Health Information Management

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free

Health Information Management

by Faulkner Staff

Docid: 00011371

Publication Date: 2202

Report Type: TUTORIAL


In the health industry, information comes in many forms – from digital
x-rays to handwritten notes. The handling of this information impacts
regulatory compliance, budgets, clinical outcomes, and other key metrics
for organizational performance. Making health information management a
cross-departmental practice can produce better results, particularly as
hospitals grapple with the many new sources of data that have emerged over
the past several years. This tutorial takes a look at many of the
considerations for implementing a health information management program.

Report Contents:

Executive Summary

[return to top of this

A substantial amount of medical data is now stored electronically in a
diverse range of sources, including servers housing patient records,
picture archiving, and communication systems that contain x-rays and other
medical images.

IT Standards for the
Healthcare Industry Tutorial
HIPAA Records Management Tutorial
Electronic Medical Records
Earned Value Management Tutorial
Balanced Scorecard
Management Tutorial
Robotic Telepresence Technology & Applications Tutorial

Unfortunately, the ineffective handling of this data can pose a direct
threat to regulatory compliance, patient care, and, ultimately, the bottom

To protect against such dangers, many healthcare organizations practice
information management, which is the coordinated control of data. To
handle this function, some institutions have created the position of CIO
(Chief Information Officer). A CIO is an executive-level job that
involves high-level strategic planning about the technologies and
processes related to creating, storing, and managing data. People in this
role are expected to translate business goals – such as meeting
regulations or controlling costs – into technology plans. Therefore, CIOs
will be involved in purchasing decisions and implementation planning,
among other duties.

Potential Trends

Among the potential trends that could have an impact, whether positive or
negative, on health information management are:

  • Increased use of EHR (electronic health records), which are shareable
    among facilities
  • Broadened focus for the CIO, including the management of data sent to
    – and received from – parties that manage health information
  • Emergence of pay for performance insurance reimbursement programs
  • Expanded use of telemedicine and other remote service options
  • Increased exposure to ransomware and other critical cyber threats


[return to top of this

Generally speaking, information management is the coordinated oversight
of an organization’s technology and processes for generating, storing, and
transferring data. In the health industry, this area includes both
clinical and administrative data. Consequently, information management is
not limited to IT concerns. The concept – at least in terms of the health
industry – encompasses financial and patient records, diagnostic images
such as x-rays, test results, and other clinical data. Additionally,
videoconferencing and other forms of telemedicine, which are used to
provide consultation, are often counted in this category.

Health Information Management – Discipline

Growth in the use of IT by the healthcare industry has created the demand
for a new class of experts within the hospital environment, with the US
Bureau of Labor Statistics
predicting that the “job outlook” for
health-info technicians will grow by 11 percent (through 2028), which
marks overall employment growth of 23,100 over a 10-year period, taking it
from the documented 215,500 (2018) to 238,600 (2028).1

As the need for coordinated management of information grows, the
emergence of new EDS (electronic data systems) that are spread across more
clinical and administrative departments becomes even more necessary.
Included in this area are:

  • Computerized physician order-entry systems
  • Automated medication cabinets
  • Pharmacy information systems

For this reason, coordinated oversight is important, as decisions about
purchasing or upgrading such systems cannot be made in isolation. These
systems affect and depend on other technology and clinical processes. An
example of such an inter-dependency is the need for adequate network
bandwidth to support the transfer of high-quality x-ray images or provide
reliable videoconferencing.

Health Information Management – Goals

Health information management involves technology, but also frames its
goals in broader strategic terms:

  • Turning Data into Meaningful Information – Much of
    the data that health facilities compile over time is not assembled or
    processed in a way that makes it useful for strategic planning. Health
    information management aims to organize such data to measure the
    performance of clinicians and equipment, to spot trends, and to perform
    other activities.
  • Managing a Talent Pool – Activities such as hiring
    personnel for specific positions is typically the responsibility of
    frontline supervisors, but broader considerations such as long-term
    employee development and ensuring that staff members have the right
    skills to carry out future projects are also part of health information
  • Monitoring Regulatory and Legal Compliance – Health
    information is subject to many regulations and laws, both at the federal
    and state levels. Compliance depends on technology used in a variety of
    departments, as well as on policies and practices.
  • Managing Organizational Changes – Routine changes can
    typically be handled by an individual department. For instance, an IT
    department could plan and execute a security patch deployment or a
    clinical engineering department could manage minor revisions to the
    inspection and preventive maintenance procedures for medical devices.
    But larger changes require cross-departmental oversight, which is a
    responsibility of health information management. Projects on this scale
    include implementing a disaster recovery program or converting paper
    records to an electronic system. Making fundamental changes – and doing
    so smoothly – involves more than implementing technology. It also
    involves training staff members and reengineering administrative and
    clinical processes.
  • Meeting Financial Goals – Health information managers
    make many decisions that affect financial goals, such as the following:

    • Selecting technology for storing or using information.
    • Setting salary budgets for personnel who manage data.
    • Determining reimbursement policies for medical treatments.
  • Maintaining Security – Security is a key concern of
    health information management. In addition to implementing devices such
    as firewalls, the practice also includes the oversight of clinical and
    administrative practices that deal with health information.

Health Information Management – Governance

Founded in 1928, the American Health Information Management Association
(AHIMA) is a leading voice and authority in health information management.
AHIMA’s expertise extends to essential topics like:

  • Coding: inpatient, outpatient, and physician
  • Clinical documentation integrity
  • Privacy and security
  • Data analytics and informatics
  • Revenue cycle management
  • Leadership

According to the AHIMA, the field of health information management is
focused on five principal functions:

  • Health information governance and stewardship
  • Data capture, validation, and maintenance
  • Data analysis, transformation, and decision support
  • Information dissemination and liaison
  • Health information resource management and innovation2

In addition to policies and practices advanced by the AHIMA, the
International Organization for Standardization (ISO) has published
numerous standards on health information systems or, as they prefer,
“health informatics,” which analyst Tim Stobierski describes as an
“interdisciplinary field in the healthcare industry that uses information
technology to organize and analyze health records to improve healthcare

Current View

[return to top of this

In terms of the current landscape for health information management,
primary considerations include EHR (electronic health record) adoption
rates and maintaining regulatory compliance.

Electronic Health Records Adoption

The global electronic health records (EHR) market is projected to grow
from $30 billion (2020) to $40 billion (2025), in large part due to
“rising demand for centralization and streamlining of electronic
healthcare systems, technological advancements in the field of healthcare
IT, and increasing awareness about the use and importance of EHR.”4

Mixing With Paper-Based Records Management

The mix of paper-based and electronic records is one of the challenges of
managing health information. Facilities need to shepherd this transition
in a way that is not overly disruptive. At the same time, they need to
find ways to make effective use of paper-based sources while they are
still in use.

Regulatory Compliance

Regulatory compliance is assuming increasing importance in health information
management. For example, in the US, health providers, payers, clearinghouses,
and billing services are obliged to use

code sets (International Classification of Diseases, 10th Edition).5

As itemized by AltexSoft, a technology consulting company, other
prominent code sets include:

  • “CPT (the Current Procedure Terminology)
    and HCPS (Healthcare Common Procedure Coding System) for
    reporting all types of healthcare services, both inpatient and
  • “CDT (Code on Dental Procedures and Nomenclature) for documenting
    dental treatment
  • “SNOMED CT (Systematized Nomenclature of Medicine – Clinical
    Terms) for capturing symptoms, clinical findings, family history,
    medical services, drugs, and other aspects related to the course of
  • “LOINC (the Logical Observation Identifiers Names and Codes) for
    recording lab orders/ results and vital signs
  • “NDC (National Drug Codes) for pharmacy products
  • “RxNorm for drug classes”6

Patients as “Shoppers”

A key philosophical transformation that has occurred over the past
few years is that patients have begun to think more like shoppers. This
development is due to the shift of retail and health services to the Web. As
people have grown accustomed to comparing products online, some have also
come to expect the same from the health industry. This trend has put
increased emphasis on price as a factor in choosing services and providers.7


