Demystifying Healthcare Data Governance: An Executive Report
In addition to the data warehouse toolset described above, the data governance committee is the proper executive sponsor for the development of the skillsets necessary to achieve the aspirations of the organization. Those skillsets include a data analysis team and the IT skills to manage the data warehouse. At this point, the committee would also start defining the general principles for determining who will have access to which data in the EDW, and the processes for approving and auditing that access. A critically important role in the processes for reviewing and approving access to the data content of the data warehouse is the data stewards.
Data Governance Role: Data Stewards
The data steward is an emerging and very important role in healthcare. Data steward candidates are those employees who are at the frontlines of data collection in the organization and understand how data is collected in their area of responsibility, how the information systems that support their areas collect this data, and any shortfalls or quality problems in that data. They are the equivalents of subject area experts in a library. Healthcare data stewards can include nurses, physicians, registration clerks, registry managers, billing and coding staff, cost accounting staff, and researchers. They typically have been underappreciated in their role as the originators and stewards of data in the organization.
In the implementation of an analytic use case, the data governance committee will rely heavily upon the data stewards whose data areas will be included in the use case. For example, it is common for the manager of the hospital registrars to serve as the data steward for the data collected in the process of registering and scheduling a patient for a clinical encounter. This includes critical data such as the patient’s name, gender, insurance coverage, and—especially—the master patient identifier. It is also very common for nurse managers to function as data stewards for the data collected in their areas of responsibility. Chief medical informatics officers (CMIOs) also commonly serve as data stewards for the data collected by physicians in the organization’s EMR. All of these data stewards will participate in the development of an analytic use case to ensure that the data targeted for use in support of the analysis is, in fact, appropriate for the analytic use case. The data stewards will also serve as data content experts and advisors to data architects and data analysts, in general.
Data Governance Role: Data Architects and Programmers
With the consultation of the data stewards, data architects and programmers will translate the aspirations of the executive team and data governance committee into the technical implementation of the analytic use case in the EDW. They will extract data from the source information systems such as registration, EMR, revenue cycle, and cost accounting; ensure that that data is properly modeled and stored in the EDW; bind and organize that data to support the specific analytic use case; and determine the best way to expose and share that data with the executive team, using tools for data visualization and manipulation, such as Excel, Cognos, QlikView, SAS, etc.
Data Governance Role: Database and System Administrators
Database and system administrators implement and configure the auditing and access control systems of the EDW in a manner that reflects the high-level principles for data access and security as outlined by the executive team and data governance committee. The database and systems administrators must also work closely with the data architects and programmers to ensure that data content and visualization applications are integrated with the operating systems and the database management systems supporting the data warehouse. Upon approval by the data stewards, the data architects and programmers will provide the systems and database administrators with the names and roles of the people in the organization approved for access to the contents of the data warehouse.
Data Governance Role: Data Access Control System
The data access and control system is embedded in the operating system and database management system supporting the EDW. The system provides the means for associating the user names of the people logging into the EDW with their authorized levels of access to the data content and visualization applications. The access control system also provides an audit trail for tracking who accessed what data and when.
Data Governance Role: Data Analyst
If functioning properly, all six layers in the data governance ecosystem work together in complementary fashion to provide a supportive environment for data analysts. It is worth noting, in this context, a data analyst can be anyone from a very technical data engineer working in a business or clinical unit to a member of the board interacting with an online organizational scorecard. In a fully mature, data literate culture, everyone is a data analyst in the scope of their role in the organization.
Managing the Roles of a Data Warehouse
Role management in a data warehouse is a worthy of a separate blog or white paper, but in summary, constrain the number of roles in an EDW as much as possible. The director of the EDW should be the data steward for EDW roles; role management should not fall to the systems or database administrators. Experience shows that if the roles are not carefully managed and constrained, the number of roles grows exponentially, making management of them very difficult. These difficulties manifest themselves in security risks and inappropriately limiting access to data—that is, some analysts will accidentally receive access to data that they are not authorized to view and some analysts will be restricted from data that they need and are authorized to view. From a data analyst perspective (not a programmer or data architect working at the system level, which will require more complex read/write access to data content areas) it is best to use “late binding” philosophy, starting with only two access roles and expanding the number of roles from there only when thoroughly justified by a use case. Those two roles are: (1) Personal Health Information Access (PHI); and (2) De-Identified Data Access—that is, all data that is not patient identifiable. Over time, additional roles will likely be required to accommodate other use cases and data content, such as employee identifiable data, physician identifiable data, and extremely sensitive patient data (such as behavioral health data, HIV status, drug and alcohol addiction, and others). State regulations and laws typically define these sensitive data areas.
Who Is on the Data Governance Committee?
The data governance committee is an executive-level committee and should include the chief analytics and/or chief data officer, chief information officer, chief medical officer, chief medical informatics officer, chief nursing officer, chief financial officer, and if applicable, chief clinical research officer. In today’s healthcare industry, these people and roles represent the vast majority of data in the environment, as both consumers of data analytics and producers of data content. In rare cases, data governance committees in healthcare also include patient representatives; this will become more common in the future.
The chief analytics/chief data officer is a new role in healthcare that will become progressively important as the focus on accountable care grows and healthcare organizations realize the value of data in improving the quality of care they deliver and the role that data can play in reducing waste and improving financial margins. People in this position will be business and data generalists, capable of understanding and supporting the analytic needs of all C-levels in the healthcare executive team, as well as their staff. They will think and act strategically to help build a data literate culture and to fully exploit the value of data for the benefit of their organizations.
The CIO tends to function as a general data technologist. CIOs are in a strong position to understand not just the technology issues of data but the utilization and management of data in healthcare. For CIOs who prefer to operate at the application and data content layers of the information technology stack (versus the lower levels of the stack in networks, servers, desktops, and data centers), they can become leading candidates for the emerging roles of chief data officer and chief analytics officer.