• Governance
  • Acfee to publish reviews of cyber-security and eHealth governance

    To priority topics to come out of the eHealthALIVE week in September were eHealth governance and cyber-security. Acfee’s taking action on both.

    At eHealthALIVE, several presenters said that successful larger-scale eHealth depends on effective eHealth governance. While there are generic components, such as accountability, there’s a need to develop and implement bespoke eHealth governance to fit each countries’ situation. An important aspect’s that it should fit the corporate and political governance arrangements. Consequently, Acfee’s eHealth governance document’s a basic guide for Africa’s health systems to build from. It’s not a recipe.

    After eHealthALIVE, Acfee’s African eHealth Forum met. It’s combination of Acfee’s advisory board members and selected, invited eHealth vendors. Cyber-security was identified as an essential eHealth component with minimal advice and commentaries for Africa’s health systems.

    eHNA monitors global cyber-security information, research and advice and Acfee is summarising some themes from its database of posts for Africa’s health systems. Cyber-threats are becoming more sophisticated, matched by new research, so the document’ll be followed with updates. These do not comprise cyber-security advice, but identifies actions from other continents for Africa’s health systems and eHealth leaders to consider as they develop their cyber-security policies, strategies and measures. 

  • AHIMA releases its Information Governance Framework

    Every country needs to ensure effective Information Governance (IG). This means that it has to be based on sound principles. The USA’s taken a big step forward, from which we can all learn. The American Health Information Management Association (AHIMA) has released its Information Governance Principles for Healthcare. You can access it through Fierce Health IT.

    The framework is part of AHIMA’s continuing strategy to emphasise the importance and value of information governance. It sees effective governance as essential to achieving the goals of patient care and ensuring regulatory compliance. The framework has eight principles:

    Accountability, where an accountable leader oversees the IG programme Transparency, with IG processes and activities documented  openly and verifiably Integrity, with information  managed to provide a reasonable guarantee of reliability Protection, with appropriate security to prevent breaches, corruption and loss Compliance, with the IG programme complying with applicable laws, standards and organisational policies Availability, with information managed to ensure timely, accurate, and efficient retrieval Retention, with data kept for appropriate periods to meet legal, regulatory and other relevant requirements Disposition, with data that is no longer required, disposed of appropriately and securely manner.

    FierceHealthIT says that AHIMA adapted its IG framework from the American Records Management Association, ARMA International’s publication Generally Accepted Recordkeeping Principles. This deals with quality improvement, risk management, compliance, privacy and security. It’s eight principles for IG programmes are:

    Accountability: an organisation shall assign a senior executive to oversee the IG programme, delegate program responsibility to appropriate individuals, adopt policies and processes to guide staff, and ensure program auditability Integrity: an IG programme shall be constructed so the records and information generated or managed by or for the organisation have a reasonable and suitable guarantee of authenticity and reliability Protection: an IG programme shall be constructed to ensure a reasonable level of protection to information that is personal or that otherwise requires protection Compliance: an IG programme shall be constructed to comply with applicable laws and other binding authorities, as well as the organisation’s policies Availability: an organisation shall maintain its information in a manner that ensures timely, efficient, and accurate retrieval of its information Retention: an organisation shall retain its information for an appropriate time, taking into account all operational, legal, regulatory and fiscal requirements, and those of all relevant binding authorities Disposition: an organisation shall provide secure and appropriate disposition of information in accordance with its policies, and, applicable laws, regulations and other binding authorities Transparency: an organisation shall document its policies, processes and activities, including its information governance program, in a manner that is available to and understood by staff and appropriate interested parties.

    AMRA’s Maturity Model embedded in its framework goes beyond the restatement of the principles. It defines IG’s characteristics at three levels of maturity, completeness, and effectiveness. For each principle, the Maturity Model describes characteristics as sub-standard, in development and essential.

    These documents are essential starting points for African countries expanding their eHealth initiatives, IG and regulation.