AHIMA's IG Maturity and Adoption Model Turns the Corner

By Kathy Downing, MA, RHIA, CHPS, PMP

The Information Governance Principles for Healthcare (IGPHC™) created a high-level framework of good practice in information governance (IG) and most of 2014 was spent digging into these eight pillars. As AHIMA started work on the IG Maturity Model a new concept emerged. The idea of building the model around ten competencies materialized and AHIMA’s Information Governance Adoption Model (IGAM) was born.

AHIMA’s IGAM is rooted in the IGPHC as well as the established body of standards, best practices, and legal/regulatory requirements that surround IG in healthcare. IGAM introduces the constructs of IG organizational “core competencies” that are further enumerated by performance-driven “markers.” This highly iterative and tactically engaging framework allows an organization to find utility and value in IGAM regardless of what IG work has been initiated in the organization to date: IGAM works for every organization. IGAM does not specify implementation details, such as particular policies and procedures, job descriptions, or specific technologies, but it does build on the foundation of the IGPHC to define the characteristics of information governance programs at differing levels of maturity, completeness, and effectiveness.

The adoption model provides a scalable framework, so organizations can assess what they are doing well and where they need improvement. It helps identify information governance risks in a structure that can be easily understood by many different stakeholders. The IGAM allows any healthcare organization to assess its processes and procedures according to IG best practices. Most organizations will not be at the same level of maturity for each IG core competency, which is not only expected but acceptable. In addition, IG is a new initiative or discipline for most healthcare organizations; anticipate scoring accordingly. The IGAM permits an organization to focus on those areas that it deems important—specific competencies, a particular part of the organization, or even a specific process or procedure. The IGAM creates a pathway of progressive performance criteria to guide an organization through a successful implementation of IG.

A sneak peek at the IGAM’s is available via the IG PulseRate™ application, which offers a quick check into your organization’s maturity (available free at www.IGIQ.com). The full release of the IGAM will come via IG HealthRate™ in early 2016. The subscription service will help organizations navigate over 60 marker categories and create plans and customized coaching based on their answers. It will be located at the IGIQ home page as well.

So what are the IG levels of maturity?

Level 1 (At-Risk): This level describes an environment where information governance concerns, requirements, and opportunities are not addressed at all, are addressed minimally, or are addressed in an ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny, may not effectively serve the business needs of the organization, and may impede patient care and service delivery.

Level 2 (Aware): This level describes an environment where there is a developing recognition that information governance has an impact on the organization and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to scrutiny of its legal or regulatory and business requirements because its practices are ill-defined, incomplete, nascent, or only marginally effective.

Level 3 (Aspirational): This level describes the essential, or minimum, requirements that must be addressed to meet the organization’s legal, regulatory, and business requirements. Level 3 is characterized by defined policies and procedures and the implementation of processes specifically intended to improve information governance. Organizations that identify primarily with Level 3 descriptions still may be missing significant opportunities for streamlining business, improving the care experience, and controlling costs, but they have the key basic components of a sound program in place and are likely to be at least minimally compliant with legal, operational, and other responsibilities.

Level 4 (Aligned): This level describes an organization that has established a proactive information governance program throughout its operations and has established continuous improvement for it. Information governance issues and considerations are routinely integrated into business decisions. The organization is substantially more than minimally compliant with good practice and easily meets its legal and regulatory requirements. The organization that identifies primarily with these descriptions should begin to pursue the additional business and productivity benefits it could achieve by increasing enterprise-wide information availability, mining its information for a better understanding of patients’ and consumers’ needs, and otherwise transforming its organization through increased use of their information.

Level 5 (Actualized): This level describes an organization that has integrated information governance into its overall infrastructure and business processes to such an extent that compliance with program requirements and legal, regulatory, and other responsibilities are routine. This organization has recognized that effective information governance plays a critical role in patient outcomes and consumer services and cost containment, competitive advantage, and patient and consumer service, and it has successfully implemented strategies and tools to achieve these gains on a plenary basis. This organization is a leader in building and sustaining a vibrant, secure, and enriching information economy across the medical neighborhood and information sharing communities in which it is a part.


AHIMA thanks ARMA International for use of the following in adapting and creating materials for healthcare industry use in IG adoption: Generally Accepted Recordkeeping Principles® and the Information Governance Maturity Model. ARMA International 2013.


AHIMA. “Information Governance Principles for Healthcare (IGPHC)TM.” 2014. http://research.zarca.com/survey.aspx?k=SsURPPsUSVsPsPsP&lang=0&data=.

Kathy Downing (kathy.downing@ahima.org) is senior director, information governance at AHIMA.

Original source:
Downing, Kathy. "AHIMA's IG Maturity and Adoption Model Turns the Corner" (Journal of AHIMA website), September 28, 2015.