Abstract
This chapter explores the concepts, requirements, structures, and processes of data or information governance. Data governance comprises the principles, policies, and strategies that are commonly adopted, the functions and roles that are needed to implement these policies and strategies, and the consequent architectural designs that provide both a home for the data and, less obviously, an operational expression of policies in the form of controls and audits. This speaks to the “What?” and “How?” of data governance, but the “Why?” is what justifies the extraordinary efforts and lengths organizations must go to in the pursuit of effective data governance. This receives a fuller answer in this chapter; in brief, information is a valuable asset whose value is threatened both by loss of integrity, the principal internal threat, and by its potential for theft or leakage, compromising privacy, business advantage, and failure to meet regulatory requirements—the external threats. Internal and external threats are not quite so neatly distinguished in real life, as we shall see in this chapter.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
This simple list was promoted to public bodies in the United Kingdom by the now dissolved Audit Commission. The elaboration in this chapter is the author’s, based on numerous other contributions.
- 2.
Instituted following the Caldicott Committee. Report on the Review of Patient-Identifiable Information. December 1997. UK Department of Health
References
Donabedian A. Evaluating the quality of medical care. Milbank Q. 2005;83(4):691–729. Reprinted from The Milbank Memorial Fund Quarterly 44:3.2;166-203 (1966)
AHIMA. Information Governance Principles for Healthcare (IGPHC). www.ahima.org/~/media/AHIMA/Files/HIM-Trends/IG_Principles.ashx.
Martin PY, Turner BA. Grounded theory and organizational research. J Appl Behav Sci. 1986;22(2):141.
Fahey L, Prusak L. The eleven deadliest sins of knowledge management. Calif Manag Rev. 1998;40(3):265–76. (“Error 3”). This precise formulation was given—repeated twice for emphasis—at a HICSS2000 keynote
Wilkinson M, Dumontier M, Aalbersberg I, et al. The FAIR guiding principles for scientific data management and stewardship. Sci Data. 2016;3:160018. https://doi.org/10.1038/sdata.2016.18.
Lin D, Crabtree J, Dillo I, et al. The TRUST principles for digital repositories. Sci Data. 2020;7:144. https://doi.org/10.1038/s41597-020-0486-7.
Shoshana Zuboff. The age of surveillance capitalism: the fight for a human future at the new frontier of power. Public Affairs New York 2019.
STAT+ Special Report. Todd Feathers, Simon Fondrie-Teitler, Angie Waller, and Surya Mattu—The Markup. Facebook is receiving sensitive medical information from hospital websites. June 16, 2022. Casey Ross. (On IQVIA/Experian) Internal documents show privacy lapses at a data powerhouse that holds health records and consumer information on millions of Americans. July 28, 2022.
Wall Street Journal. Rob Copeland. Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans. November 11, 2019.
Ozeran L, Solomonides A, Schreiber R. Privacy versus convenience: a historical perspective, analysis of risks, and an informatics call to action. Appl Clin Inform. 2021;12(2):274–84. https://doi.org/10.1055/s-0041-1727197.
Caton S, Haas C. Fairness in machine learning: a survey. 2020. https://arxiv.org/abs/2010.04053v1. Accessed 31 July 2022.
Nielsen A. Practical fairness: achieving fair and secure data models. O’Reilly Media, Inc., Sebastopol, CA; 2020. ISBN: 9781492075738
Her QL, Malenfant JM, Malek S, Vilk Y, Young J, Li L, Brown J, Toh S. A query workflow design to perform automatable distributed regression analysis in large distributed data networks. eGEMs. 2018;6(1):1–11.
J Rogers et al. VaultDB: A Real-World Pilot of Secure Multi-Party Computation within a Clinical Research Network. 2022. https://doi.org/10.48550/arXiv.2203.00146
CD2H Maturity. https://cd2h.org/maturity
Pursuit. Vanessa Teague, Chris Culnane and Ben Rubinstein. The simple process of re-identifying patients in public health records. 2017. https://pursuit.unimelb.edu.au/articles/the-simple-process-of-re-identifying-patients-in-public-health-records. Accessed 31 July 2022.
