AHIMA: Information governance key to cyber security, data privacy

March 23, 2016

An enterprise-wide information governance (IG) program is a key component to preventing security breaches and ensuring the privacy of all information within healthcare organizations, according to an American Health Information Management Association (AHIMA) presentation at the National HIPAA Summit today.

In her presentation, Kathy Downing, MA, RHIA, CHPS, PMP, Senior Director, Information Governance, AHIMA, said the ever-increasing frequency of electronic communications in the workplace makes IG a business imperative for healthcare organizations. Privacy and security officers are tasked with safeguarding against data breaches and protecting not only health records, but employee information and intellectual property.

“We’re seeing a flood of information flowing through healthcare organizations whether it’s patient electronic health records, employee email correspondences, social media posts or even physician text messages,” said Downing. “A strong and continuous IG program aimed at securing confidential data of all types, not just clinical, is key to ensuring an organization’s information is secure.”

As the amount of information and access to data grows, the role of privacy and security officers must also evolve to lead IG efforts, Downing said.

Once focused largely on protecting clinical information and ensuring compliance, with their knowledge and skills, privacy and security officers are poised to take on the role of chief information governance officer (CIGO). The CIGO is responsible for driving enterprise-wide management of privacy and security of information through a continuous IG program.

“We are experiencing a new era in privacy and security,” said Lynne Thomas Gordon, MBA, RHIA, CAE, FACHE, FAHIMA, CEO, AHIMA. “The emerging role of chief information governance officer makes certain that an IG framework is enterprise-wide to ensure the security of all types of information as well as access to quality information when needed.”

Reporting to senior leadership, the CIGO should drive new standards, processes and initiatives including procedures to protect patient and organization information from social media or mobile device breaches.

“Too often social media content or information shared on mobile devices is not managed by an organization’s IG policies,” Downing said. “Having a CIGO responsible for IG will help ensure policies are put in place so information is secure and organizations are compliant.”

To protect information shared on mobile devices, AHIMA recommends organizations develop operating standards and consider text encryptions to secure messages and protect against Health Insurance Portability and Accountability Act (HIPAA) violations. Similarly, an organization’s IG framework for social media should include a social media policy, controls and operations guidelines as well as sanctions for violations.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?