with another provider. “We found opportunities to improve disposition core functions in healthcare organizations,” Green says.

The survey also measured the maturity of select IG components, many of which organizations should already be doing, to gauge how much work providers needed to do to get their programs up to speed with IG. While 26 percent reported having a “mature” business continuity, disaster recovery, and crisis management policy in place, only 15 percent said they have a mature data map that identifies key information repositories. A total of 31 percent of respondents said they were making improvements to their data mapping capabilities.

AHIMA Recommends IG Actions

In light of the need for IG improvements at most healthcare facilities, the IG white paper recommended various actions HIM professionals and healthcare providers should take to improve the quality of their information.

To achieve the full benefits of information governance initiatives, AHIMA recommends organizations develop the following:

  • An accountability framework and decision rights to ensure the effective use of information across an enterprise
  • Defined processes, skills, and tools to manage information throughout its entire lifecycle
  • Information standards, rules, and guidelines for functioning in an increasingly electronic environment

Specific action included the call to HIM professionals to build awareness of the importance of IG and the direct impact of IG on the advancement of organizational goals. As part of this education, individuals should illustrate how IG supports top goals for healthcare organizations, and designate senior sponsorship and a champion that can “enthusiastically lead the change management effort for effective IG,” Green said during her webinar presentation.

Information governance efforts should be directly tied to an organization’s strategy, Green says, that aligns implementation outcomes to an organization’s goals and priorities including patient care, organization performance, and risk mitigation. A cross-functional IG steering committee should be chartered to strengthen integration across all IG disciplines, which makes the program more organizationally comprehensive.

Organizations should then prepare a comprehensive maturity assessment for their IG program and create a plan to implement IG strategy. All IG goals and achievements should be communicated to staff and trends highlighted by the collection of meaningful metrics based on direct actions. AHIMA also recommends in the paper that organizations adopt a long range change management program to continuously build IG support and improve compliance.

“IG is long term work, and requires us to rethink how we are using and managing information today,” Green says.

The white paper also recommends organizations reanalyze their information lifecycle management and use IG to strengthen their practices, from record creation or receipt through final disposition. Formalized IG practices should be implemented to enhance information integrity, quality, and trustworthiness, and interdepartmental teams should be created to develop and apply workable IG practices to newer technologies and information types. For example, the paper says organizations should define effective practices to identify and preserve information needed for legal holds, and have the ability to reinstate “business-as-usual” practices once the legal issue has been resolved.

Survey Just the Start of AHIMA’s IG Efforts

In addition to publishing a white paper on the survey results, this year AHIMA has been convening healthcare stakeholders to develop an information governance framework for healthcare, has established an expert advisory group to review and provide input into information governance development efforts, and is developing resources and guidelines to aid in operationalizing IG in healthcare. While AHIMA has currently been defining “what” information governance is for healthcare, the next step will be defining “how” to use information governance in an operational sense to improve processes and care, Green says.

During this month’s 86th Annual AHIMA Convention and Exhibit the association will unveil its Information Governance Principles for Healthcare, eight guidelines organizations can use to help frame its IG programs (see the article on page 30 for more information about the principles). A Maturity Model Self-Assessment is also being developed to help organizations measure their IG efforts. Another IG survey is also likely in the near future, this time focusing on the job roles of IG and how healthcare roles in general have changed due to the ever advancing electronic environment.

In 2015 AHIMA will launch an information governance pilot where healthcare organizations will take the IG Principles for Healthcare and Maturity Model and work on integrating them into actual practice. This will help operationalize IG for others to mirror in their IG programs, AHIMA officials say.

AHIMA officials say they feel this first survey and white paper serves as a good initial measurement of healthcare’s progress in the information governance marathon—but there is still much more track to cover. “This survey shows that healthcare organizations need to develop and implement a strategy for governing information,” Green says. “Ensuring reliable information is available where and when it is needed depends on it.”

Read More
2014 Information Governance in Healthcare Benchmarking White Paper

Read the full white paper and see complete results from the 2014 IG survey online. A webinar discussing the survey results and the white paper is also available online at

Chris Dimick ( is editor-in-chief of the Journal of AHIMA.

Article citation:
Dimick, Chris. "Slow to the Information Governance Starting Line: First-of-its-kind Survey Tracks Healthcare’s IG efforts, Shows Most Organizations are Behind" Journal of AHIMA 85, no.10 (October 2014): 44-48.