CHIA Series: Information Governance At-a-Glance


This CHIA series describes the “scalable framework” AHIMA has developed, called the Information Governance Adoption Model (IGAM) as described in AHIMA’s Information Governance Toolkit 2.0. This model consists of ten organizational competencies which assist HIM professionals in focusing in on all areas of Information Governance (IG) within an organization to implement an IG program.

AHIMA’s Information Governance Toolkit provides guidance that will assist in strengthening the healthcare organization’s performance related to managing information and data that is necessary for achieving strategic goals. The toolkit, available in the AHIMA webstore, is free to AHIMA members.

Competency: IG Structure
To effectively align information use with organization strategic priorities requires a structure. The structure doesn’t need to be complicated; it simply needs to be clear, functional and coordinated. A clearly defined structure will ensure that the right people contributing to the right organizational model will lead and develop an IG program. This will include key stakeholders from the following four areas: Executive (oversight from the top); Strategic (senior leaders); Tactical (functional leaders/subject matter experts); and Operational (functional area super users). A structure might include engaging an executive sponsor, forming an IG Committee (or expanding an existing committee to include IG oversight), and ensuring the right people are involved. It will be important to clearly define the roles of each part, and accountability for the program. “The challenge is to harmonize and align the work that is already underway in a practicable, sustainable structure that serves the organization today and tomorrow” (AHIMA, 2016).

Competency: Strategic Alignment
It is important to evaluate whether or not the organization’s strategy supports an information-driven, decision-making culture where information is used real time, appropriately and strategically. The first step is to assure that the enterprise manages information as an asset. All information throughout the organization, whether clinical, financial, and operational, must be valued and aligned with the business strategies of the organization. Starting an IG initiative in your organization might simply begin with a project on patient identity management. recognizing the importance that a single identifier directly impacts patient safety. Do you have a program in place to monitor duplicate numbers? What is your error rate? Is this creating issues with health information exchange? Ensuring that patient identity is monitored is a demonstration that patient safely is valued within your organization. Gathering key stakeholders to implement a project could be the start of a IG program within your organization.

Competency: Privacy and Security
One of the health care organization’s greatest assets is its information; clinical, financial, and operational. Together it supports strategic initiatives, improves patient safety and outcomes, and provides the building blocks to ensure the organization is positioned for long-term success. Privacy and Security includes all the policies, procedures, processes and safeguards that are established within the organization to ensure its information is kept confidential, is available when needed, and is not changed. Ensuring the organization has completed a complete and thorough risk assessment to evaluate those areas of risk, threat, and vulnerability is the first step in establishing this process. Once completed, ongoing evaluation must be ensured. Protecting and securing all the organization’s information assets from breach, corruption, or loss is a key component to an information governance program.

Competency: Legal & Regulatory
The hospital’s legal counsel is responding to a suspected breach of protected health information. Imagine an attorney in charge of the health care organization’s legal affairs approaching the HIM manager requesting a report summarizing the number and types of individuals who accessed several patients’ electronic health record five years ago for a period of six months. Is this something that could be provided? Is the information easily accessible, timely, and accurate? This is one simple example of how an information governance program would benefit the healthcare organization. IG can contribute to how well an organization can respond to regulatory audits, mandatory reporting, survey questionnaires, and government agency requests ensuring compliance.

Competency: Data Governance
Questions often arise regarding the differences between data governance and information governance. Data governance is the management of the healthcare organization’s data assets which might include clinical, operational and financial data and expands the spectrum from standardized data dictionary to the metadata associated with the information to the exchange of information across organizations. According to AHIMA’s IG Toolkit, “data governance is the sub-domain of IG that provides for the design and execution of data needs planning and data quality assurance in concert with the strategic information needs of the organization. It included data modeling, data mapping, data quality controls, data quality management, data architecture, and data dictionaries.” Data governance involves a structured approach to managing all of these assets and is a key component to the organization’s IG program.

Competency: IT Governance
The increasing complexity, volume, and business risk associated with enterprise data requires a coordinated portfolio of enabling technologies. Changing information and analytics landscape requires a new approach to the storage and accessibility of data, new roles and IG technology such as data governance management, business glossaries, data catalogs, data profiling, master data management, governance scorecards and others. Organizations in health care must have certainty that IT serves as a vehicle to achieve organizational strategy, goals, and objectives. IT governance establishes a construct for aligning IT strategy with the strategy of the business and a means of fostering success in achieving those strategies.

Competency: Analytics
Data can bring about motivation as well as ensure continuous performance improvement. First, define the goal to be accomplished and communicate the desired result so it is easily understood. Next, determine how to collect the data by including subject matter expert opinions. Accurately measure the analytic tool by confirming results with those who carry out the work. These details will help the organization understand the efforts and resources needed to move progress forward. Finally, remember to regularly share the business intelligence data to open up communication lines and drive decision-making.

Competency: IG Performance
Measuring the performance and impact of an effective IG program requires a methodology to periodically assess and manage the IG program initiatives. The methodology should consider alignment with organization strategy to ensure effectiveness and be monitored on an ongoing basis. Performance indicators include addressing the organization’s business, regulatory reporting, reliability of information, and build appropriate measures for each areas of IG competency.

Competency: Enterprise Information Management
A sub-domain of Information Governance, Enterprise Information Management (EIM) includes the polices and processes for managing all information (including taxonomies and metadata/ master data management) throughout each phase of the life cycle. In her book, Implementing Health Information Governance, Linda Kloss, MA, RHIA, FAHIMA, describes the building blocks for enterprise information management. “EIM are the managerial functions focused on life-cycle management of information assets across the enterprise. An organization won’t be successful with information governance without a correspondingly strong EIM capacity. The converse is also true: EIM is unlikely to fully succeed without effective governance” (Kloss, 2015). It is important to ensure that an inventory of all of the organization’s information assets has been completed to build the framework necessary to develop the policies and procedures implementing and enforcing the governance structure of enterprise information management.

Competency: Awareness and Adherence
Developing awareness can shape and change perspective. Awareness provides the foundation of a topic in need of attention. Use business intelligence data to shine light on a particular issue. If the awareness for the topic is low, exercise the analytic tools to develop further understanding. The stronger the awareness is, the more receptive the organization will be to act. Success will depend upon a set of key factors: a realistic assessment of knowledge and understanding, clear and effective communication, and the nurturance of trust in the IG relationships.

Authored by:
Sharon Lewis, MBA, RHIA, CHPS, CPHQ, FAHIMA; CHIA CEO/Executive Director, CHIA;

April Morris, RHIT, CHDA; Director, Decision Support, Kaiser Permanente Health Plan; Member, CHIA Information Governance Committee; and

Esther Tolentino, BA, RHIT, CHTS-IS, CHTS-PW; HIM Director – Information Technology and Education, Cerner, RevWorks LLC; Member, CHIA Information Governance Committee


  • AHIMA. (2016). Information Governance Toolkit 2.0.
  • Kloss, Linda (2015). Implementing Health Information Governance Lessons Learned from the Field, American Health Information Management Association, pg. 45.