Case 2.2

Business Case: Data Chaos Creates Risk

Data chaos often runs rampant in service organizations, such ashealth care and the government. For example, in many hospitals,each line of business, division, and department has implemented itsown IT applications, often without a thorough analysis of itsrelationship with other departmental or divisional systems. Thisarrangement leads to the hospital having IT groups thatspecifically manage a particular type of application suite or datasilo for a particular department or division.

Data Management

When applications are not well managed, they can generateterabytes of irrelevant data, causing hospitals to drown in suchdata. This data chaos could lead to medical errors. In the effortto manage excessive and massive amounts of data, there is increasedrisk of relevant information being lost (missing) orinaccurate—that is, faulty or dirty data. Another risk is databreaches.

• Faulty data By 2015, 96% of health-careorganizations had adopted electronic health records, or EHRs(Office of the National Coordinator for HIT, 2016). It is wellknown that an unintended consequence of EHR is faulty data.According to a study published in the Journal of the AmericanMedical Association, data in EHR systems may not be asaccurate and complete as expected (Conn, 2016). Incorrect labvalues, imaging results, or physician documentation lead to medicalerrors, harm patients, and damage the organization’s accreditationand reputation.
• Data breaches More than 25 million people havebeen affected by health-care system data breaches since the Officefor Civil Rights, a division of the U.S. Department of Health andHuman Services, began reporting breaches in 2009. Most breachesinvolved lost or stolen data on laptops, removable drives, or otherportable media. Breaches are extremely expensive and destroytrust.

Accountability in health-care demands compliance with strongdata governance efforts. Data governance programs verify that datainput into EHR, clinical, financial, and operational systems areaccurate and complete—and that only authorized edits can be madeand logged.

Vanderbilt University Medical Center Adopts EHR and DataGovernance

Vanderbilt University Medical Center (VUMC) in Nashville, TN,was an early adopter of EHR and implemented data governance in2009. VUMC’s experience provides valuable lessons.

VUMC consists of three hospitals and the Vanderbilt Clinic,which have 918 beds, discharge 53,000 patients each year, and count1.6 million clinic visits each year. On average, VUMC has an 83%occupancy rate and has achieved HIMSS Stage 6 hospital EHRadoption. HIMSS (Healthcare Information and Management SystemsSociety, himss.org) is a global, nonprofit organization dedicatedto better health-care outcomes through IT. There are seven stagesof EHR adoption, with Stage 7 being a fully paperless environment.That means all clinical data are part of an electronic medicalrecord and, as a result, can be shared across and outside theenterprise. At Stage 7, the health-care organization is gettingfull advantage of the health information exchange(HIE). HIE provides interoperability so that informationcan flow back and forth among physicians, patients, and healthnetworks (NextGen Healthcare, 2016).

VUMC began collecting data as part of its EHR efforts in 1997.By 2009, the center needed stronger, more disciplined datamanagement. At that time, hospital leaders initiated a project tobuild a data governance infrastructure.

Data Governance Implementation

VUMC’s leadership team had several concerns.

1. IT investments and tools were evolving rapidly, but they werenot governed by HIM (Healthcare Information and Management)policies.
2. As medical records became electronic so they might betransmitted and shared easily, they became more vulnerable tohacking.
3. As new uses of electronic information were emerging, themedical center struggled to keep up.

Health Record Executive Committee

Initially, VUMC’s leaders assigned data governance to theirtraditional medical records committee, but that approach failed.Next, they hired consultants to help develop a data governancestructure and organized a health record executivecommittee to oversee the project. The committee reports to themedical board and an executive committee to ensure executiveinvolvement and sponsorship. The committee is responsible fordeveloping the strategy for standardizing health record practices,minimizing risk, and maintaining compliance. Members include thechief medical information officer (CMIO), CIO, legal counsel,medical staff, nursing informatics, HIM, administration, riskmanagement, compliance, and accreditation. In addition, a legalmedical records team was formed to support additions, corrections,and deletions to the EHR. This team defines procedures for removalof duplicate medical record numbers and policies for datamanagement and compliance.

Costs of Data Failure

Data failures incur the following costs:

• Rework
• Loss of business
• Patient safety errors
• Malpractice lawsuits
• Delays in receiving payments because billing or medical codesdata are not available.

Benefits Achieved from Data Governance

As in other industries, in health care, data are the mostvaluable asset. The handling of data is the real risk. EHRs areeffective only if the data are accurate and useful to supportpatient care. Effective ongoing data governance has achieved thatgoal at VUMC.

Questions

1. What might happen when each line of business, division, anddepartment develops its own IT apps?
2. What are the consequences of poorly managed apps?
3. What two risks are posed by data chaos? Explain why.
4. What are the functions of data governance in the health-caresector?
5. Why is it important to have executives involved in datagovernance projects?
6. List and explain the costs of data failure.
7. Why are data the most valuable asset in health care?

Sources: Compiled from NextGen Healthcare (2016),Office of the National Coordinator for HIT (2016), and Conn(2016).