NIH – 21st Century Cures Act. https://www.nih.gov/research-training/medical-research-initiatives/cures
Haendel MA, Chute CG, Bennett TD, Eichmann DA, Guinney J, Kibbe WA, Payne PRO, Pfaff ER, Robinson PN, Saltz JH, Spratt H, Suver C, Wilbanks J, Wilcox AB, Williams AE, Wu C, Blacketer C, Bradford RL, Cimino JJ, Clark M, Colmenares EW, Francis PA, Gabriel D, Graves A, Hemadri R, Hong SS, Hripscak G, Jiao D, Klann JG, Kostka K, Lee AM, Lehmann HP, Lingrey L, Miller RT, Morris M, Murphy SN, Natarajan K, Palchuk MB, Sheikh U, Solbrig H, Visweswaran S, Walden A, Walters KM, Weber GM, Zhang XT, Zhu RL, Amor B, Girvin AT, Manna A, Qureshi N, Kurilla MG, Michael SG, Portilla LM, Rutter JL, Austin CP, Gersing KR, the N3C Consortium. The National COVID Cohort Collaborative (N3C): Rationale, design, infrastructure, and deployment. J Am Med Inform Assoc. 2021;28(3):427–43. https://doi.org/10.1093/jamia/ocaa196.
Health Insurance Portability and Accountability Act of 1996. Public Law 104–191. US Government Publishing Office. 1996. https://www.hhs.gov/hipaa/for-professionals/index.html7.
Bitterman DS, McGraw D, Mandl KD. How the cures act information blocking rule could impact research. Health Affairs Forefront, June 29, 2022.
Whitman JQ. The two western cultures of privacy: dignity versus liberty. Yale Law J. 2004;113:1151–221. http://digitalcommons.law.yale.edu/fss_papers/649 (Faculty Scholarship Series, Paper 649)
Henry Farrell, Abraham L. Newman. Of privacy and power: the transatlantic struggle over freedom and security. Princeton University Press, Princeton, NJ. 2019. ISBN-13:978-0691183640
Wikipedia—Edward Snowden. https://en.wikipedia.org/wiki/Edward_Snowden.
Feb 10, 2021 134 Harv. L. Rev. 1567 Data Protection Commissioner v. Facebook Ireland Ltd. Court of Justice of the European Union Invalidates the EU-U.S. Privacy Shield.
Warren SD, Brandeis LD. The right to privacy. Harv Law Rev. 1890;4(5):193–220.
Mayer-Schonberger V. Beyond privacy beyond rights – toward a systems theory of information governance. Calif Law Rev. 2010;98:1853–85. http://scholarship.law.berkeley.edu/californialawreview/vol98/iss6/4
Laudon KC. Markets and privacy. Commun ACM. 1996 39, 9:92–104.
Ladley J. Data governance: how to design, deploy, and sustain an effective data governance program. Morgan Kaufmann; 2012.
Plotkin D. Data stewardship: an actionable guide to effective data management and data governance. Morgan Kaufmann; 2013.
Schindlwick H. IT governance: how to reduce costs and improve data quality through the implementation of IT governance. CreateSpace; 2017.
Seiner RS. Non-invasive data governance. Technics Publications, 2014.
Kantor B. The RACI matrix: Your blueprint for project success. CIO Jan 30, 2018. https://www.cio.com/article/287088/project-management-how-to-design-a-successful-raci-project-plan.html. Accessed 31 July 2022.
