Five steps to creating effective data governance


Matt Turner of Alation offers advice to hospitals, health trusts, and care homes on how to get the most out of data without having to spend huge amounts of money on expensive digitalisation projects

Healthcare organisations hold a considerable amount of useful data, which needs to be carefully managed and utilised

Healthcare organisations hold a considerable amount of useful data, which needs to be carefully managed and utilised

Data is changing healthcare.

From improving patient outcomes, to streamlining operations and inventory efficiency; data and analytics present a major opportunity to tackle modern challenges in a post-pandemic world.

Indeed, many healthcare providers, from NHS and private hospitals to large medical research organisations, are embracing digital transformation and using data to enhance operations, using lessons learned from the pandemic.

However, as healthcare providers and organisations continue to look to data-driven digital solutions such as apps, virtual warehouses, automated stock replenishment, and the application of AI and machine learning, their need for effective data governance practices will also grow to keep private data secure.

From engaging in research, to providing emergency care; healthcare organisations must ensure they can efficiently and effectively use data.

Here, Matt Turner of Alation (pictured), shares his five steps for creating effective data governance in healthcare.

1. Determine goals and objectives

Whether it’s a pharmaceutical company looking to break through in its latest piece of research, or the NHS Digital Strategy looking to review the digitalisation of England’s hospitals; healthcare organisations have many different data use cases.

And, at the outset, a healthcare organisation enabling a data transformation must decide how data governance fits into its overall strategy and define objectives accordingly.

Defining objectives helps teams create a transparent data governance framework that supports key areas, such as improving patient outcomes, mitigating supply chain disruption, or creating a more-mature cyber security strategy.

2. Identify, categorise, and prioritise sensitive patient information

Patient data is arguably the highest-risk data that a healthcare organisation manages.

To stay compliant with data regulations and provide the best standard of patient care, identifying and categorising patient data should be a top data governance priority.

From clinical data to lab data, and even payment processing data, knowing where data lives and how it is classified will determine how it is governed and ensure it is properly protected according to GDPR regulations.

3. Assess and assign privileges and permissions

Privileges and permissions define who can access what data, and what they can do with it.

As a best practice, data access should be governed according to the principle of least privilege. This means limiting access to information as much as possible without getting in the way of someone’s ability to do their job.

The healthcare sector has a growing number of interoperability standards that dictate how information is stored and shared between devices and before you assign privileges it’s important to:

  • Define types of data that different areas need to access
  • Define who within a functional area needs to access the data
  • Outline how they can access the data, including details about devices, geographic locations, and time of day

For example, a phlebotomist needs to know the patient’s name and date of birth. However, they may not need access to the patient’s entire medical history.

Too much access increases the risk that data can be changed or stolen.

4. Remove low-quality, unused, or stale data

In healthcare especially, data integrity is incredibly important. Low-quality, unused, or ‘stale’ data can negatively impact research by skewing findings.

And, from a physician’s perspective, bad data can lead to care issues.

For example, outdated patient prescription information can impact a doctor’s diagnosis and treatment plan, so keeping data fresh helps to achieve both care and operational goals.

5. Assign key roles and train employees

Finally, it’s important to have the right people with the right training in charge of data governance.

To do this, you should create teams based on role, including practitioners, IT team members, and finance.

Accountability is also important.

Every functional area that manages sensitive information needs to ensure that the data managers, data owners, and data analysts understand their responsibilities.

Data owners are in charge of their data and they must know who has access and who should have access.

The healthcare sector is increasingly digitalising, while simultaneously creating and storing vast amounts of data.

Sign up for your free email newsletter

And, to get the best use out of that data, as well as to ensure compliance with data protection laws, it is crucial for healthcare organisations, be they private hospitals, or the wider NHS, to implement and maintain good data governance practices.