Research Data Governance, Roles, and Infrastructure
This chapter explores the concepts, requirements, structures, and processes of data or information governance. Data governance comprises the principles, policies, and strategies that are commonly adopted, the functions and roles that are needed to implement these policies and strategies, and the consequent architectural designs that provide both a home for the data and, less obviously, an operational expression of policies in the form of controls and audits. This speaks to the “What?” and “How?” of data governance, but the “Why?” is what justifies the extraordinary efforts and lengths organizations must go to in the pursuit of effective data governance. This receives a fuller answer in this chapter; in brief, information is a valuable asset whose value is threatened both by loss of integrity, the principal internal threat, and by its potential for theft or leakage, compromising privacy, business advantage, and failure to meet regulatory requirements—the external threats. Internal and external threats are not quite so neatly distinguished in real life, as we shall see later in the chapter.
KeywordsData governance Research data governance Information governance Data integrity Internal and external threats Security Privacy Confidentiality Regulatory frameworks HIPAA Common rule
In addition to the members of the AMIA CRI-WG, I must acknowledge a number of sources. The section on “Defense of Data” has benefited greatly from the American Statistical Association’s Committee on Privacy and Confidentiality and its comparison of the HIPAA Privacy Rule and the Common Rule . The section on roles owes a great deal to the paper by Sanchez Pinto et al.  and in particular to the three CRIOs who spoke at the workshop from which the paper was developed, Bill Barnett, Peter Embi, and Umberto Tachinardi. Also fellow panelists at AMIA Summit 2018, Harold Lehmann, Kate Fultz Hollis, Bill Hersh, Jihad Obeid, Megan Singleton, and Umberto Tachinardi. The work of John Holmes [15, 16, 17] was also influential. The implementation section benefited from Adam Tobias and colleagues’ work at USF . Of course, none of these authors bears any responsibility for errors or misunderstandings that may have crept into this chapter.
- 2.AHIMA. Information Governance Principles for Healthcare (IGPHC). Available at: www.ahima.org/~/media/AHIMA/Files/HIM-Trends/IG_Principles.ashx.
- 5.Her QL, Malenfant JM, Malek S, Vilk Y, Young J, Li L, Brown J, Toh S. A query workflow design to perform automatable distributed regression analysis in large distributed data networks. eGEMs. 2018;6(1):1–11.Google Scholar
- 6.Health Insurance Portability and Accountability Act of 1996. Public Law 104–191. US Government Publishing Office. 1996. Available at: https://www.gpo.gov/fdsys/pkg/PLAW- 104publ191/pdf/PLAW-104publ191.pdf
- 9.Viktor Mayer-Schonberger. Beyond privacy beyond rights – toward a systems theory of information governance. Calif Law Rev, 98:1853–1885 (2010). Available at http://scholarship.law.berkeley.edu/californialawreview/vol98/iss6/4.
- 11.Tobias A, Chackravarthy S, Fernandes S, Strobbe J AAMC Conference on Information Technology in Academic Medicine, Toronto, June 2016; also presented as an AMIA CRI-WG Webinar, October 2016.Google Scholar
- 13.American Statistical Association. Committee on privacy and confidentiality. Comparison of HIPAA Privacy Rule and The Common Rule for the Protection of Human Subjects in Research. 2011.Google Scholar
- 15.Brown JS, Holmes JH, Shah K, et al. Distributed health data networks: a practical and preferred approach to multi-institutional evaluations of comparative effectiveness, safety, and quality of care. Med Care. 2010;48(6., Supplement 1: Comparative Effectiveness Research: Emerging Methods and Policy Applications):S45–51.CrossRefGoogle Scholar