University of Michigan Medical School Data Governance Council Charter

University of Michigan Medical School Data Governance Council Charter 1

Table of Contents 1.0 SIGNATURE PAGE 2.0 REVISION HISTORY 3.0 PURPOSE OF DOCUMENT 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS Figure 1 University of Michigan Medical School Data Governance Manifesto 4.1 DATA GOVERNANCE DEFINITION 4.2 DATA GOVERNANCE VISION 4.3 DATA GOVERNANCE GOALS 4.4 DATA GOVERNANCE PRINCIPLES 5.0 DATA GOVERNANCE COUNCIL 5.1 MISSION 5.2 MEMBERSHIP 5.3 ROLES & RESPONSIBILITIES Figure 2 University of Michigan Medical School Data Governance Program Roles & Relationships 5.3.1 Data Steward 5.3.2 Data Manager 5.3.3 Data User 5.3.4 Application Steward TBD 5.3.5 Analytics Steward TBD 5.4 MEASURING SUCCESS Figure 3 Data Governance Program Timeline 5.5 PRIORITIES 5.6 PROCESSES 5.7 SCOPE 5.8 COUNCIL OPERATING GUIDELINES 4.8.1 Meeting Frequency 4.8.2 Meeting Agenda 5.8.3 Meeting Format 5.8.4 Meeting Roles and Responsibilities 5.8.5 Materials 5.8.6 Emergency Meetings 5.8.7 Minutes 5.8.8 Decision Making 5.8.9 Issue Resolution 5.8.10 Escalation 5.8.11 Communication Plan 6.0 BIBLIOGRAPHY 7.0 DEFINITIONS 2

1.0 SIGNATURE PAGE This Charter was prepared by the Data Governance Task Force. The Task Force members are below. Name Organization Role Signature Connie Bridges Amy Campbell Medical School Dean s Office Medical School Chief Administrator's Office Chief of Staff Project Manager Matt Comstock UMHS Finance Sr. Finance Executive Mary Hill Kyle Kerbawy David Roberts Julie Walsh Medical School Information Systems Medical School Information Systems Medical School Information Systems Medical School Space Information, Analysis & Planning Director, Data Management Services Medical School Enterprise Data Architect Director, MSIS Governance Director, Space Management 3

2.0 REVISION HISTORY Date Author Version Description of change 9/30/14 D. Roberts 1.0 Original Release D. Roberts 1.1 Incorporated input from Gartner Research Analyst, modified colors of manifesto image, added Steering Committee to Relationships diagram. 4

3.0 PURPOSE OF DOCUMENT As the Charter for the UMMS Data Governance Council, this document establishes the Council s foundational operating norms and is a key element of the overall Data Governance framework. It introduces a framework and processes, establishes decision rights, and outlines issue and resolution. It summarizes the data governance council's responsibilities and credentials and defines an auditable decision making process for the data governance council. This Data Governance Council charter provides the following foundational elements that will guide the Council and the overall Data Governance Program: 1. Definition that will be used by the Medical School to define data governance. 2. Vision encapsulating the aspirational view of what Data Governance will mean for the Medical School. 3. Goals that the Data Governance Program will strive to achieve. 4. Principles that will guide and enable future policy, process and decision making. 5. Mission highlighting the main purpose of Data Governance Council. 6. Members of the Council and their responsibilities and authority. 7. Roles & Responsibilities of Council members. 8. Measures for determining success and effectiveness. 9. Scope to define the data boundaries that will be governed. 10. Priorities that will determine where the Council will focus initially and how data governance will mature over time. 11. Processes used by the Council to carry out its mission. Further strategic and operational deliverables, supporting the implementation and ongoing management of Data Governance, will be documented in the UMMS Data Governance Playbook. The following elements are the foundation for the Data Governance Program and will be used to guide the Council in setting policy, strategy and in making decisions. 4.0 DATA GOVERNANCE PROGRAM FOUNDATIONAL ELEMENTS The following section contains the foundational elements established by the council on behalf of the Data Governance Program. The Data Governance Council will be use these foundational elements to guide the Council in with policy, strategy, decision making and processes. The context of these foundational elements are illustrated in the below Data Governance Manifesto graphic. Details behind this graphic are contained in the Data Governance Program Playbook. 5

Figure 1 University of Michigan Medical School Data Governance Manifesto Permission to use this graphic was granted by Robert Seiner KIK Consulting & Educational Services, LLC (July 2014). This graphic was tailored for UMMS. 4.1 DATA GOVERNANCE DEFINITION The Medical School will adopt the following definition of data governance. Data governance is the system consisting of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, use, storage, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient 1 use of information in enabling an institution to achieve its goals. 4.2 DATA GOVERNANCE VISION The Medical School will adopt a two part data governance vision that will guide future strategy and implementation. For Information UMMS information is managed as a core institutional asset making it a key 1 Modified version taken from Data Governance Institute and Gartner 6

