An investigation of the status and maturity of hospitals’ health information governance in Victoria,Australia

Abstract

Background:

Health information governance (IG) in Australian hospitals was hitherto unexplored.

Objectives:

To determine hospitals’ health IG status and maturity in Victoria, Australia, identify drivers and barriers affecting IG adoption, examine electronic health data breach response plan usage and assess employees’ electronic data breach awareness.

Method:

Mixed-methods descriptive study utilising an online survey of directors – clinical/health information services and chief health information managers (HIMs) in Victorian hospitals, ≥50 beds.

Results:

Response rate: 42.9% (n = 36). Fifty percent (n = 17) of respondent-hospitals had an IG program. IG equally supported decision-making and risk identification and prevention. The greatest potential organisational damages from system disruption or failure were information loss (66.7%) and clinical risks (63.9%). HIMs in 15 (55.6%) hospitals had knowledge to monitor and detect electronic data breaches. Staff in 19 (70.4%) hospitals knew who to inform about a suspected breach. Most hospitals had mature health information-related IG practices, most (88.9%, n = 24) provided IG-related education, 77.8% (n = 21) regularly reviewed data breach response plans. The strongest IG drivers were privacy-security compliance and changes to data capture or documentation practices (82.8%, n = 24); the greatest barriers were implementation complexity (57.1%, n = 16) and cost (55.6%, n = 15).

Conclusion:

These baseline Australian data show 50% of respondent-hospitals had no formal health IG program. Privacy-security compliance, and audits, needed improvement; however, most hospitals had well-developed medical record/health information IG-relevant schedules, policies and practices. HIMs, the professionals most engaged in IG, required upskilling in electronic data breach detection.

Keywords

health information management computer security health information manager health information governance electronic health records electronic medical record medical record patient data privacy cybersecurity health information security

Get full access to this article

View all access options for this article.

References

American Health Information Management Association (AHIMA) (2014) Information Governance Principles for Healthcare (IGPHC). Chicago: AHIMA. Available at: www.ahima.org/∼/media/AHIMA/Files/HIM-Trends/IG_Principles.ashx (accessed 2 May 2020).

American Health Information Management Association (AHIMA) (2018) Practice Brief: Information Governance Offers a Strategic Approach for Healthcare. Chicago: AHIMA. Available at: http://bok.ahima.org/doc?oid=302617#.XrJ4UkBuIy8 (accessed 4 May 2020).

Appari

Johnson

(2010) Information security and privacy in healthcare: current state of research. International Journal of Internet and Enterprise Management 6(4): 279–314.

Australian Commission on Safety and Quality in Health Care (ACSQHC) (2010) Australian Safety and Quality Framework for Health Care. Sydney, Australia: ACSQHC. Available at: https://www.safetyandquality.gov.au/sites/default/files/migrated/Australian-SandQ-Framework1.pdf (accessed 4 May 2020).

Australian Commission on Safety & Quality in Health Care (ACSQHC) (2018) Impact of Digital Health on the Safety and Quality of Health Care. Sydney, New South Wales: ACSQHC.

Australian Digital Health Agency (ADHA) (2017) Australia’s National Digital Health Strategy. Safe, Seamless and Secure: Evolving Health and Care to Meet the Needs of Modern Australia. Canberra, Australian Capital Territory: ADHA.

Australian Signals Directorate, Australian Cyber Security Centre (ACSC) (2019) Australian Government Information Security Manual. Canberra, Australian Capital Territory: Australian Government, ACSC.

Australian Institute of Health and Welfare (AIHW) (2018) MyHospitals Contact Details. Canberra, Australian Capital Territory: AIHW. Available at: https://www.myhospitals.gov.au/about-the-data/download-data (accessed 2 May 2020).

Blanke

McGrady

(2016) When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: a cybersecurity risk assessment checklist. Journal of Healthcare Risk Management 36(1): 14–24.

10.

Butler

(2018) IG pulse check: new AHIMA study measures IG adoption rates. Journal of the American Health Information Management Association 89(2): 17–21.

11.

Cisco (2019) What Is Cybersecurity? San Jose: Cisco. Available at: https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html (accessed 2 May 2020).

12.

Coventry

Branley

(2018) Cybersecurity in healthcare: a narrative review of trends, threats and ways forward. Maturitas 113: 48–52.

13.

Coffey

Postal

Houston

, et al. (2016) Lessons learned from an electronic health record downtime. Perspectives in Health Information Management 13(Summer): 1–7.

14.

