Personalization at scale, for instance, is only possible when you have an overview of patient data to understand their health history, lifestyle, and unique needs. Then, you can recommend the best provider to treat their condition or suggest a treatment plan that takes into account their entire health history.
Data is instrumental in predictive analytics, especially where predicting patient demand is concerned. Historical data helps them forecast patient demand and have enough staff to attend to patients without driving up wait times.
HIPAA compliance is a defining feature of the healthcare system in the United States, ensuring that a patient’s personal data is protected and not shared or used without their knowledge and consent.
For example, recent guidance by the U.S. Department of Health and Human Services (HHS) forbids sharing PHI with vendors of tracking technologies, especially if your marketing department uses web tracking technologies such as Google Analytics on your site.
Therefore, any technologies you use to govern sensitive data throughout its lifecycle should be HIPAA-eligible and have all the necessary features to protect PHI. If you use a customer data platform (CDP), for instance, it should be able to detect PHI and sign business associate agreements (BAAs) to manage PHI.
Bigger healthcare providers must wrestle with governing large volumes of structured and unstructured data. This data is often stored in siloed information systems, adding another layer of complexity. “Even in organizations that standardize on a single EHR vendor, operational processes frequently vary from location to location and clinician to clinician, resulting in lots of variation in where and how key information is stored,” explains Paula Edwards, Ph.D., Sr. Director of Data Science Strategy at Emory University.
Implementing successful governance over your data assets isn’t an overnight process. It requires multiple stakeholders and departments to join forces. Together, they must agree on the most effective strategy and technology to achieve their goals.
A data strategy identifies the main business goals you want to achieve with data and how you will achieve them. (This could range from increasing customer lifetime value to improving patient satisfaction.) It also clarifies which data you collect, from which data sources, and how you use it.
It’s necessary to identify stakeholders at all levels who will contribute to, support, and execute the strategy. Also, a data strategy isn’t a static document; it should evolve alongside your business and the changing regulatory landscape.
With a data strategy in place, it’s time to evaluate your current approach to data governance. This step will help you understand the investment needed to achieve your data governance goals.
Answer the following questions to get started:
- What does your data architecture consist of?
- How do you store PHI, and who has access to this information?
- How do you protect data from cybersecurity threats?
- Have you identified data stewards to manage data assets?
You can also use the EDM Council's DCAM (Data Management Capability Assessment Model) to evaluate your current data governance program against industry best practices.
A data governance policy is a document that clarifies all the roles and responsibilities related to data governance. It defines procedures around data security, access, and compliance. The policy also describes how you’ll support and measure data quality.
For example, there should be a protocol in place for cybersecurity incidents to minimize their impact.
Technology can facilitate data governance by helping you improve data quality and protect sensitive patient information. For example, tools like Segment Protocols can automatically detect bad data (e.g., an event that doesn’t match your internal tracking plan), and block it before it reaches downstream destinations. With Segment’s Privacy Portal, organizations are also able to automatically mask certain types of data depending on risk level and internal user permissions.