Close Server: KOPWWW05 | Not logged in

IG Matters

Healthcare Mergers and Acquisitions

Information governance (IG) supports a smooth and secure transition

2015 was a landmark year for information governance (IG). Healthcare organizations began to realize the value of IG as a competency required for data integrity. Associations and publications, like AHIMA and Executive Insight, launched strategic initiatives to build awareness and provide education for healthcare leaders. This column, IG Matters, continues these efforts.

Last year the focus was primarily on understanding the IG principles as originally drafted by ARMA International and applying them to healthcare. The need to build trust in healthcare information was emphasized as the foundation for quality of care, positive outcomes, patient engagement and reduced costs.

In 2016, we'll target specific industry topics and challenges that support the case for IG as a strategic asset to address healthcare leaders' need for actionable, reliable information.

IG supports fast-paced industry consolidation

One of the most pressing challenges today is the growing number of healthcare mergers and acquisitions. Ensuring the safety and security of patient health information (PHI) during these times of transition is paramount. 

Though implementing IG within a single organization is challenging enough, the complexities involved in healthcare mergers and acquisitions present a more daunting scenario. Suddenly you have a blended family-entities with disparate data, systems, standards, policies and procedures-faced with functioning efficiently as a whole.

Understanding and implementing enterprise-wide IG practices can help break down the silos-reduce variability, advance interoperability and promote data integrity across newly formed healthcare organizations.

SEE ALSO: Transparency and Integrity

Finding a starting point-privacy, security, compliance

With rapidly evolving security risks, it's a challenge for organizations to move beyond privacy and security-foundational components of core IG principles. The threat of breach is top of mind in the healthcare industry with over 100 million individuals affected-representing about one-third of the population of the U.S.

Breaking down silos of information is the first hurdle to tightening privacy, security and compliance. However, information silos in healthcare are often fraught with more questions than answers. What data do we have? Where is it located? Where is it flowing? How do we centralize, standardize and protect information?

An integrated approach to IG is needed to ensure quality, integrity, accountability, transparency and meaningful use of trusted information. Collaborative leadership among C-suite, HIM, compliance, IT and all other stakeholders must be a top priority.

Building best practices through collaboration

In a recent case study of a merger between two healthcare organizations, the IG journey initially focused on privacy, security and compliance-as a platform for rolling out a comprehensive IG program. The combined C-suite assembled a multidisciplinary team to assess various policies, procedures and systems-aimed at all departments working together, following the same processes, and implementing the same policies.

For example, the HIPAA Sanction Policy is intended to safeguard the confidentiality, integrity and availability of PHI. The policy imposes appropriate disciplinary actions for any breaches of privacy and PHI security, or violations of the new organization's privacy and PHI security policies. As the team progressed with the development of this policy, involving other departments beyond Privacy and Compliance was essential:

-          Human Resources is responsible for implementing a corrective action process for unauthorized disclosures.

-          Training and education must ensure the policy is distributed enterprise-wide and that all staff members complete the appropriate courses within a designated time frame.

-          Business associates and affiliated partners must understand the purpose and objective of the HIPAA sanctions and clearly communicate this information to their staff. 

After the policy was successfully implemented, the team made sure that all facets-corrective action, training and future education-were properly managed to benefit the entire organization. Then the final piece-applying IG practices to manage the data derived from this process.

Six strategies to advance IG during merger or acquisition

As mergers evolve, the key to success is maintaining a multidisciplinary IG team, with executive support to guide collaborative efforts. Here are six strategies to advance an IG program and ensure a smooth transition during a merger or acquisition:

-          Establish a multidisciplinary team with executive leadership support. Executive sponsorship of enterprise-wide IG is essential to building best practices across disciplines. Include all stakeholders, ensuring all disciplines are represented. Lay out the challenges up front.

-          Assess policies, procedures and systems. Inventory all information management practices and systems for capturing, processing, delivering and storing data. Determine which are compatible, what's working and what's not.

-          Conduct enterprise-wide training and education. Engage HIM, clinical, financial and operational staff to train all employees on the importance of IG, information management policies and procedures and compliance rules and regulations.

-          Map your data. Data integrity depends on data mapping. HIM, IT and other departments should work together to determine what data elements are being mapped. How will you consolidate data from different systems and make sure it's accurate, complete and accessible?

-          Acquire advanced technology. Invest in tools to support accurate, complete, useful information that can be easily converted into actionable data. Know that technology solutions alone are not enough to address governance and security issues. The right combination of people, processes and technology is essential.

-          Monitor data security continually. Have a transition plan in place to avoid increased security threats, and establish measures for addressing security issues if they occur.

Advancing IG in 2016

As 2016 unfolds, IG will be mobilized through valuable resources-assessment tools, case examples, lessons learned, insights, success factors and best practices to guide your IG journey. We invite you to share your progress and suggest topics of interest. IG has become a business imperative for the healthcare industry-one that is well worth the investment.

Elizabeth A. Delahoussaye, RHIA, CHPS is the Privacy Officer/Senior VP of Compliance for CIOX Health where she is responsible for the oversight of the organization's compliance, training, and education. She is an active member of AHIMA at the National Level. In 2013 she received the THIMA Distinguished Member Award for her many years of volunteering on both the state and national level.

You Might Also Like...


Achieving the eight information governance principles.

Protecting Patient Portal Information

Building best practices for securing electronic heath records accessed online by consumers.

New HIM Roles in Information Governance

HIM professionals are leading the transformation in healthcare information monitoring.

A New Perspective on Privacy and Security

Healthcare must move beyond compliance to a greater model of IG.

IG Matters Archives


Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Title Field Facility
City State

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Enter the security code below: *

Fields marked with an * are required.

View New Jobs, Events and More


Back to Top

© 2017 ADVANCE Healthcare, an Elite CE company