Gonzales S, O’Keefe L, Gutzman K, Viger G, Wescott AB, Farrow B, Heath AP, Kim MC, Taylor D, Champieux R, Yen PY, Holmes K. Personas for the translational workforce. J Clin Transl Sci. 2020;4(4):286–93. https://doi.org/10.1017/cts.2020.2. PMID: 33244408; PMCID: PMC7681142
Tobias A, Chackravarthy S, Fernandes S, Strobbe J. AAMC Conference on Information Technology in Academic Medicine, Toronto, June 2016; Also presented as an AMIA CRI-WG Webinar, October 2016.
American Statistical Association. Committee on privacy and confidentiality. Comparison of HIPAA Privacy Rule and The Common Rule for the Protection of Human Subjects in Research. 2011.
Sanchez-Pinto LN, Mosa ASM, Fultz-Hollis K, Tachinardi U, Barnett WK, Embi PJ. The emerging role of the chief research informatics officer in academic health centers. Appl Clin Informat. 2017;8(3):845–53.
Brown JS, Holmes JH, Shah K, et al. Distributed health data networks: a practical and preferred approach to multi-institutional evaluations of comparative effectiveness, safety, and quality of care. Med Care. 2010;48(6 Supplement 1: Comparative Effectiveness Research: Emerging Methods and Policy Applications):S45–51.
Holmes JH, Elliott TE, Brown JS, et al. Clinical research data warehouse governance for distributed research networks in the USA: a systematic review of the literature. JAMIA. 2014;21:730–6.
Maro JC, Platt R, Holmes JH, et al. Design of a national distributed health data network. Ann Intern Med. 2009;151:341–4.
Solomonides AE, Koski E, Atabaki SM, Weinberg S, McGreevey JD III, Kannry JL, Petersen C, Lehmann CU. Defining AMIA’s artificial intelligence principles. J Am Med Inform Assoc. 2022;29(4):585–91. https://doi.org/10.1093/jamia/ocac006.
Acknowledgments
The author acknowledges the lasting contribution to his understanding of the research data governance by successive leadership and members of the American Medical Informatics Association’s (AMIA) Clinical Research Informatics Working Group (CRI-WG) and Ethical, Legal and Social Issues Working Group (ELSI-WG), and through his participation in AMIA’s Public Policy, Ethics, and Diversity, Equity and Inclusion Committees. The first edition of this chapter formed the basis for an AMIA conference workshop on three occasions. Special thanks are due to my co-presenters, esp. Kate Fultz Hollis, Lincoln Sheets, Trent Rosenbloom, Melissa Haendel, and Chris Chute, and to the participants for their insightful discussions. The section on “Defense of Data” has benefited greatly from the American Statistical Association’s Committee on Privacy and Confidentiality and its comparison of the HIPAA Privacy Rule and the Common Rule [36]. The section on roles owes a great deal to the paper by Sanchez Pinto et al. [37] and in particular to the three CRIOs who spoke at the workshop from which the paper was developed, Bill Barnett, Peter Embi, and Umberto Tachinardi. Also fellow panelists at AMIA Summit 2018, Harold Lehmann, Kate Fultz Hollis, Bill Hersh, Jihad Obeid, Megan Singleton, and Umberto Tachinardi. The work of John Holmes [38,39,40] was also influential. The implementation section benefited from Adam Tobias and colleagues’ work at USF [34]. More recently the IEEE Standards Working Group P2863 on AI Governance, the CD2H maturity model community, my co-authors on Defining AMIA’s AI Principles [41], and Drs. Kenneth Goodman and Diane Korngiebel have helped me put this work in a wider context. Of course, none of these authors bears any responsibility for errors or misunderstandings that may have crept into this chapter.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Solomonides, A. (2023). Research Data Governance, Roles, and Infrastructure. In: Richesson, R.L., Andrews, J.E., Fultz Hollis, K. (eds) Clinical Research Informatics. Health Informatics. Springer, Cham. https://doi.org/10.1007/978-3-031-27173-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-27173-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-27172-4
Online ISBN: 978-3-031-27173-1
eBook Packages: MedicineMedicine (R0)