differentiator by enabling UMMS to make unique, strategic and operational decisions and faster medical discoveries made possible by focusing on, accuracy, accessibility, curation, protection and discovery. For Governance Data governance at UMMS fosters a shared responsibility for effective stewardship and custodianship of data entrusted to the Medical School and promotes a governance philosophy grounded in institutional integrity, service, collaboration, and respect as well as commitments to excellence and accountability. 4.3 DATA GOVERNANCE GOALS Consistent with the University's Institutional Data Resource Management Policy 601.12, the UMMS Data Governance program goals will include: Ensure establishment, maintenance, and delivery of secure, confidential, trustworthy, stable, reliable, and accessible collections of institutional data for shared access by the University community. Maximize the value received from the data asset by increasing the understanding and use of the data. Manage the lifecycle of data to lower infrastructure costs, meet retention requirements and improve business agility. Provide an integrated view of the functions of the Medical School. Improve direct access to data by end users in accordance with institutional policies and state and federal privacy and security laws and regulations. Support the University's strategy to incorporate information technology as an integral part of decision making, competitive positioning, and delivery of services. Manage information as a strategic asset to improve the quality of services to the Medical School, and University communities. Increase the University s transparency and accountability to external stakeholders and the public by promoting access to relevant information. Provide data management services which result in the highest quality data to all units to help maximize the efficiency and effectiveness of their processes. Implement and maintain security policies and procedures to protect the data resource. Provide metrics which measure the benefits, usage and adherence to 2 governance policies. 4.4 DATA GOVERNANCE PRINCIPLES The Data Governance Program and Council will adopt the following set of principles that 2 Added and not part of 601.12 7

will guide decision making, policy and process: 1. From MY data to OUR data 2. Data governance is everyone s responsibility 3. First time right time, every time 4. Avoid risk and compliance issues Details for each of these principles are available in the Data Governance Playbook. 5.0 DATA GOVERNANCE COUNCIL 5.1 MISSION The UMMS Data Governance Council will be accountable for establishing and maturing formal data governance for the Medical School. At its highest level, the Council with have a three part mission: Proactively define and align process, policy and rules. Provide ongoing, boundary spanning collaboration and services to protect the needs of information stakeholders. Mediate and resolve conflicts pertaining to data. The Council will also seek to: Initiate and support UMMS data initiatives, projects and services that benefit data stakeholders and the Medical School as a whole with emphasis on freeing the data to make it more accessible for better informed decision making. Provide a centralized mechanism for identifying, investigating and resolving Medical School level data related issues and their root causes, as well as to ensure that those resolutions are effectively communicated to stakeholders. Provide ongoing leadership and knowledge transfer regarding data governance and data management best practices to all UMMS data stakeholders. Converge information management efforts across organizational boundaries, including both functional and information technology groups. Assert core principles of information management to guide the various functions of the Medical School. Further the discussion and understanding of the value of information to the organization. 5.2 MEMBERSHIP Council members will be appointed by and guided by Executive Sponsorship Group. The Dean s Cabinet will provide overall executive sponsorship for UMMS Data Governance. The Executive Sponsor Group will appoint Council members who are directly accountable for an information domain or functional area (Compliance, Regulatory Affairs, etc.) critical to governing data. 8

It is anticipated that UMMS data governance will align with UMHS data governance once established and Executive Sponsorship realigned at that time. The responsibilities of the Medical School Executive Committee are very limited and narrow in scope. They include: Approve policies proposed by the Council ( Consistent with Medical School Governance protocol). Review annual reports put forward by the Council The responsibilities of the Executive Sponsor Group are: Becoming educated in what data governance means, how it can and will work for the Medical School and what it means to embrace data governance. Sponsoring, approving, championing the Medical School data governance. Communicating with departments and functions the expectations and requirements for data governance. Holding the Data Governance Council accountable for ensuring data governance is successful according to success metrics. The Council maintains the authority and accountability to make responsible decisions for the betterment and improvement of data quality, data usefulness, data accessibility and data value. The Council members will have the authority to carry out the following responsibilities: Monitor and enforce conformance with data policies, standards, and architecture. Identify and prioritize data initiatives. Approve artifacts critical to data governance i.e. data standards, data models, tools, etc. Operationalize data governance into member areas by actively promoting improved data governance practices including business process modifications. Making decisions at a strategic level in a timely manner. Tracking and resolving issues identified by data Data Managers and Data Users. Establishing and tracking key metrics and reporting them to the Executive Sponsor Group. 5.3 ROLES & RESPONSIBILITIES The roles illustrated in Figure 2 represent those of the overall Data Governance program. The Data Governance Council will be comprised primarily of Stewards and also include representation from Data Managers and Data Users as well as representatives from key functional areas. 9

