The Importance Of Healthcare Data Governance

October 5, 2022

Improving patient outcomes has been top of mind for some time now in the medical field. Even before the Covid-19 pandemic, insurance providers and healthcare facilities were rushing to keep up with the constantly changing needs of an aging population.


Good Data Saves Lives

It’s pretty obvious the healthcare landscape is transforming, and it’s all down to data. Healthcare data governance represents a fantastic opportunity for growth, if harnessed correctly. Most of the major healthcare providers are bracing for digital transformation and some of the smaller providers are already coming around to the idea that good data saves lives.

The role of data is most important in the sphere of value-based care. Value-based care is a model of healthcare that values patient outcomes over the quantity of treatment delivered. It’s an incentive structure designed to nurture patients through a health care system toward the best possible outcomes. 

Healthcare providers, physicians and pharmacies are encouraged to consider this model, it’s about providing medical treatments that ultimately lead to better outcomes for the patient. 


Privacy Is The Main Issue

The major drawback of course is that most of the data is PHA (protected health information) and PII (personally identifiable information) that healthcare providers are legally required to protect under privacy laws like GDPR, CCPA and HIPAA. 

The dilemma is obvious: how do healthcare leaders offer the best possible outcomes to patients while guaranteeing the anonymity of said patients?

Any data governance solution operating in the healthcare space must:

  • Protect all data at source
  • Maintain compliance even when local data laws change
  • Allow users to optimize the patient experience via data discovery

 Not a simple task, by any means.

The scenario is the same whether it’s an outpatient clinic, clinical research lab, or pharmacy. The task is to provide data security, protect sensitive information, but also use said information to make informed decisions.

“We needed to understand how we could leverage data that was forming in electronic medical record systems, claim systems, and pharmacy claims systems to really see the impact of new treatments,” eMichelle Hoiseth, Chief Data Officer of Parexel, in a xplains recent interview.

What Is Data Governance In Healthcare?

So why would a healthcare provider or a business working in the medical field implement an advanced data governance policy?


It Guarantees A High-Quality Level Of Analysis

Most healthcare organizations have multiple databases of both structured and unstructured data. The challenge is to group that data into a single platform that’s definable and accessible. It’s also a major challenge to ensure the anonymity of intellectual property and research data, which definitely contains PHA and PHI information. 

One example of this is the pharmaceutical industry, medical trial data includes trial patient data, which is classified as personal information, and also pharmaceutical research data, which is intellectual property. To confuse this, there are probably multiple versions of anonymized data within that data set. 

This now creates multiple sets of the same data. Duplication of data is even more common as patients move through the healthcare system and visit more than one physician or visit multiple facilities. This is where a homogenized data governance platform comes into its own because it negates the chance of having multiple data sets on multiple systems.

Storing the same data on multiple systems can cause:


  • The creation of multiple data infrastructures, some of which become obsolete before others
  • The creation of human error as data is transcribed from one data set to another, manually.


Eventually, this bifurcation of data and patient information systems will lead to unintentional non-compliance; it is an inevitability of a decaying system.


Compliance Requirements

It’s no surprise that this data is highly valuable to cybercriminals. Getting their hands on PHA or PHI is the ultimate prize. Because of this, federal and state governments have put regulations into play that impose fines on non-compliant entities.

In all honesty, whether you’re a large healthcare provider like Encompass Health or a small dental practice in a retirement enclave, there’s a very good chance you handle data controlled under federal and local data laws.

No matter what the size of the organization, they can easily fall foul to some of the most common data compliance regulations, like:


  • General Data Protection Regulation (GDPR) European Union law that protects the privacy of data
  • Health Insurance Portability and Accountability Act (HIPAA): US federal law that protects data privacy of patients
  • California Privacy Rights Act (CPRA): California state law that protects consumer data.



Criminal Protection

Is no surprise that in recent years hackers and cyber criminals have targeted PHI data. It’s valuable, easily recognisable, and can be sold on the black market to unscrupulous bad actors. 

Just recently, Magellan Health had to pay out an eye-watering fine of $1.43 million after a data breach that put 270,000 patient records in the hands of cybercriminals. 

The data included Social Security numbers, prescriptions, healthcare plans, identification numbers, authorization IDs, and patient diagnoses. Magellan said they couldn’t rule out this data had not been exfiltrated from the system during the breach. 

The cause of this breach?

A single compromised employee email account…

Statistics show that: 

  • 91% of data breaches are financially motivated
  • 66% of those breaches involved personal information
  • 55% of those breaches involved personal healthcare information

Clearly, the criminals want this data. Their intention is to obfuscate overworked healthcare professionals and breach the system. Our duty is to stop this before it begins. We simply can’t afford to lose medical data and risk the ire of federal governments.

As medical data breaches reach fever pitch, so too will the laws clamping down on such activity. We have a duty to patients and lawmakers, to prove that healthcare in 2022 and beyond isn’t a data breach risk.

The only way to do this, is to understand the data at an intrinsic level, cut waste and build a clearer picture of patient information.

Skill Gap and Training Needs
Skill Gap and Training Needs

January 8, 2024By: Danny Reeves By 2025, an estimated 85% of AI projects are projected to deliver erroneous outcomes due to bias in data, algorithms, or the teams responsible for managing them. This startling statistic brings to light a critical yet often overlooked...

Integration and Compatibility Issues
Integration and Compatibility Issues

December 19, 2023By: Danny Reeves A staggering 70% of AI transformations fail, not due to a lack of advanced technology, but because of integration and compatibility issues with existing systems. This stark reality underscores a crucial, often overlooked aspect of AI...

Ethical and Privacy Concerns
Ethical and Privacy Concerns

December 12, 2023By: Danny Reeves The integration of AI into enterprise operations brings forth a complex ethical landscape. Ethical concerns primarily revolve around the potential for biased algorithms and decision-making processes that lack transparency. For...

No two problems are ever the same. That’s why NOW Solutions has built a team consisting of real experts with experience in your industry.

Case Studies

 VI Insights

Partner Programs

Enabling AI for Industry & Government through Vertical Intelligence (VI)


Sign up for Updates