Say the word “governance” to most people, and you are likely to witness a yawn or an eye roll in response. To put it mildly, governance is not a sexy topic or one that most want to discuss over cocktails.
However, don’t understate the importance of enterprise governance of information and technology (EGIT) in the healthcare context. Unlike many other industry sectors, mistakes in technology governance and operations in healthcare can lead to serious injuries or even death. Applicable regulations also heavily drive the need for – and approaches to – healthcare information and technology governance.
Despite this, governance is often taken for granted and exists with little or not enough attention paid to it. This, in many cases, limits the value that a systematic approach to governance can have.
Governance, in many respects, serves as the umbrella set of responsibilities and practices to which an enterprise’s operations are obligated to or voluntarily adhere – either because of statutory or regulatory requirements or due to an enterprise culture, ethics and behaviors.
This set of “rules” is comprised of policies, procedures, protocols, security defenses, controls, level of risk appetite, etc., to ensure that stakeholders of the enterprise are receiving value.
Governance starts at the board level, cascades to the individual IT contributor and demands recognition as a concept by all. This recognition matters to these constituencies because they either set or must comply with governance policies.
The various stakeholders may have competing goals and values, which complicates these processes.
For example, the patient-stakeholder wants to ensure their data is kept private while simultaneously receiving the best possible treatment at the most cost-effective price. For-profit pharmaceutical company-stakeholders are interested in patient safety, but also maximizing value for their shareholders in terms of increased revenue. Good governance will balance the needs of all stakeholders to ensure the creation of value for all.
What does good governance of enterprise information and technology accomplish in the healthcare sector?
EGIT at your doctor’s office or hospital affects patients and consumers, and those patients should not be complacent about asking questions about the security and privacy protections in place protecting their data. In some cases, patient-initiated questions about security protocols in place can lead to improved measures on the part of the healthcare provider.
Effective information and technology governance can seem dauntingly complex given the regulatory context of the healthcare industry and competing stakeholder goals. Most governance requirements, however, originate with logical and straightforward principles:
The views and opinions expressed in this blog or by commenters are those of the author and do not necessarily reflect the official policy or position of HIMSS or its affiliates.
At HIMSS, our vision is to realize the full health potential of every human, everywhere. Be part of the community that’s transforming the global health ecosystem with courage, curiosity and determination.
Originally posted August 31, 2017; updated March 12, 2019