The Importance of Good Governance

Say the word “governance” to most people, and you are likely to witness a yawn or an eye roll in response. To put it mildly, governance is not a sexy topic or one that most want to discuss over cocktails.

However, don’t understate the importance of enterprise governance of information and technology (EGIT) in the healthcare context. Unlike many other industry sectors, mistakes in technology governance and operations in healthcare can lead to serious injuries or even death. Applicable regulations also heavily drive the need for—and approaches to—healthcare information and technology governance.

Despite this, governance is often taken for granted and exists with little or not enough attention paid to it. This, in many cases, limits the value that a systematic approach to governance can have.

Understanding Governance

Governance, in many respects, serves as the umbrella set of responsibilities and practices to which an enterprise’s operations are obligated to or voluntarily adhere—either because of statutory or regulatory requirements or due to an enterprise culture, ethics and behaviors.

This set of “rules” is comprised of policies, procedures, protocols, security defenses, controls, level of risk appetite, etc., to ensure that stakeholders of the enterprise are receiving value.

Governance starts at the board level, cascades to the individual IT contributor and demands recognition as a concept by all. This recognition matters to these constituencies because they either set or must comply with governance policies.

• IT management directs the deployment of IT systems, often focusing on the purpose the system will solve.
• IT governance focuses on a higher plain, specifically on creating value for the stakeholders, e.g., patients, consumers and healthcare corporate entities.

The various stakeholders may have competing goals and values, which complicates these processes.

For example, the patient-stakeholder wants to ensure their data is kept private while simultaneously receiving the best possible treatment at the most cost-effective price. For-profit pharmaceutical company-stakeholders are interested in patient safety, but also maximizing value for their shareholders in terms of increased revenue. Good governance will balance the needs of all stakeholders to ensure the creation of value for all.

Good Governance at the Enterprise Level

What does good governance of enterprise information and technology accomplish in the healthcare sector?

• Provides the necessary responsibilities and practices to ensure benefits realization, optimize resources and optimize risks while ensuring an organization is compliant with local laws and regulations and providing value to stakeholders.
• Requires a higher level of documented control and accountability than is needed in many other industries.
• Facilitates a high level of trust by patients and consumers of healthcare products.

EGIT at your doctor’s office or hospital affects patients and consumers, and those patients should not be complacent about asking questions about the security and privacy protections in place protecting their data. In some cases, patient-initiated questions about security protocols in place can lead to improved measures on the part of the healthcare provider.

Effective information and technology governance can seem dauntingly complex given the regulatory context of the healthcare industry and competing stakeholder goals. Most governance requirements, however, originate with logical and straightforward principles:

• Patient safety is always the top governance priority
• Any technology of significance must prove it is fit for the purpose
• Always sustain appropriate confidentiality, integrity and availability; records management must follow privacy and healthcare requirements
• Documented processes and records must include evidence that required quality levels are delivered consistently

The views and opinions expressed in this blog or by commenters are those of the author and do not necessarily reflect the official policy or position of HIMSS or its affiliates.

Originally posted August 31, 2017; updated March 12, 2019