The Pillars of Healthcare Data Governance: Building Trust with Patient Data

The healthcare industry creates approximately 30% of all global data. But less than 60% of it is used for decision-making. This is a predicament we see time and again: organizations need data to build relationships, hone strategies, and stay agile, but their data is locked away in silos or prone to errors and inconsistencies. 

Successful data governance is key to making all of your organization’s data usable. You can achieve this by implementing procedures that protect data quality without rising non-compliance with laws like the Health Insurance Portability and Accountability Act (HIPAA). 

Understanding the fundamentals of data governance in healthcare

The healthcare industry in particular is dependent on data. It’s pivotal for effective treatment plans and diagnoses, and is strictly regulated to protect patient’s personally identifiable information. With digital acceleration and emerging technologies, healthcare has seen a huge increase in the use of electronic health records, telehealth, and often deals with unstructured data (e.g., imaging diagnostics) when interacting with patients. 

Data governance, as a result, is essential for collecting, consolidating, and storing this data in an efficient and compliant way. And the consequences of poor data governance are severe: health plan provider L.A. Care was recently ordered to pay a $1.3 million settlement due to HIPAA violations.

Even something that might seem innocuous, like using tracking pixels on a newsletter or patient sign-on page could have an organization inadvertently violating HIPAA (e.g.,  login page requires personal health information like a name or telephone number to access their patient dashboard). That’s why at Segment we’re adamant about prioritizing zero- or first-party data to power personalization and stay compliant, especially as the broader landscape continues to evolve with the phaseout of third-party cookies. 

Clarifying what data you collect, how you collect it, who has access – these are all fundamental aspects of your data tracking plan, and more broadly, your data governance strategy. In fact, we believe a successful data governance strategy is built on the following pillars:

• Data quality: This pillar is concerned with practices that improve data accuracy and comprehensiveness. It ensures the organization has access to complete and reliable data for decision-making.

• Data stewardship: Data stewards are tasked with monitoring the company’s adherence to the data governance policy, maintaining data quality, and taking care of issues. 

• Data management: Practices related to data management include data integration, storage, modeling, and architecture. They ensure an organization has clear processes for every stage of the data lifecycle.

• Data privacy and security: Data governance must also include practices and procedures that protect user data and ensure compliance with regulations such as HIPAA.

The role of healthcare data governance in patient care and outcomes

Data-driven healthcare organizations improve the quality of care by using data to adjust their patient approach, tailor treatments, and tweak their operations.

The Future of Healthcare Technology: Improve ROI and Patient Outcomes with Data-First Strategies

Don’t miss this opportunity to learn how having access to data that is unified and compliant will unlock patient personalization, resulting in greater revenue, ROI, and patient outcomes.

Watch Now

Personalization at scale, for instance, is only possible when you have an overview of patient data to understand their health history, lifestyle, and unique needs. Then, you can recommend the best provider to treat their condition or suggest a treatment plan that takes into account their entire health history.

Data is instrumental in predictive analytics, especially where predicting patient demand is concerned. Historical data helps them forecast patient demand and have enough staff to attend to patients without driving up wait times.

The challenge of data governance in the healthcare industry

HIPAA compliance is a defining feature of the healthcare system in the United States, ensuring that a patient’s personal data is protected and not shared or used without their knowledge and consent. 

For example, recent guidance by the U.S. Department of Health and Human Services (HHS) forbids sharing PHI with vendors of tracking technologies, especially if your marketing department uses web tracking technologies such as Google Analytics on your site.

Therefore, any technologies you use to govern sensitive data throughout its lifecycle should be HIPAA-eligible and have all the necessary features to protect PHI. If you use a customer data platform (CDP), for instance, it should be able to detect PHI and sign business associate agreements (BAAs) to manage PHI.

Bigger healthcare providers must wrestle with governing large volumes of structured and unstructured data. This data is often stored in siloed information systems, adding another layer of complexity. “Even in organizations that standardize on a single EHR vendor, operational processes frequently vary from location to location and clinician to clinician, resulting in lots of variation in where and how key information is stored,” explains Paula Edwards, Ph.D., Sr. Director of Data Science Strategy at Emory University.

How to implement successful data governance in healthcare

Implementing successful governance over your data assets isn’t an overnight process. It requires multiple stakeholders and departments to join forces. Together, they must agree on the most effective strategy and technology to achieve their goals.

1. Create a data strategy

A data strategy identifies the main business goals you want to achieve with data and how you will achieve them. (This could range from increasing customer lifetime value to improving patient satisfaction.) It also clarifies which data you collect, from which data sources, and how you use it. 

It’s necessary to identify stakeholders at all levels who will contribute to, support, and execute the strategy. Also, a data strategy isn’t a static document; it should evolve alongside your business and the changing regulatory landscape.

2. Assess your current approach to data governance

With a data strategy in place, it’s time to evaluate your current approach to data governance. This step will help you understand the investment needed to achieve your data governance goals.

Answer the following questions to get started:

• What does your data architecture consist of?

• How do you store PHI, and who has access to this information?

• How do you protect data from cybersecurity threats?

• Have you identified data stewards to manage data assets?

You can also use the EDM Council's DCAM (Data Management Capability Assessment Model) to evaluate your current data governance program against industry best practices.

3. Write a data governance policy

A data governance policy is a document that clarifies all the roles and responsibilities related to data governance. It defines procedures around data security, access, and compliance. The policy also describes how you’ll support and measure data quality.

For example, there should be a protocol in place for cybersecurity incidents to minimize their impact. 

4. Implement technology to streamline data governance

Technology can facilitate data governance by helping you improve data quality and protect sensitive patient information. For example, tools like  Segment Protocols can automatically detect bad data (e.g., an event that doesn’t match your internal tracking plan), and block it before it reaches downstream destinations. With Segment’s Privacy Portal, organizations are also able to automatically mask certain types of data depending on risk level and internal user permissions.  

Using the principle of least privilege to protect customer data

Twilio Segment for healthcare: revolutionizing data governance

Twilio Segment is a HIPAA-eligible CDP used by healthcare and life sciences companies to improve patient outcomes and personalize communications.

Enhancing data security

Medical records can be exploited by cybercriminals to commit fraud on multiple fronts – from purchasing prescription medication to getting approved for loans. Segment safeguards patient records by encrypting your patients’ online and offline data both at rest and in transit. It also undergoes regular security testing to expose any potential risks.

Streamlining compliance with HIPAA

Segment’s platform is HIPAA-eligible, which means it can sign BAAs to manage your patients’ PHI. In addition, Segment can streamline user suppression and deletion requests at scale, should an end user invoke their Right to Object or Right to Erasure under the GDPR or CCPA. 

Improving patient outcomes through unified data

Segment collects and unifies data from online and offline channels, including contact centers and web apps, which allows you to understand the complete patient journey.  One example is to identify patients who are more likely to develop hypertension and recommend they join a hypertension prevention program.