Research Data Governance, Roles, and Infrastructure

  • Anthony Solomonides
Part of the Health Informatics book series (HI)


This chapter explores the concepts, requirements, structures, and processes of data or information governance. Data governance comprises the principles, policies, and strategies that are commonly adopted, the functions and roles that are needed to implement these policies and strategies, and the consequent architectural designs that provide both a home for the data and, less obviously, an operational expression of policies in the form of controls and audits. This speaks to the “What?” and “How?” of data governance, but the “Why?” is what justifies the extraordinary efforts and lengths organizations must go to in the pursuit of effective data governance. This receives a fuller answer in this chapter; in brief, information is a valuable asset whose value is threatened both by loss of integrity, the principal internal threat, and by its potential for theft or leakage, compromising privacy, business advantage, and failure to meet regulatory requirements—the external threats. Internal and external threats are not quite so neatly distinguished in real life, as we shall see later in the chapter.


Data governance Research data governance Information governance Data integrity Internal and external threats Security Privacy Confidentiality Regulatory frameworks HIPAA Common rule 



In addition to the members of the AMIA CRI-WG, I must acknowledge a number of sources. The section on “Defense of Data” has benefited greatly from the American Statistical Association’s Committee on Privacy and Confidentiality and its comparison of the HIPAA Privacy Rule and the Common Rule [13]. The section on roles owes a great deal to the paper by Sanchez Pinto et al. [14] and in particular to the three CRIOs who spoke at the workshop from which the paper was developed, Bill Barnett, Peter Embi, and Umberto Tachinardi. Also fellow panelists at AMIA Summit 2018, Harold Lehmann, Kate Fultz Hollis, Bill Hersh, Jihad Obeid, Megan Singleton, and Umberto Tachinardi. The work of John Holmes [15, 16, 17] was also influential. The implementation section benefited from Adam Tobias and colleagues’ work at USF [11]. Of course, none of these authors bears any responsibility for errors or misunderstandings that may have crept into this chapter.


  1. 1.
    Donabedian A. Evaluating the quality of medical care. Milbank Q. 2005;83(4):691–729. Reprinted from The Milbank Memorial Fund Quarterly 44:3.2;166-203 (1966)CrossRefGoogle Scholar
  2. 2.
    AHIMA. Information Governance Principles for Healthcare (IGPHC). Available at:
  3. 3.
    Martin PY, Turner BA. Grounded theory and organizational research. J Appl Behav Sci. 1986;22(2):141.CrossRefGoogle Scholar
  4. 4.
    Fahey L, Prusak L. The eleven deadliest sins of knowledge management. Calif Manag Rev. 1998;40(3):265–76. (“Error 3”). This precise formulation was given—repeated twice for emphasis—at a HICSS2000 keynote.CrossRefGoogle Scholar
  5. 5.
    Her QL, Malenfant JM, Malek S, Vilk Y, Young J, Li L, Brown J, Toh S. A query workflow design to perform automatable distributed regression analysis in large distributed data networks. eGEMs. 2018;6(1):1–11.Google Scholar
  6. 6.
    Health Insurance Portability and Accountability Act of 1996. Public Law 104–191. US Government Publishing Office. 1996. Available at: 104publ191/pdf/PLAW-104publ191.pdf
  7. 7.
    Whitman JQ. The two western cultures of privacy: dignity versus liberty. Yale Law J. 2004;113:1151–221. Available as Faculty Scholarship Series, Paper 649 at Scholar
  8. 8.
    Warren SD, Brandeis LD. The right to privacy. Harv Law Rev. 1890;4(5):193–220.CrossRefGoogle Scholar
  9. 9.
    Viktor Mayer-Schonberger. Beyond privacy beyond rights – toward a systems theory of information governance. Calif Law Rev, 98:1853–1885 (2010). Available at
  10. 10.
    Laudon KC. Markets and privacy. Commun ACM. 39, 9:92–104CrossRefGoogle Scholar
  11. 11.
    Tobias A, Chackravarthy S, Fernandes S, Strobbe J AAMC Conference on Information Technology in Academic Medicine, Toronto, June 2016; also presented as an AMIA CRI-WG Webinar, October 2016.Google Scholar
  12. 12.
  13. 13.
    American Statistical Association. Committee on privacy and confidentiality. Comparison of HIPAA Privacy Rule and The Common Rule for the Protection of Human Subjects in Research. 2011.Google Scholar
  14. 14.
    Sanchez-Pinto LN, Mosa ASM, Fultz-Hollis K, Tachinardi U, Barnett WK, Embi PJ. The emerging role of the chief research informatics officer in academic health centers. Appl Clin Informat. 2017;8(3):845–53.CrossRefGoogle Scholar
  15. 15.
    Brown JS, Holmes JH, Shah K, et al. Distributed health data networks: a practical and preferred approach to multi-institutional evaluations of comparative effectiveness, safety, and quality of care. Med Care. 2010;48(6., Supplement 1: Comparative Effectiveness Research: Emerging Methods and Policy Applications):S45–51.CrossRefGoogle Scholar
  16. 16.
    Holmes JH, Elliott TE, Brown JS, et al. Clinical research data warehouse governance for distributed research networks in the USA: a systematic review of the literature. JAMIA. 2014;21:730–6.PubMedGoogle Scholar
  17. 17.
    Maro JC, Platt R, Holmes JH, et al. Design of a national distributed health data network. Ann Intern Med. 2009;151:341–4.CrossRefGoogle Scholar

Copyright information

© Springer International Publishing 2019

Authors and Affiliations

  • Anthony Solomonides
    • 1
  1. 1.Department of Family MedicineNorthShore University HealthSystem, Research InstituteEvanstonUSA

Personalised recommendations