Provide a research paper in APA format with detail description of the Information Governance
Policy/Program for CITY GENERAL HOSPITAL following the sample template provided below.
Information about the CITY GENERAL HOSPITAL is provided after the Sample Template
SAMPLE TEMPLATE FOR FORMAT AND CONTENT OF AN
INFORMATION GOVERNANCE POLICY
The remainder of this paper was reproduced for educational purposes in its
entirety from: https://www.infogovbasics.com/creating-a-policy/
A Definition of Scope
The framework should begin by establishing the full extent of the Information Governance program.
An example of this could be:
“The Information Governance framework covers all staff that create, store, share and dispose of information.
It sets out the procedures for sharing information with stakeholders, partners and suppliers. It concerns the
management of all paper and electronic information and its associated systems within the organization, as
well as information held outside the organization that affects its regulatory and legal obligations.”
Roles and Responsibilities
The first major section of most frameworks clearly define key roles and their responsibilities,
including:
Information Governance Committee
Information Governance Team
Information Risk Management
Information Asset Management
Records Manager
Line-of-Business Managers
Employees
Information Policies
Information Governance covers a wide range of policies. The framework should set out which
corporate policies are relevant to the Information Governance program. These may include:
▪ Information security policy
▪ Records management policy
▪ Retention and disposal schedules
▪ Archiving policy
▪ Data privacy policy
▪ ICT policy
▪ Information sharing policy
▪ Remote working policy
Information Procedures
A major part of the Information Governance framework should set out how the organization and its
employees work with information. This can be broken into separate sections covering:
▪ Legal and regulatory compliance
▪ Creating and receiving information
▪ Acceptable content types
▪ Managing the volume of information
▪ Managing personal information
▪ Storing and archiving information
▪ Collaboration and sharing information
▪ Disposing of information
Working with Third Parties
As more and more information that affects a business is created and stored elsewhere it is essential
to establish how the organization operates and shares information with stakeholders, partners and
suppliers. The framework should:
▪ Define the policies for sharing information with third parties
▪ Define how the organization can manage how third parties handle personal and confidential information
▪ Define how Information Governance fits within supplier relationships and contractual obligations
▪ Define measurement and metrics for third party meeting the organization’s Information Governance
goals
Disaster Recovery, Contingency and Business
Continuity
The framework should set out the organization’s approach to:
▪ Reporting information losses
▪ Reporting information security breaches
▪ Incident management and escalation
▪ Back up and disaster recovery
▪ Business continuity management
Auditing, Measurement and Review
Information Governance is a continuous improvement process so it must be underpinned by a
continuous monitoring procedure. The framework can set out the organization’s approach to:
▪ Monitoring information access and use
▪ Monitoring effectiveness of regulatory compliance
▪ Monitoring the effectiveness of information security policy and procedure
▪ Monitoring of ICT and storage infrastructure performance
▪ Risk assessment and auditing
▪ Information Governance review
Like many things in Information Governance, there is a balance to be achieved with the Information
Governance framework. The more comprehensive the document, the better. However, it shouldn’t
become so large and unwieldy that it ends up gathering dust on the shelf.
Information about the CITY GENERAL HOSPITAL
The importance of Information Governance is being realized across all industries. While
there are some common aspects of Information Governance that are common to all industries, still
information governance cannot be applied in a “cookie-cutter” fashion. That is, there are certain
characteristics or aspects of Information Governance that are unique to a given industry or
discipline. And even within the same industry, a good information governance program must be
tailored to fit the unique needs of each organization.
The health care industry is no different. It is undergoing comprehensive transformational
change. Consequently, health care professionals are faced with new regulations and requirements
that make effective information governance essential. Quick access to complete, comprehensive
and accurate information is essential to the goal of healthcare services, for today and tomorrow.
Healthcare providers are faced with the reality that information is a critical asset that must be
managed in a way that optimizes safe, cost-effective and high quality care to the patient, while at
the same time meeting the provider’s administrative and financial needs, reducing risk, and
increasing availability for business needs such as analytics and for use on the health information
exchange. Of course, the health care provider must do all of this while at the same time insuring
that it is operating ethically, will be able to quickly and completely respond to e-discovery requests
and holds, and that it is operating within the confines of both federal and state laws in all regards.
Information Governance initiates in the health care industry have been studied for more
than a decade by a number of organizations and associations. A few of these organizations that
have become industry leaders in advancing Information Governance in the healthcare industry in
the United States over the past decade.
Assume you are not a doctor and that you do not have “medical training” per se. Rather,
you have a Masters’ Degree in Business Administration. In addition, you have a degree in
Information Management. By coincidence, upon receiving your MBA you applied for and
received a job in the records department at your local hospital. Over the years, you have advanced
through the ranks, and have worked in various departments including finance, records
management, billing, accounting, marketing, and IT. Your employer, “CITY GENERAL
HOSPITAL”, has no “formal” information governance program, although it has been dabbling
with the idea of company-wide information governance.
You have just been named Chief Financial Officer at your organization. You have agreed
to chair the information governance committee that will be responsible for designing and
implementing a “formal” information governance program for the organization.
You have put together an Information Governance Committee (or “TEAM”) consists of
representatives from health information management, (HIM), human resources, staff from the
business office, accounting, risk management, legal, finance, IT, quality and compliance areas, as
well as representatives from clinical areas including nursing staff as well as physicians, radiology
and other diagnostic testing.
Your team has had only one organizational meeting. At that initial meeting, the team was
asked to do two things. One was to identify what each team member perceives as worthy goals of
the information governance program, and secondly, to identify areas that are in immediate need of
improvement, from their own background and perspective. They team returned the following:
The goal of the information governance program should include but not be limited to the
following:
1. Developing processes to ensure better coordination of care throughout the entire
organization;2. Maintain a competitive advantage in the geographical regions served; 3. Ensuring that the organization is analytics-driven; 4. Improved performance and outcomes;
5. Becoming nimble enough to respond quickly and accurately to information requests
related to patient care and diagnosis, legal holds, e-discovery and litigation, and for
accountability and auditing;
6. Develop a viable retention and destruction schedule for active and inactive patient
information;
7. Improve security and protect sensitive data while at the same time allowing necessary
access to eliminate impediments for staff that make it difficult to accomplish their job
duties; and,
8. Increase the accuracy of information related to outcomes, and financial leadership to
ensure the organization will meet or exceed its financial goals.
At its initial meeting, your newly formed Information Governance Committee, after some
brainstorming and collaboration produced the following list, which is by no means complete, but
which was identified by your team members as “high” on their list of problems facing the
organization which the team members believed could be resolved and/or minimized through
effective information governance:
1. A number of serious errors that adversely affect patient safely resulted from inadequate
user training on how to use the system, as well as laziness of staff in documenting and
charting;
2. Inability to capture information necessary for required reporting from the electronic
health records (HER);
3. Inaccurate and incomplete release of information for litigation and business purposes that
had resulted from poor systems integration and improper data retention policies;
4. Issues associated with a high rate of patient matching errors in master patient database;
5. Need for updating access controls that ensured appropriate security levels for those caring
for patients and those having access to patient records for purposes of billing, diagnostics
and reporting, and;
6. Need for better security of protected health information in order to comply with stricter
regulatory requirements.
0 comments