The reliability of the current state of health information is extremely limited.
EDITOR’S NOTE: Dr. Joseph Nichols is producing a five-part series on healthcare data for ICD10monitor. This is the third installment in his exclusive series.
This article is focused on that component of the health information domain related to data management. As mentioned in the first article, the following are high-level requirements for data management:
- A structured database design that represents accurate relationships of concepts at all levels.
- Governance of data to ensure reliability, standardization, and comparability over time and across enterprises.
- Technical and non-technical support to keep data secure and privacy protected.
As mentioned in the introduction to this series, data has no innate value without properly structured storage and retrieval mechanisms. Like words, data elements can be defined and collected, but the structure and relationship of the elements are critical to providing contextual meaning.
Proper database and system design require extensive business knowledge to guide the design process. Many organizations rely on data architects or other developers to design databases to support their business. Unfortunately, the process of defining entities (tables) and columns (attributes) requires an in-depth knowledge of the business domain. Without proper input from knowledgeable business and operational resources, the developer may make assumptions about definitions of entities and attributes and their relationships that may be incorrect or incomplete. Systems will not be able to accurately collect or deliver data for analysis if definitions are not correct and relationships are wrong. Since many systems lack published and appropriately maintained data dictionaries, users may assume that the data represents something that it does not.
Example: A developer creates a table called “providers.” The definition of the table is not clearly documented, and the developer makes assumptions about which providers’ data should be included or excluded from the table. Should it include persons, facilities, and/or support staff? What type of data elements or attributes should be included in the table? How are those attributes being defined? What is the relationship between the provider table and the payor table; is it one-to-many, or many-to-many? Is there a recursive relationship between providers? In other words, a relationship between one provider and another? What data should be captured about relationships? The answers to these questions and the design needed to support the business require a close working relationship between those with business domain knowledge and those with the technical knowledge, in order to develop the proper design to support business needs.
- The organization needs to establish and maintain a database design team that includes representation from all of the appropriate technical and business stakeholders, to ensure that business knowledge and technical support for business needs is an integral part of every database-related decision.
- All tables and data elements should be fully documented and available for reference so that both technical staff and business staff have a shared understanding of the content available, relationships, and potential limitations.
- The design should provide support for past and future changes in the enterprise to ensure continuity of data collection and analysis over time. That design should support the addition of new tables and data elements over time, without compromising historical data.
- Testing should ensure that physical implementation of the database is consistent with the intended logical design.
Data Governance, Standardization, and Quality Controls
Data governance should be supported and sponsored from the highest level of the organization, as business continuity and the organization’s success are dependent on the availability and use of reliable, accurate information. Policies should be established that ensure data quality and integrity, and those policies require strong executive support for enforcement.
The following represent key requirements for data governance that appropriately support the organization:
- Commitment and support from the highest executive level.
- All relevant stakeholders, through delegated representatives, need to be involved in the development of data governance standards and the processes for adherence to those standards, including these organizational domains:
- Business Operations:
- Information technology
- Clinical Operations:
- Direct patient care
- Clinical support (lab, pharmacy, x-ray, etc.)
- Clinical value measurement and other research
- The data governance process must be institutionalized, ongoing, tested, and empowered.
- Policies should include:
- Use and maintenance of standards
- Creation, maintenance, and transparency of data dictionaries and database design documentation
- Required system input controls and constraints
- Access requirements
- Data archiving
- Definition and logic for aggregation or categorization of data
- Change control to ensure longitudinal data integrity
- Monitoring security, integrity, and privacy
- Recovery and business integrity support
- Business Operations:
Integrity, Security, and Privacy
A critical requirement for effective data management includes the areas of integrity, privacy, and security.
Integrity refers to reliability, consistency, and standards control over source data input and database protection to ensure that data meets the level of nonrepudiation. In other words, all users or stakeholders should be able to rely on the fact that the data represents, as accurately as possible, facts that are actually observed – and that those facts are “tamper-proof.”
Security refers to the system and governance support to make sure that improper access to the system does not occur.
Privacy refers to controls in the system to protect confidential data. Only those with a right or need to know should have access to information that is considered confidential for any reason.
Of course, without the appropriate data governance structure, there is no assurance that any of these requirements will be met.
Potential solutions related to data governance, standards, data quality control, integrity, security, and privacy are intertwined, and should be considered together.
- Executive leadership, active participation, and empowerment are critical to any success in these areas. The issues related to proper system design, data quality, and data integrity should be prioritized and ingrained in the culture of the entire organization. The measured quality of organizational information should be a key indicator in determining executive performance.
- Representatives of all relevant stakeholders in every domain should actively participate in the design, policy development, and testing of the system and databases to ensure that the enterprise information is accurate, reliable, and protective of the integrity and overall success of the organization, as well as the clients (patients) cared for by the organization.
- An overall data governance model needs to be designed and implemented to ensure that requirements are met as outlined above.
- Testing should be an ongoing part of development and maintenance of all systems and supporting databases to ensure that policies are enforced.
- System controls should be implemented to guide proper data input and protect against non-standard or inappropriate data input, wherever possible.
- Ongoing education of all relevant stakeholders and system users should continually enforce best practices for data entry and data retrieval.
Data management represents one more critical step on the road to improved health information quality. The first step, data acquisition, is essential, as no subsequent action can solve the issue of incomplete or inaccurate information gathered from the source. Assuming that data acquisition is properly addressed, however, data management is the next link in the critical pathway. Data management is not the sole responsibility of technology. Design, governance, and system integrity are the responsibility of the entire organization, and cannot, and should not, be accomplished through technology resources alone.
Programming Note: Listen to Dr. Nichols report this story live today during Talk Ten Tuesday, 10-10:30 a.m. EST.