By Matt Turner
Published on October 21, 2024
Healthcare is changing, and it all comes down to data. Leaders in healthcare seek to improve patient outcomes, meet changing business models (including value-based care), and ensure compliance while creating better experiences. Data & analytics represents a major opportunity to tackle these challenges. Indeed, many healthcare organizations today are embracing digital transformation and using data to enhance operations. In other words, they use data to heal more people and save more lives.
How can data help change how care is delivered? Value-based care is a new concept, growing in popularity and transforming the business model. It introduces a new incentivization structure for physicians, which rewards them for the value of their care instead of the quantity of care. The goal is to support better patient outcomes. Hospitals and pharmacies, too, are increasingly considering this model. Leaders are asking how they might use data to drive smarter decision-making to support this new model and improve medical treatments that lead to better outcomes.
Yet this is not without risks. Protected health information (PHA) and personally identifiable information (PII) that providers of healthcare and clinical trials manage is pursuant to privacy laws, like the HIPAA, CCPA, and GDPR, which mandate how such data can be used. This data is also a lucrative target for cyber criminals. Healthcare leaders face a quandary: how to use data to support innovation in a way that’s secure and compliant?
Data governance in healthcare has emerged as a solution to these challenges. It defines how data can be collected and used within an organization and empowers data teams to:
Maintain compliance, even as laws change
Uncover intelligence from data
Protect data at the source
Put data into action to optimize the patient experience and adapt to changing business models
First, let’s begin with a quick definition: Data governance defines how data should be gathered and used within an organization. It’s supported by processes, software, and services that help manage data policies, data quality, and data compliance. Specific components include data definitions, policies, quality, stewardship, literacy, regulatory compliance, ethics, risk management, privacy, security, and end-to-end lifecycle management. It also sets the groundwork for data security, compliance, and ethical use.
Data governance solutions are critical to organizations today, and should integrate with an organization's broader data strategy.
Data governance in healthcare refers to how data is collected and used by hospitals, pharmaceutical companies, and other healthcare organizations and service providers. It combines people, process, technology, and data within a system founded on transparency and compliance. In this way, it builds human trust in the data while ensuring the data is used properly.
An active data governance framework supports data-driven decision-making. This, in turn, empowers data leaders to better identify and develop new revenue streams, customize patient offerings, and use data to optimize operations.
Whether it’s an out-patient clinic, drug discovery and clinical research lab, or any other organization that provides treatment, tests, rehabilitation, or therapy – data security is critical. Healthcare organizations need to manage and protect sensitive information in a consistent, secure, and organized way. The implications of weak data governance in healthcare include regulatory penalties and the potential for compromised patient safety.
As Michelle Hoiseth, Chief Data Officer of Parexel, a global provider of biopharmaceutical services, said in an interview: “We needed to understand how we could leverage data that was forming in electronic medical record systems, claim systems, and pharmacy claims systems to really see the impact of new treatments.”
For Michelle, step one was “appreciating that your data is an asset to enable your business.” To make good on this potential, healthcare organizations need to understand their data and how they can use it. This means establishing and enforcing policies and processes, standards, roles, and metrics. These systems should collectively maintain data quality, integrity, and security, so the organization can use data effectively and efficiently.
Healthcare data is valuable and sensitive, so it must be protected. This is why healthcare organizations are subject to strict compliance mandates. These mandates ensure that PHA and PII data are protected and managed properly so that patients are protected in the event of data breaches.
Yet this same data is critical to improving patient outcomes. It can guide adaptation to changing business models and aid innovation, creating better patient experiences. But again, how you work with this data is subject to compliance scrutiny. The people working with it need guidance if they’re to use it appropriately.
Here is a closer look at some of the leading reasons your team should implement data governance to enable you to use and protect this data:
Healthcare organizations often have many different databases to manage their diverse data and often have multiple databases handling the same information. However, grouping that data intelligently and making sure the right data is being properly used is a challenge.
Intellectual property, like medical research data, often contains PHI and PHA. For example, in large databases for pharmaceutical companies, medical trial data may include both the pharmaceutical research and the study population’s personal information. Anonymized versions of that data may also be generated and shared, creating multiple data sources with the same information.
Hospitals, too, often collect PII and PHA in multiple systems. Duplicative data is common, as a patient may see more than one specialist or have visits in more than one facility. Storing the same data in multiple places can lead to:
Human error: mistakes when transcribing data reduce its quality and integrity
Multiple data structures: different departments use distinct technologies and data structures
Data governance is the solution to these challenges. How can you improve the patient journey, when you don’t have accurate data from every touchpoint of that journey? How can you analyze business models without great operational data from across the organization?
Improving the patient experience requires combining this data to put it into action. Data governance not only provides a transparent framework for correct usage. It ensures quality data forms the foundation of all insights. A mountain of duplicate data can open the door to unintentional non-compliance. It can even diminish the overall quality of the data over time.
