IT Governance (ITG if you love acronyms) is all about making sure that the technology systems within an organization are working efficiently and effectively to support business operations and strategic goals. It is no longer just about making sure the enterprise resource planning (ERP) and finance systems are in place. Now that IT has become entwined into all aspects of business operations, a more complex governance structure needs to be put in place to oversee IT-related things. With this, for many healthcare organizations we are starting to see IT governance models emerge from under the corporate structure to sit alongside both corporate and clinical governance with more equal footing.
The collection of rules, guiding principles, processes, roles, and responsibilities that are put in place to support an organization's IT efforts should encompass each of the five categories below. Addressing these elements, while ensuring close alignment with the corporate and clinical governance models and processes, will help to set a strong foundation for the culture and ethics necessary for the organization to thrive.
A significant portion of any IT governance model should be focused on strategy. Technology continues to evolve at a rapid pace and the number of connected systems seems to just keep growing. Effective governance in this category focuses on making sure that the organization stays informed on all aspects that relate to future goals. A decision making structure with clear levels of responsibility should be put in place to identify the priority and sequence for all IT initiatives that are to be undertaken. The strategy component must have sufficient overlap with the corporate and clinical governance models to ensure alignment between the three is always maintained.
Knowing which IT initiatives to work on is just one part of the puzzle. IT governance also needs a structure to support the implementation and execution of policies, processes, and controls that will ensure value is being delivered to the business. Investments in IT infrastructure and project initiatives are usually significant in value. A strong governance model will make sure that business objectives are kept at the forefront and than the funding allocations that are made provide value and a reasonable return on investment (ROI) for the organization.
IT risk management is a broad topic in healthcare organizations. It encompasses not only the decisions around how data will be entered, stored, and shared; but also the role IT systems will play in supporting clinical care activities. The privacy, security, and the ethical use of systems are all components that IT governance models cannot afford to overlook. Processes, policies, and accountability structures must be put in place to monitor and control the IT decisions that are being made in each of these areas.
It is critical to have the decision-making and accountability structure set up in a way that will leverage the right knowledge and skillsets for each type of decision that needs to be make in the risk management category. Enterprise-wide, high organizational risk elements, decisions should be the responsibility of those fairly high up in the corporate structure. However, for tactical application-level decisions the responsible party needs to be close enough to the team who understands the technical details to make the right call. For risk management in IT governance to be successful, transparency and open communication are required within the model and across to the clinical and corporate connection points.
Performance & Outcomes
One of the components of IT governance that often gets overlooked is the performance and outcomes section. It is not that these are completely ignored by healthcare organizations, it's that a number of entities tend to focus attention on project specific outcomes instead. A strong IT governance model should be structured in a way that allows for repeatable effective and efficient decision making. One that will institutionalize best practices around all things related to IT. To make sure that the model is on the right path, there should be review processes, ongoing learning and development, and feedback loops put in place to assess its effectiveness. Far too often, when an IT governance model is falling short in some capacity, the response by organizations is not to assess performance and adjust. Instead, they tend to simply add in more committees, additional processes, or drastically overhaul entire sections of the structure to 'try again'.
The resourcing aspect of IT governance is all about making sure that the right people are in place to make decisions on the implementation, use, and allocation of IT assets. The decision makers need to have clear lines of accountability and defined connection points to both corporate and clinical org structures.
The resourcing aspect is also focused on making sure resources are made available to deliver on the expectations and goals that have been set by the organization. This includes the allocation of IT staff, clinicians, and administrators to technology-related initiatives; as well as the allocation of IT infrastructure to operational and project activities. (HR activities and non-IT infrastructure elements typically remain under the corporate governance structure.)