[return to top of this

Healthcare Information Systems

As forecast by Research and Markets, the global healthcare information
systems market size should reach $539.3 billion by 2028, realizing a
compound annual growth rate (CAGR) of 9.9 percent from 2021 to 2028.
Fueling the growth are a variety of factors:

  • The increasing prevalence of chronic diseases
  • An aging population
  • The general trend (not just healthcare) toward cloud-based information
  • The need to lower healthcare costs through automation
  • The COVID-19 pandemic which accelerated telemedicine or telehealth
  • The need to “make effective use of data analytics,” especially in a
    turbulent healthcare industry8

Pay For Performance

A major factor spurring hospitals to implement health information
management programs is the trend away from pay for service insurance
reimbursements, in which hospitals are paid based on which service they
provide. This model is being replaced by a variety of pay for performance
models that base reimbursements on clinical results, not on the type of
service provided. The task of managing pay for performance data, however,
falls heavily on information managers. In addition, as more pay for
performance programs emerge, health information management will become
more essential as a financial safeguard.

Health Information Protection

As evidenced by HIPAA and other health-related security and privacy
statutes, protecting health information, particularly electronic
information, is essential. To that end, the US National Institute of
Standards and Technology (NIST) has produced regular health information
management guidance. Relevant publications include:

  • SP 800-66, Rev. 1:
    An Introductory Resource Guide for Implementing
    the Health Insurance Portability and Accountability Act (HIPAA)
    Security Rule

    . October 23, 2008
  • NISTIR 7497:
    Security Architecture Design Process for Health
    Information Exchanges (HIEs)

    . September 30, 2010
  • SP 1800-1:
    Securing Electronic Health Records on Mobile Devices

    July 27, 2018
  • SP 1800-8:
    Securing Wireless Infusion Pumps in Healthcare Delivery

    . August 17, 2018
  • SP 1800-24:
    Securing Picture Archiving and Communication System
    (PACS): Cybersecurity for the Healthcare Sector

    . December 21, 2020
  • SP 1800-30:
    Securing Telehealth Remote Patient Monitoring
    Ecosystem (2nd Draft)

    . May 6, 2021

Each document is available for free download from the NIST website.

Standard Cybersecurity Protocols

In addition to health information-specific safeguards, health information
management security should assure adherence to standard cybersecurity
protocols, such as:

  • Deployment of enterprise firewalls, anti-virus applications, and data
    loss prevention programs
  • End-to-end data encryption
  • Biometric access controls to regulate physical facility and digital
    data access
  • A DevSecOps approach to health application development and testing,
    where security is integrated into the software development lifecycle
  • Audited data backups, especially as ransomware is rampant
  • Well-exercised disaster recovery and business continuity plans
  • Regular security awareness training for all employees, business
    partners, and other health information management stakeholders


[return to top of this

Large health organizations that do not yet have a CIO or equivalent
executive-level position should consider creating the role. A traditional
organizational structure in which IT, clinical engineering, and medical
personnel operate independently without coordination is not the most
effective way to deal with today’s technology. In creating the CIO
position, organizations will need to clearly define the CIO’s level of
authority. This can be difficult because the CIO’s domain spans multiple
departments. Ideally, the CIO will have the ability to direct or at least
heavily influence purchasing decisions in both clinical engineering and
IT. Also, he or she will be able to set policies for creating, storing,
and transmitting information.

To succeed in this role, the CIO will need to understand computer and
medical technology and to understand overriding business concerns such as
budgeting and regulatory compliance. Often, the CIO can be more effective
if he or she is not part of the IT or clinical engineering department.
This way, the exec will be able to more objectively make decisions about
outsourcing and other difficult issues without territorial considerations
such as trying to protect the interests of direct co-workers.

Most small and medium-sized health facilities, however, will not have the
budget to hire a dedicated CIO. Despite this, such organizations should
still implement some health information management techniques. These
techniques include, but are not limited to:

  • Balanced scorecard processes for measuring business performance
  • Earned value management calculations for estimating and tracking
    schedules and budgets
  • Training a cross-departmental team to carry out tasks
  • Grouping projects into categories based on factors such as clinical
    importance and dependence on other projects


[return to top of this


[return to top of this