Cohasset Associates and American Health Information Management Association (AHIMA) (2014) 2014 Information Governance in Healthcare. Benchmarking White Paper: A Call to Adopt Information Governance Practices. Minneapolis: Cohasset Associates; Chicago and Washington, DC: AHIMA.

15.

Cohen

Hoffman

Adashi

(2017) Your money or your patient’s life? Ransomware and electronic health records. Annals of Internal Medicine 167(8): 587–588.

16.

Commonwealth Scientific and Industrial Research Organisation (CSIRO) (2018) Future of Health: Shifting Australia’s Focus from Illness Treatment to Health and Wellbeing Management. Canberra, Australian Capital Territory: CSIRO. Available at: https://www.csiro.au/en/Showcase/futureofhealth (accessed 2 May 2020).

17.

Downing

(2017) AHIMA Information Governance and the Information Governance Adoption Model (IAGM™) (Presentation). Chicago: IG Advisors and AHIMA. Available at: http://www.himconnect.ca/Documents/The%20Information%20Governance%20Adoption%20-%20AHIMA.pdf (accessed 4 May 2020).

18.

Gartner Inc. (2019) Gartner IT glossary. Stamford: Gartner Inc. Available at: http://www.gartner.com/it-glossary/information-governance (accessed 2 May 2020).

19.

Green

(2017) A road map for information governance implementation in healthcare. HIM-Interchange 71(1): 32–34.

20.

Health Information Management Association of Australia (HIMAA) (2017) Health Information Manager (HIM) Competency Standards, Version 3. North Ryde, Australia: HIMAA.

21.

International Federation of Health Information Management Associations (IFHIMA) (2017) Advancing Health Information Governance: A Global Imperative. Chicago: IFHIMA. Available at: https://ifhima.org/advancing-health-information-governance-a-global-imperative/ (accessed 2 May 2020).

22.

Kadlec

Warner

Washington

(2014) Information governance offers a strategic approach for healthcare. Journal of the American Health Information Management Association 85(10): 70–75.

23.

Kersten

(2013) Moving the needle toward a data-driven health care system: optimizing the EHR through information governance. Journal of Health Care Compliance 15(3): 45–46,62.

24.

Kruse

Frederick

Jacobson

, et al. (2017) Cybersecurity in healthcare: a systematic review of modern threats and trends. Technology and Health Care 25(1): 1–10.

25.

Lee

(2008) The preparedness of health information services for system failures due to internal disasters. Unpublished manuscript, BHthInfoManagement Honours Thesis, La Trobe University, Victoria, Australia.

26.

National Institute of Standards and Technology (NIST) (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. Gaithersburg: NIST, US Department of Commerce. Available at: https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11 (accessed 2 May 2020).

27.

Office of the Australian Information Commissioner (OIAC) (2019a) Data Breach Preparation and Response: A Guide to Managing Data Breaches in Accordance with the Privacy Act 1988 (Cth). Sydney, Australia: OIAC. Available at: https://www.oaic.gov.au/privacy/guidance-and-advice/data-breachpreparation-and-response/ (accessed 2 May 2020).

28.

Office of the Australian Information Commissioner (OIAC) (2019b) Notifiable Data Breaches Scheme 12-Month Insights Report. Sydney, Australia: OIAC. Available at: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-statistics/notifiable-databreaches-scheme-12month-insights-report/ (accessed 2 May 2020).

29.

Perry

(2013) Governance in health information management. HIM-Interchange 3(3): 1–5.

30.

Public Record Office Victoria (PROV) (2018) Information Management Maturity Measurement Tool. IM3 Questionnaire V1.6. Melbourne, Australia: PROV. Available at: https://prov.vic.gov.au/recordkeeping-government/learning-resources-tools/information-management-maturity-measurement-tool-im3 (accessed 2 August 2018).

31.

Sher

M-L

Talley

Cheng

T-J

, et al. (2017) How can hospitals better protect the privacy of electronic medical records? Perspectives from staff members of health information management departments. Health Information Management Journal 46(2): 87–95.

32.

Stanyon

(2005) Information technology in health care: addressing promises and pitfalls. American Society for Health Care Risk Management Journal 25(4): 25–31.

33.

Spence

Bhardwaj

Paul

Coustasse

(2018) Ransomware in healthcare facilities: a harbinger of the future? Perspectives in Health Information Management 15(Summer): 1–22.

34.

Victorian Auditor-General’s Office (VAGO) (2019) Security of Patients’ Hospital Data. Independent assurance report to Parliament, 2018-19: 23. Melbourne, Australia: Victorian Government Printer.

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.14 MB