Skip to content Skip to navigation

Data Governance as a Field of Study

April 4, 2016
| Reprints
Researching privacy, security and patient engagement issues in the learning health system

Some interviews and conference sessions just stick with you. I remember three years ago at a breakfast meeting at the HIMSS conference in New Orleans, the Healthcare Informatics editorial board suggested we write more about data governance issues. Then a few hours later I attended a great session on data governance. Gregory Veltri, who was then CIO for the Denver Health and Hospital Authority, Colorado's largest safety-net healthcare system, talked about his experience helping the organization build a data warehouse.

According to Veltri, the most important thing to remember is that technology alone will not resolve data governance and quality issues. “This requires a cultural shift in how data is perceived and managed,” he said. In a separate session, Paula Edwards, a partner with consulting firm HIMformatics, noted that if data governance efforts are led and pushed by IT, they fail.  “If data governance is viewed as an IT project, it is not going to be a long-term program. It has got to be driven by the business and clinical side.”

I was reminded of that session this week by the publication of a new special issue of eGEMs (the GEM stands for Generating Evidence and Methods to improve patient outcomes), published by the EDM Forum. The collection of papers focuses on data governance issues including privacy, security and patient engagement. In his introductory essay, guest editor John Holmes, Ph.D., professor of medical informatics in epidemiology at the Perelman School of Medicine at the University of Pennsylvania, suggests that data governance needs to become an area of study, a discipline unto itself.

The future of data governance, he wrote, “requires the development of a scientific field, one that extends well beyond operational and administrative concerns, but one that constantly develops new knowledge about data governance through research in its own field.” The development of such a discipline, he added, would be evident in the growth of both training programs and a literature that are dedicated to the science of governance. “This would in no way discount the importance of the operational side of data governance; rather, the science would inform and strengthen the practice of data governance.”

Governance is complicated enough within one health system, but the eight papers in the eGEMs collection also raise several important questions about governance as more health research involves big data and large distributed research networks.

One paper, by Stephanie R. Morain of Center for Medical Ethics & Health Policy at the Baylor College of Medicine, and Nancy E. Kass of the Berman Institute of Bioethics at Johns Hopkins University, focused on the ethical issues faced by institutions in the transition to a learning healthcare system. In interviews with leaders of 25 healthcare institutions, they identified several key ethical challenges, including determining which activities required institutional review board (IRB) review, and the impact of IRB review requirements on their ability to learn; transparency to patients about learning activities; and the potential tensions between improving quality and reducing costs. Other topics raised include ethics of data sharing and data management, the lag time between discovery and implementation, transparency to patients about quality, and the ethics of randomization for care and quality improvement (QI) initiatives.

Respondents from 16 institutions referenced challenges in determining which of their learning activities should go to an IRB and which should instead be considered part of healthcare operations, including QI initiatives. Several respondents described using a variety of strategies to navigate this challenge, including streamlined review mechanisms or alternatives to IRB review for ethical oversight of learning activities, the researchers reported.

Other interviewees described challenges in determining whether and how to disclose information to patients about ongoing learning activities within their health systems. As one put it: “Some of the biggest challenges that we’re facing…have to do with actually figuring out a way to disclose to patients in better ways than we do now that they are part of a learning health system…what we would like to do is be in a position so that patients and families understand that data are used for learning as part of QI… Right now it’s just embedded in HIPAA forms that nobody reads.”

Another paper addressed the use of patient-generated data. In “The Future of Patient Engagement in the Governance of Shared Data,” Carolyn Petersen of Mayo Clinic notes that as the use of new technologies such as wearables and smartphone apps becomes routine, “clinical practices and researchers will find secondary uses for such data and will need processes for managing it. At the same time, use of PHI in such data-driven efforts raises multiple challenges, including privacy-related concerns, issues associated with obtaining informed consent for current and future data uses, difficulties related to patient participation in precision medicine-focused initiatives, and matters of equity in who receives care and how data are used with regard to varying ethnic and socioeconomic groups.”