Data Governance and Ownership: HIT and the Imperative of Strong Electronic Health Vendor Relationships

December 2016

By Rene S. Cabral-Daniels, JD, MPH, CEO of Community Care Network of Virginia, Inc.

Recent healthcare literature is replete with articles regarding the importance of paying greater attention to healthcare data. Many suggest a healthcare organization’s ability to harness data value is the fulcrum to the organization’s success or failure. While these articles encourage greater use of healthcare data, they often fail to inform health entities of the importance of assuring proper data ownership as well as stewardship, integrity and dissemination.

Data requirements: what they are and what they aren’t
Healthcare leaders may mistakenly believe that compliance with the Health Insurance Portability and Accountability Act (HIPAA) health data protection sections insulate them from any potential legal claims. HIPAA is an important, albeit complex, federal law that addresses both health data protection as well as confidential handling of protected health information (PHI). The determination of data ownership as well as necessary PHI protection is further complicated by the use of electronic health records (EHR). Health records no longer reside on a shelf in a doctor’s office but can now be shared by few keystrokes on a computer. EHR usage changes the parameters of astute data governance responsibility from one concerned with data ownership to one focused on data stewardship.

Recent legislation promoting quality-based payments such as the Medicare Access & CHIP Reauthorization Act (MACRA) and the 824-page final rule describing implementation assure the use of electronic health records will continue to grow. The parameters of this growth are carefully prescribed in section 1848(o)(2)(A)(iii) of MACRA and the definition of “meaningful EHR user” under 42 CFR 495.4, which require eligible professionals to report on Clinical Quality Measures selected by the Centers for Medicare and Medicaid Services using only certified EHR technology, as part of being a meaningful EHR user under the Medicare EHR Incentive Program.

EHR use by providers is already rather substantial. According to the Office of the National Coordinator for Health Information Technology, in 2015, 96 percent of all non-federal acute care hospitals possessed certified health IT. While small rural and small urban hospitals had the lowest rates at 94 percent, 96 percent of critical access hospitals had certified health IT. Clearly, EHR vendors and their products are an integral part of data usage and PHI confidentiality, the keystones of data governance efforts.

Data governance: key component of care delivery models
Many healthcare organizations struggle with data governance. A 2014 American Health Information Management Association (AHIMA) survey of over 1,000 healthcare professionals revealed only 11% characterize their data governance programs as being mature while over 50% of the respondents did not have governance practices in place.[i]
The Health Information Management and Systems Society (HIMSS) has an excellent resource on overcoming data governance obstacles. The article is entitled, “A Roadmap to Effective Data Governance: How to Navigate Five Common Obstacles” and defines data governance as “the exercise of decision-making and authority for data-related matters.” [ii] The article analogizes the importance of having an effective data governance program seamlessly embedded within the overall management and operational practices to patient safety as an integrated component of a comprehensive care delivery model in any healthcare system. One obstacle identified is not addressing data governance from an enterprise perspective, which can perpetuate data integrity challenges.
Data integrity: accuracy, quality, and completeness
Assuring data integrity is certainly an essential component of data governance. Data integrity is defined by the Department of Health and Human Services’ Office of Civil Rights as “the property that data or information have not been altered or destroyed in an unauthorized manner.” Note that the alteration is not limited to intentional alteration; unintentional or mistaken alteration can compromise data integrity.
Data integrity is particularly challenging for both providers and EHR vendors when it concerns patient identity. Accurate patient identity is an imperative. Health information exchange cannot be accomplished in a manner that assures integrity without first assuring patient identity integrity. AHIMA defines patient identity integrity as “the accuracy, quality, and completeness of demographic data attached to or associated with an individual patient. This includes the accuracy and quality of the data as it relates to the individual, as well as the correctness of the linking or matching of all existing records for that individual within and across information systems.” While data integrity must be the cornerstone of any institutional health provider’s data governance principles, individual healthcare providers must communicate often with their EHR vendors to be certain that the correct patient’s health information is the information being exchanged.
Data dissemination: the call to collaborate with vendors
The final area regarding data governance concerns data dissemination. This area has the greatest potential for achieving excellence for providers by nurturing a strong partnership with EHR vendors. Data dissemination is occurring at unprecedented rates, and its future upward trajectory is projected to be even greater. MACRA includes a provision that expands the availability of Medicare claims data which took effect on July 1, 2016. This section expands how qualified entities will be allowed to use and disclose Medicare data under the qualified entity program.