Effective data governance directly impacts patient outcomes by ensuring that healthcare organizations have access to accurate and timely information. When data is well-governed, clinicians can make informed decisions that enhance patient safety and care quality. This leads to better diagnosis, reduced errors, and improved treatment plans, ultimately fostering trust between patients and providers.
State, federal, and regional governments all understand that cybercriminals want PHI and, increasingly PHA. To protect this information, legislative bodies mandate strict rules for handling this sensitive data. Today, lawmakers impose larger and larger fines on the organizations handling this data that don’t properly protect it.
More and more companies are handling such data. No matter where a healthcare organization is located or the services it provides, it will likely host data pursuant to a number of regulatory laws.
To meet compliance requirements, healthcare organizations need to know where all sensitive information is located and be able to prove it’s governed effectively.
Cybercriminals have nearly always targeted PHI and are increasingly focusing on healthcare. Whether they want to steal identities, sell data, or hold information hostage, these actors recognize that such data has a financial value.
Recent news related to healthcare data breaches include:
In the first nine months of 2024, the American Hospital Association reported that nearly 400 cyber attacks were reported in the healthcare industry.
The average cost of a healthcare data breach is $9.77 million in 2024, the most expensive of any industry and double that of the overall average cost of $4.88 million.
In 2023, about 1 in 3 Americans were affected by health-related data breaches as 133 million health records were exposed.
The HIPAA Journal reported that, even in 2024, the largest single healthcare data breach occurred at Anthem Inc. in 2015 and involved the records of 78.8 million individuals.
An overabundance of data can challenge an entity’s ability to protect it. Indeed, an organization can’t protect information if it doesn’t know what it has or where it lives. Clear data governance policies and processes start with implementing a data catalog and labeling private data accordingly. This knowledge empowers data leaders to take appropriate action to both protect and use it compliantly.
Healthcare organizations must navigate a complex landscape of regulations that dictate how data should be managed and protected. Key regulations such as HIPAA and the HITECH Act establish stringent requirements for patient privacy and data security. Understanding these regulations is crucial for healthcare providers to maintain compliance, avoid hefty fines, and safeguard patient trust.
Some important compliance regulations include:
Health Insurance Portability and Accountability Act (HIPAA): US federal law protecting patient data privacy
Health Information Technology for Economic and Clinical Health (HITECH) Act is a US federal law that promotes the use of health information technology to improve healthcare quality, safety, and efficiency.
General Data Protection Regulation (GDPR): European Union law protecting data subject privacy
California Privacy Rights Act (CPRA): US state law protecting consumer personal information privacy
Payment Card Industry Data Security Standard (PCI DSS): Payment industry compliance requirement protecting cardholder data
Aligning data governance strategies with healthcare compliance standards involves creating policies that not only meet regulatory requirements but also promote best practices. Organizations should conduct regular audits, training sessions, and updates to their data management frameworks. This proactive approach helps ensure that data governance efforts are robust and responsive to evolving compliance landscapes.
Organizations should deploy a robust healthcare data governance solution to help manage data definitions, policies, stewardship, regulatory compliance, risk management, and more.
Healthcare organizations often face challenges such as data silos, lack of standardization, and inadequate data quality. These issues can lead to poor decision-making and compliance risks. To overcome these challenges, organizations should implement comprehensive data governance frameworks that include clear policies, strong leadership commitment, and effective data stewardship to foster a culture of accountability and continuous improvement.
As healthcare organizations grow, they need scalable data governance practices to both keep private data secure and remain financially competitive. From engaging in research to providing emergency care, healthcare organizations must ensure that they can efficiently and effectively use data.
A well-structured data governance framework is essential for healthcare organizations aiming to manage their data effectively. Best practices include establishing a data governance committee, defining data ownership, creating clear policies for data access, and implementing regular training programs. By adhering to these practices, organizations can enhance their data quality, improve compliance, and better serve their patients.
Here are six steps to get you started in building an effective data governance framework in healthcare:
Healthcare organizations have many data use cases. At the outset, the organization must decide how data governance fits into the business goals and define objectives accordingly. For example, some goals might include:
Determine growth, competitive, or other strategies
Increase patient engagement
Decrease adverse medication effects
Increase patient telehealth service usage
Reduce audit times
Mature security and privacy posture
Each of these goals will require different types of information. To use that information compliantly, data teams must work within a transparent governance framework.
PHI is arguably the highest-risk data that a healthcare company manages. In order to stay compliant and provide the best patient care possible, identifying and categorizing PHI should be a top data governance priority.
It’s also important to make sure that information is properly categorized across all areas of the organization, including:
Clinical data
Lab data
Payment processing data
Where data lives and how it’s classified will determine how it’s governed. Compliance audits require that sensitive data be marked accordingly, with evidence that demonstrates usage in line with regulatory law.
Case study: Watch this video to learn how Genentech empowered data analysts to identify the right data, accelerated data analysis times, and removed data management barriers.
