Data governance and data protection

Data governance

As this document Data Governance in Public Health from PAHO states, 'Data governance is a set of practices for making decisions about data and for managing data throughout its lifecycle to optimize the organization’s capability to use data to generate information that informs policy, strategy, and operational management...Data governance functions should include defining accountabilities, prioritizing investment requirements, establishing policies, implementing processes, setting standards, managing risks, and monitoring performance related to data throughout its lifecycle...Any organization that collects, manages or uses health data should implement data governance practices.

Data governance is an organizational capability. Organizations should expect that it will take investments of both time and resources to implement and strengthen data governance. Data governance is a journey of continuous improvement.

To plan, implement, and continuously improve data governance, organizations should consider people, processes and technology.'

Please download the document Data Governance in Public Health and examine the table in it for more detail.

Data protection

The importance of protecting the privacy of information collected in health information systems (HISs) is becoming increasingly apparent. This is a problem exacerbated by the online nature of most systems.

The World Health Organisation has published 'The protection of personal data in health information systems – principles and processes for public health. Copenhagen: WHO Regional Office for Europe; 2020. Licence: CC BY-NC-SA 3.0 IGO.' Here are their conclusions, but we suggest that you explore the whole document here.

'Compliance with data protection requirements is a challenge for the entire public health community, and specifically for all institutions actively involved in the management of HISs. Notably, the gradually increasing regulatory pressure over the last decades is forcing the public health sector to adjust its policies and practices regarding processing of personal data. It is important to demystify data protection and to provide guidance on how to set up public health measures that comply fully and serve the community. Safeguarding data protection in public health involves new and significant challenges, as technological advances expand the frontiers of areas such as surveillance, Big Data and cloud data storage. Consequently, it is of great importance that public health institutions are equipped to balance the different fundamental rights at stake, and to apply the principles of data protection.

Data protection is not rocket science: it requires legal and technical artisanship, the allocation of adequate resources and the training of all professionals involved in the processing of personal data. Data protection is not a one-off activity but a continuous effort that is based on an institutional vision, a governance concept and a willingness to be accountable. This accountability, based on a thorough risk assessment, builds on the documentation of data protection activities and
persistent internal and external oversight.

While doing justice to all these aspects and requirements may sound overwhelming at first, the most important thing is to get started, even if the start is less ambitious and more a piece-meal
approach than a holistic concept.'