An enterprise-wide information governance (IG) program is a key component to preventing security breaches and ensuring the privacy of all information within healthcare organizations, according to an American Health Information Management Association (AHIMA) presentation at the National HIPAA Summit today.
In her presentation, Kathy Downing, MA, RHIA, CHPS, PMP, Senior Director, Information Governance, AHIMA, said the ever-increasing frequency of electronic communications in the workplace makes IG a business imperative for healthcare organizations. Privacy and security officers are tasked with safeguarding against data breaches and protecting not only health records, but employee information and intellectual property.
“We’re seeing a flood of information flowing through healthcare organizations whether it’s patient electronic health records, employee email correspondences, social media posts or even physician text messages,” said Downing. “A strong and continuous IG program aimed at securing confidential data of all types, not just clinical, is key to ensuring an organization’s information is secure.”
As the amount of information and access to data grows, the role of privacy and security officers must also evolve to lead IG efforts, Downing said.
Once focused largely on protecting clinical information and ensuring compliance, with their knowledge and skills, privacy and security officers are poised to take on the role of chief information governance officer (CIGO). The CIGO is responsible for driving enterprise-wide management of privacy and security of information through a continuous IG program.
“We are experiencing a new era in privacy and security,” said Lynne Thomas Gordon, MBA, RHIA, CAE, FACHE, FAHIMA, CEO, AHIMA. “The emerging role of chief information governance officer makes certain that an IG framework is enterprise-wide to ensure the security of all types of information as well as access to quality information when needed.”
Reporting to senior leadership, the CIGO should drive new standards, processes and initiatives including procedures to protect patient and organization information from social media or mobile device breaches.
“Too often social media content or information shared on mobile devices is not managed by an organization’s IG policies,” Downing said. “Having a CIGO responsible for IG will help ensure policies are put in place so information is secure and organizations are compliant.”
To protect information shared on mobile devices, AHIMA recommends organizations develop operating standards and consider text encryptions to secure messages and protect against Health Insurance Portability and Accountability Act (HIPAA) violations. Similarly, an organization’s IG framework for social media should include a social media policy, controls and operations guidelines as well as sanctions for violations.