Privileges and permissions define who can access what data, and what they may do with it. As a best practice, data access should be governed according to the principle of least privilege. This means limiting access to information as much as possible without getting in the way of someone’s ability to do their job.
The healthcare industry has a growing number of interoperability standards, which dictate how information is stored and shared between devices. Before you assign privileges it’s important to:
Define types of data that different areas need to access
Define who within a functional area needs to access the data
Outline how they can access the data, including details about devices, geographic locations, and time of day
For example, a phlebotomist needs to know the patient’s name and date of birth. However, they may not need access to the patient’s entire medical history. Too much access increases the risk that data can be changed or stolen.
Case study: Watch this video to learn how AbbVie increased biopharmaceutical data access by breaking down silos, increasing discoverability, and fostering collaboration.
In healthcare especially, data integrity is incredibly important. Low quality, unused, or “stale” data can negatively impact research by skewing findings. From a physician’s perspective, bad data can lead to care issues.
For example, outdated patient prescription information can impact a doctor’s diagnosis and treatment plan. Keeping data fresh helps to achieve both care and operational goals.
Case study: Learn how VillageCareMAX increased healthcare plan data integrity and trust in data to boost data collaboration and decision-making confidence.
It’s important to have the right people with the right training in charge of data governance. To do this, you should create teams based on role, including practitioners, IT team members, and finance.
Accountability is important. Every functional area that manages sensitive information needs to ensure that the data managers, data owners, and data analysts understand their responsibilities. Data owners are in charge of their data, and they must know who has access and who should have access.
In addition, adding a Chief Data Officer (CDO) can help maintain best data governance practices. The CDO acts as a point-of-contact within the organization for data managers maintaining the daily activities.
Case study: Learn how HBF Health Ltd. enabled users of all roles across the company to find, track, and gain insight from data
At this point, you should reference back to the goals you set in Step 1. If your goal was to increase patients’ telehealth services usage, for example, you’ll need benchmarks of current usage to measure change with time. Dashboards are useful means to track such change.
Once you have baseline metrics, you can monitor change over time and measure the impact of business efforts on achieving the goals you’ve set. This takes time, attention, and patience! Don’t feel frustrated if you don’t see results immediately.
Finally, data governance is a cycle. As you measure your progress, you may spot areas where you could get better. It’s important you make those changes as you go. This ensures you continuously improve your governance process.
Data governance should not exist in isolation; it must be integrated with other healthcare initiatives such as electronic health records (EHR) systems, quality improvement programs, and population health management strategies. By aligning data governance efforts with these initiatives, organizations can ensure that data is leveraged effectively across the board, leading to improved operational efficiencies and better health outcomes.
Artificial intelligence (AI) is transforming data governance in healthcare by finding and identifying data sources, automating data management tasks, and enhancing data analytics capabilities. With AI, healthcare organizations can streamline their data governance processes, identify anomalies in data sets, and derive actionable insights much faster. However, it's vital to implement AI responsibly, ensuring that ethical standards and patient privacy are maintained throughout.
As technology evolves, the future of data governance in healthcare will be shaped by advancements in big data, machine learning, and data privacy regulations. Trends such as the increasing focus on patient-centric data models, the integration of blockchain for data integrity, and the rise of automated governance solutions will redefine how organizations manage their data. Staying ahead of these trends will be crucial for healthcare providers to remain competitive and compliant.
Whether your healthcare organization is looking to optimize patient care, improve research processes, or meet compliance requirements, data governance is mission-critical. Alation’s data catalog creates a standardized view of assets and ensures consistent data quality. Alation’s Data Governance App then helps you create the policies and procedures needed to make sure that the right data is used and that it is used properly.
For Michelle Hoiseth, Chief Data Officer of Parexel, this approach now means that “People see who is accountable for that data, the viability or quality of that data, classification or other limitations of use. They are then able to create a direct connection with people whose job it is to help them get their data needs met, no matter who you are or where you are in the business”
By consolidating data in a single location and making sure it is used properly, everyone in healthcare, including researchers, clinical trials, and care providers, can make better-informed decisions. Better decisions impact the outcomes for patients, help navigate changing business environments and value-based care and, overall, improve the experiences for everyone in their organization.
What is data governance in healthcare?
Data governance in healthcare refers to how data is collected and used by hospitals, pharmaceutical companies, and other healthcare organizations and service providers.
Why is data governance in healthcare important?
Healthcare data is valuable and sensitive, so it must be protected. Yet this same data is critical to improving patient outcomes. It can guide adaptation to changing business models and aid innovation, creating better patient experiences.
Data governance in healthcare refers to how data is collected and used by hospitals, pharmaceutical companies, and other healthcare organizations and service providers.
Healthcare data is valuable and sensitive, so it must be protected. Yet this same data is critical to improving patient outcomes. It can guide adaptation to changing business models and aid innovation, creating better patient experiences.