What is information governance and how does it benefit an organisation?
The benefits of information governance are far reaching, providing tangible operational improvements which, in turn, help those receiving the service. But while most organisations understand the importance of good information governance, it is less widely understood how it can be achieved effectively, not to mention the aforementioned benefits.
The Age of information is upon us, and the amount of data being created, used and shared, is sharply increasing, meaning good information governance is crucial. At Verita, we have extensive experience of carrying out governance reviews and developing solutions to governance problems so contact us today if you need assistance in this area.
Information governance concerns the policies and procedures regarding the creation, storage, use and removal of data which an organisation requires to use information effectively. Policies will cover areas such as:
- What is the acceptable use of data by employees?
- How long should the data be kept for?
- Who can access the data and when?
- Who is responsible for creating and maintaining the information governance policies?
Clearly these are critical processes for organisations to have in place but there are numerous benefits of information governance which go further than simply achieving regulatory compliance. Benefits include service improvements due to information being easily accessible by providers as and when they need it, as well as the insights gained through data analysis.
While there is a lot written, and a lot of training is delivered on information governance, it often comes down to common sense. I always say to people – just imagine that the piece of paper in your hand has your own personal details on it – your date of birth, weight, some operation you had as a child etc. What would you do with it? Would you leave it lying around on your desk? Would you put it in the bin with general day-to-day rubbish? No, of course, you wouldn’t. Treat other people’s personal information as you would want them to treat yours.
The Information Commissioner, who oversees these things, gives details of the enforcement action it takes. It is interesting how frequently the issues are just day-to-day mistakes – documents left in a pub, emails to which someone has hit ‘reply all’, and so on. Issues such as these can lead to reputational damage, penalties and litigation costs which organisations clearly want to avoid.
The top benefits of information governance
So, organisations often find themselves scrutinising their information governance policies as part of a drive for regulatory compliance. But the benefits of information governance allow organisations to bring about improvements to those using and providing a service.
Here are the top benefits of information governance:
- Data can be analysed to provide valuable insights
- Improved compliance reduces risk
- Better decision making as information is available to the right people at the right time
- Better customer service
- Increased productivity as information is accessed easily
- Reduced costs due to less storage and administration of data which has no value
- Reduced cost of penalties and litigation
In a healthcare setting, effective information governance ensures the relevant data is available at the right time, which improves patient safety.
Information governance challenges
Obviously, there are complexities which someone in an organisation needs to know about, but an organisation will only have a truly effective approach to information governance when everyone in the organisation understands that information governance isn’t something clever or obscure, but just common sense. It is about taking care of something in a way that you would hope that they would take care of yours.
Timing and time limits are often a complicating issue with records. A common problem is holding on to information for too long. People tend to have records that have sat around for years. The issues about what to get rid of aren’t necessarily complicated, but it does take time and resources to properly record data when you receive it and to make sure that it is destroyed when you have finished with it.
We recently dealt with a different sort of case. Documents were being deleted too quickly. The case related to rules about the retention of medical records. The problem would have been avoided if people had worked together with their colleagues – the knowledge of what to do was available within the organisation. People just didn’t talk to each other.
The worst information governance case I have seen recently was in a fertility clinic and related to forms establishing the paternity of a child. The forms were generally handled with some care – pretty much in the same way as other medical records. If lost, however, they could ultimately lead to someone losing access to their child.
It struck me how much care we (rightly) take over house deeds. Most of us never even see them – we leave it to professionals (our solicitors and banks) to handle them. Yet documents relating to paternity were handed out for the parents to take home and, ultimately, lose. There is a question of proportionality here. It is worth making sure that what you do with data is proportionate to the risk involved. If the accidental release of the data is life changing, or the implications of losing something are as big as they are in a paternity case, it is worth taking really good care!
One other thing to think about. Most people think of information governance as being all about rules. The approach is to adopt a set of rules and then spend as much time as possible telling people about them. But I think that a much more iterative approach is better – if people are struggling to follow a rule, maybe it isn’t a very good rule.
Take this example. People in an organisation were told to use secure bins to dispose of data. But they were uncomfortable putting pieces of paper with very sensitive information (including mental health records) on them into a box that just sat in the office for a couple of weeks. What if someone broke into the box? So they got their own shredder and shredded the most personal stuff instead. The problem was that it wasn’t a very high specification shredder so shredding things weren’t completely destroying them. If documents had gone into the box they would have been destroyed using a professional shredding machine.
People kept on being told the correct policy, pretended they were listening, and then went back to doing what they thought was best. The trouble is that they were being asked to do something that they saw as counterintuitive. There was a very simple solution. If people had been encouraged to shred things using their own shredder and THEN put it in the secure box, everyone would have been happy. Instead, there was a dialogue of the deaf.
So, I have three top tips for good information governance coming out of these cases:
- Talk to colleagues – who knows, someone might know more than you do
- Be proportionate – pay more attention when the stakes are higher
- When you are designing policies, go with the flow
If your organisation requires any help with governance issues, or would like to know more about the benefits of information governance, you can contact me at [email protected] or on (+44) 0207 494 5674.