Close Server: KOPWWW05 | Not logged in

IG Matters

Business Side of Compliance

Achieving compliance is key to good business practice.

For the past several months, we've been covering the IG principles and suggesting strategies for achieving each. As I began to focus on compliance, I had an opportunity to meet with Carolyn Jones, RHIA, president of C. J. Enterprises, Inc. (CJE), based in Chattanooga, Tenn., about the business value of information governance.

According to Ms. Jones, CJE was originally formed in 1980 to provide health information management services to area healthcare providers. The company now offers a full range of information management and administrative services including consulting, technical assistance, and training for government agencies, healthcare providers, businesses and other organizations of all sizes. And for the past several years, a CJE manager has actively served on the ARMA International board of directors.

In a slight departure from our "how to" series, I asked Ms. Jones to share some insights from her perspective as a successful business leader and long-time member of both AHIMA and ARMA. Here is a brief summary of our conversation.

Bowen: Over the past several years, records management has been recognized as an integral part of information governance, which is key to good business practice. How has ARMA's principle of compliance helped to guide your business operations and customer relations?

Jones: Every work opportunity begins with a thorough assessment that allows our company to know the level of information governance maturity that the organization may or may not employ. The ARMA Generally Accepted Recordkeeping Principles® guide the development of all contracts and work to be completed throughout the project.

Bowen: As a business owner how do you link policy integration with process transparency?

Jones: In work production, it is critical to comply with the guidelines and regulations, especially in government-related contracts. The Principles provided by ARMA have helped guide the conversation with customers and provide the foundation for decision-making activities. In today's healthcare environment, process transparency is essential-providing information about operations and processes in an open, accessible and timely manner. That is a core element of information governance.

Bowen: How does your HIM experience inform your role?

Jones: Because of my HIM background, I am more astute and aware of the legal obligations for managing specific types of information. Knowledge of the ARMA Principles has played a vital role in contract development and reaching agreements regarding the product to be delivered. Also the role of auditing and process improvement is built into all aspects of the contract and delivery of service. 

Bowen: How do the ARMA Principles help ensure compliance with record retention and destruction processes?

Jones: The Principles have been especially valuable when working with organizations to make decisions regarding record destruction and associated disposition processes. Compliance with local, national and international laws requires extensive knowledge and guidance. Otherwise, organizations could face costly penalties for failure to comply.

Bowen: What would you say has been the most important outcome of your adherence to the Principles?

Jones: Over the years, CJE has consistently emphasized implementation of the Principles and improvement processes. In more than 34 years, we have never received a negative report from a client, a cure notice or a stop order. This speaks volumes for the quality of our work performance.

Making Compliance a Top Priority

As healthcare professionals work to implement effective information governance (IG) programs for their organizations, evaluating and enhancing compliance practices must be top priority. According to the ARMA Principles, an IG program should comply with applicable laws and other binding authorities, as well as the organization's policies. Organizations must:

  • Know what information must be entered into its records to demonstrate that its activities are being conducted in a lawful manner.
  • Enter that information into its records in the manner prescribed by law.
  • Maintain its records in the manner and for the time prescribed by law.

Compliance policies and procedures will vary depending on the type of healthcare organization. The key is to develop and implement a fully compliant IG program that ensures compliance with all applicable laws and regulatory requirements. Traditional privacy and security measures are not sufficient to address ever-increasing risks and threats. And technology alone will not protect against breach and compliance penalties. Organizations must embrace a collaborative, interdisciplinary approach to enterprise-wide information governance.

As we continue along the IG journey, I invite you to join us next time for an in-depth focus on the principles of availability, retention and disposition.

Rita Bowen is senior vice president of HIM and privacy officer at HealthPort. She can be reached at Carolyn Goolsby Jones is president nad CEO of C.J. Enterprises, Inc.  She can be reached at

IG Matters Archives


Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Title Field Facility
City State

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Enter the security code below: *

Fields marked with an * are required.

View New Jobs, Events and More


Back to Top

© 2017 ADVANCE Healthcare, an Elite CE company