Another MACRA provision that advances data dissemination is one that aligns with earlier efforts promoting interoperability. The tenets of the Certified EHR Technology criteria, which promote application programming interfaces that allow for interoperable data sharing necessary for big data analytics and population health management, will likely be coupled with MACRA’s Advancing Care Information (ACI). ACI will count for 25 percent of the Merit-Based Incentive Payment System (MIPS) attestation score in the first year of participation. MIPS advances population health management and care coordination by utilizing health IT that relies on open application programming interfaces (APIs) and an app-based approach to technology. Because APIs can be customized, providers will need to join forces with EHR vendors if they are to realize the financial benefits afforded by MIPS.

In summary, true data governance will not be possible without a strong partnership with EHR vendors. The partnership must go far beyond payment for services and assuring a business associate agreement (BAA) is executed. The BAA must be customized so that both parties have a meeting of the minds regarding data governance and other important factors that are memorialized in writing. Strong data governance must involve meaningful EHR vendor participation if it is to be sustainable.  

Community Care Network of Virginia, Inc. (CCNV), a community health center-owned and governed provider network, was legally incorporated as a statewide network organization in 1996 consistent with the Affiliation Policies of the Bureau of Primary Health Care. CCNV has a long, successful history of providing integrated, network-based services and programs to Virginia’s health centers, including the acquisition and implementation of a centralized practice management system, help desk, and support infrastructure commencing in 1999. Rene Cabral-Daniels currently serves on the NCHN board of directors.

[1] Cohasset Associates, "2014 Information Governance in Healthcare Survey." American Health Information Management Association, May 2014; at  
[2] See 'definitions of Data Governance.' The Data Governance Institute; at

Networking News

Using Network Analysis For Evaluation and Design

December 2017

The effectiveness of any collaborative group is highly dependent on the quality of connections that exist among participants. This article describes a sample network to show how network leaders can use Social Network Analysis to measure relationships, increase collective self-awareness, and maximize collaboration strategically.

Networking News

Identifying Measures to Evaluate Network Progress

September 2017

This article describes approaches to measuring results when you want to tell the story of a rural health network's development. It provides ideas for questions to include in annual surveys and offers suggestions for how to use data collected from members and stakeholders.

Networking News

Why Communication Planning is Different for Networks

August 2017

Because of the unique nature of networks, successful communication planning often means embracing approaches that diverge from traditional tactics. This article discusses how to build effective network communication strategies and shares insights on common challenges and solutions.

Networking News

Leadership Influence Without Authority

May 2017

Understanding the motivational priorities for different personality styles can help a leader be aware of how to frame information when influencing others. This article provides a number of steps that rural health network leaders can take as they work on strengthening their credibility and building influence.

Networking News

Aligning and Streamlining Your Planning Efforts for Long-Term Success

April 2017

In taking a systems approach, rural health networks are often encouraged to create working plans that document their commitment to, and strategies for, achieving a shared vision in a number of different focus areas. This article outlines the different purposes of several plans and how they can be connected to one another.

Networking News

From Silos to Bridges: Collective Action to Build Rural Health Care Capacity

January 2017

Rural health networks often serve as bridges among different organizations and groups throughout a community. This article describes what brings stakeholders to the table, why they stay engaged in network activities, and how they can address their collective challenges in rural health care together by building connections.

Networking News

How an Understanding of Lean Can Support Network Objectives

November 2016

Performance improvement systems and tools can support the problem-solving processes of rural health networks by offering straightforward methods for analysis and implementation. This article outlines some of the ways that network leaders can benefit from the Lean methodology.

Networking News

Sharing Data in Collaborations

March 2016

This article provides a step-by-step process for preparing rural health networks for HIT interoperability and health information exchange.