Data and information governance in Nigerian healthcare system
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via moshoke@yahoo.com; twitter: @moshoke
Healthcare organisations can’t work without instilling and building patients’ trust. When patients pass their information to healthcare organisations, they want to know their information will be protected and managed appropriately.
Yet, many Nigerian healthcare companies fail to build this trust. The only way to build confidence and trust in the Nigerian healthcare system is to create reliable data management systems.
Healthcare providers have the requirement to protect patient information and have a practical data privacy framework to guide their employees on when to share or not to share information.
The Nigerian healthcare system collects what the Nigerian Data Protection Regulation calls Sensitive Personal Information (biometric data and health records). Mismanagement of this data can put the lives of many Nigerians at risk. As such, Nigerian healthcare providers must pay attention to data and information governance. This piece covers essential areas that require the utmost attention in data management in the Nigerian healthcare system.
Across healthcare systems, one of the most important questions that keep arising is the safeguarding of information in possession of the healthcare provider. Any misappropriation existing within the preservation and security of data usually spring up consequences. Therefore, safety should be the top priority of healthcare providers. Attention should focus on the firewalls, encryption methods, and the entire organisational measure employed in maintaining security.
Another factor that enhances the security of records is access management. Access to personal confidential information should be on a strict need-to-know basis. For example, a digital healthcare provider in Nigeria allows admin staff to access customer confidential health records. The admin staff does not need that data set to carry out their daily duties, and by doing that, the company broke the customer’s trust. Defining roles and responsibilities for the team within the company plays a vital role.
Everyone with access to confidential information should be aware of their responsibilities to take care of the information in their care. Action—training and sensitising employees—should be taken to ensure that those who have access to confidential information know their responsibilities and obligations to respect patient’s information.
Every processing of information should adhere to the principles of the Nigerian Data Protection Regulation. Understanding these principles would guide the company and her employees in the management of information.
Quite often, the complexity of a healthcare system could spring problems in building the right data protection and management framework. The onus, therefore, is on the healthcare provider to locate experts that can provide a useful and working information and data governance management framework.
Sharing data might be in the best interest of the healthcare provider. However, the healthcare provider must pay attention to the methods of transfer of this information, which means carrying out due diligence about the recipient of the data. Again, a defined policy must be in existence to guide the healthcare provider about transfers and what type of standards the recipient of the information must meet before they receive data.
Retention of data is critical too, especially in this era where emerging technologies allow for a virtual consultation. Healthcare providers now need to factor in their various retention schemes. They should know how long a piece of particular information would be stored, how long will the data be stored, and when will the information be deleted. A clear and concise retention policy would guide the healthcare provider on these various procedures.
There are other factors that healthcare providers can focus on to ensure that they are building trust and making their patients comfortable with sharing information. Having a sound data and information management system is one sure way of doing that, and it will help the organisation build patients’ trust, increase their profitability and maintain a good reputation.