Get the Whitepaper
Sign up to receive it here.
Do we have your permission to email you?
Yes
No
Why Healthcare Compliance Leaders Need to Care About IG
In a survey conducted by Coleman Parkes Research on behalf of Iron Mountain, compliance professionals answered questions related to the relationship between healthcare compliance and IG.
Policy and Process Standardization
75% of respondents stated that prioritizing the standardization of policies and processes relating to PHI governance was the top priority for them in their role as a compliance leader.
Information governance provides an enforceable framework to identify current information practices across the enterprise including policy gaps and inefficiencies as well as a means to remediate identified risks and advance standardization.
Mergers and Acquisitions
Information governance delivers a standard methodology to identify and classify all newly acquired information and systems. The process yields transparency and accelerates the standardization of privacy and security, access, retention and destruction policies across newly acquired assets.
DID YOU KNOW?
64% of respondents indicated that a key challenge and risk in M&A situations is identifying what sensitive information/PHI they have and where it exists.
Retention Management
93% of compliance leaders would like to see fewer categories within retention schedules. Hospitals will have upwards of 99 different categories for some of the retention schedules utilized in their hospitals.
Information governance advances the organization's ability to enforce comprehensive information lifecycle management through the enterprise-wide classification of information, rationalization of information categories and the consolidation of retention schedules. A sound information governance model will deliver a single enterprise-wide retention schedule that is easy to understand and enforce.
Defensible Destruction
Information governance facilitates secure and timely destruction across all information format types -- including electronic data, mobile devices and information systems -- through the development of policies and procedures that yield an end-to-end chain of custody, provide documentation of destruction and identify the cadence and ownership of regular routine audits.
Around 1/3 of respondents acknowledge that they do not fully audit and document the destruction process in accordance with their record retention policy.
10% of respondents admitted to lacking any kind of formal documentation of secure destruction.