Figure 2 University of Michigan Medical School Data Governance Program Roles & Relationships 5.3.1 Data Steward Institutional Data shall have one or more designated stewards. As defined by U M (Appendix B), Executive Officers of the University are considered Data Stewards. However, this role is typically delegated to senior administrators responsible for functional operations such as Finance, Human Resources, Student Services and other activities that involve institutional information processing. Data Stewards represent a data domain and seek the input and requirements of the Data Users. They communicate policy and collect feedback from the users of the data they steward. Data stewards ensure applicable federal, state and university policies, standards, regulations and laws are met with regard to data in their respective areas. Data stewards have responsibility to restrict exposure of sensitive information to those specific situations where it is essential and appropriate. 3 The fundamental responsibilities of a data Steward include: Ensuring the integrity of the data throughout the data s life cycle. Sharing data appropriately but widely with other members of the University 3 University of Michigan Statement on Stewardship 10

community to improve operations and avoid unnecessary duplication. Understanding and abiding by the principles of data access, privacy and management. Collaborate with other Data Stewards for enterprise needs. Define business definitions in the business data repository to ensure data is used appropriately. Handling all university data according to the University's data management policies, regardless of whether the data relate to your department or to another University department. Learning, following and upholding the laws and policies that protect information from unauthorized access, alteration, disclosure or destruction. Storing information obtained under secure conditions and making every reasonable effort to maintain the privacy and confidentiality of the data. Disposing of confidential data, when finished using them, in an appropriate manner. Prior to sharing data with others, ensuring that the recipient is authorized to access/ view such information and understands his/her responsibility as a user. Establishing rules for purging and archiving data, taking into account requirements for maintaining, preserving, securing and accessing historical data according to regulatory and university policy. Collecting data with careful consideration to the amount of information needed to serve a defined, legitimate and current institutional purpose. Using data only for the purpose for which they were collected. Other, more detailed accountabilities and responsibilities can be found in the Medical School Data Governance Program RACI matrix located on the Medical School Data Governance Website.The RACI matrix describes the roles and responsibilities in completing tasks and deliverables. 5.3.2 Data Manager Data Managers are the managers and/or administrators of systems or media on which data resides, including but not limited to personal computers, laptop computers, PDAs, smartphones, departmental servers, enterprise databases, storage systems, magnetic tapes, CDs/DVDs, USB drives, paper files and any other removable or portable devices. Data Managers are typically performed by someone in an IT type of role (but not necessarily always in an IT organization). Data Managers are responsible for implementing and administering control over the resources according to policies and parameters provided by data stewards. Data Managers are responsible for the technical safeguarding of sensitive information, including ensuring security transmission and providing access control systems approved by data stewards to prevent inappropriate disclosure. Prior to sharing data with others, ensuring that the recipient is authorized to access/ 11

view such information and understands his/her responsibility as a user. Direct users and other Data Managers to the best source of the data including the dataset that is as close as possible to the source. Learning, following and upholding the laws and policies that protect information from unauthorized access, alteration, disclosure or destruction. Establishing procedures and practices for purging and archiving data, taking into account requirements for maintaining, preserving, securing and accessing historical data according to university policy and those requirements set forth by the data steward. Provide data access reports to the appropriate data steward on a regular basis. Interpreting and presenting data in a professional, accurate manner. Storing information under secure conditions and making every reasonable effort to maintain the privacy and confidentiality of the data. Disposing of confidential data, when done using them, in an appropriate manner. 5.3.3 Data User Data Users are any individuals who, in order to fulfill their job duties and responsibilities, require access to information. Specific questions about the appropriate handling or usage of a specific information resource should be directed to the Data Steward responsible for that area. The fundamental responsibilities as a Data User include: Interpreting and presenting data accessed in a professional, accurate manner. Interpreting and presenting data consistent with the Data Stewards definitions and guidelines. Understanding and complying with all applicable University policies, procedures, and standards for dealing with sensitive information and its protection. Storing information under secure conditions and making every reasonable effort to maintain the privacy and confidentiality of the data. Disposing of confidential data when finished using them, in an appropriate manner. 5.3.4 Application Steward TBD It is possible that an Application Steward may be necessary to help instantiate data governance at the application level however, at this time this role will not be implemented. 12

5.3.5 Analytics Steward TBD It is possible that an Analytics Steward may be necessary however, at this time this role will not be implemented. 5.4 MEASURING SUCCESS The ability to measure success will be crucial to maturing data governance and the Executive Sponsor Group will hold the Council accountable for reporting on success. Articulating success will ensure continued commitment from stakeholders at all levels. Success measures are best described by statements of quantifiable business value and will be determined by the Data Governance Council. Success will be measure in terms of a three year timeline with explicit goals identified in each year. Figure 3 Data Governance Program Timeline The following are dimensions of information by which Data Governance effectiveness will be measured. The Council will establish specific metrics for each dimension and will be held accountable to these metrics by the Executive Sponsor Group. 1. Accessibility 2. Consistency 3. Accuracy 13

4. Completeness 5. Relevance 6. Uniqueness 7. Timeliness 5.5 PRIORITIES The Data Governance Council will practice a cultural philosophy that believes in governing data to the least extent necessary to achieve the greatest common good for the Medical School. The Council will begin with a broad vision and framework, but limited application, and expand the governance function incrementally, only as needed, and no more. This will ensure a narrow focus by choosing meaningful data targets aligned with Medical School priorities. To improve data governance maturity over the time, it is recommended that a phased approach should be taken with targeted focus and growth. As the governance scope grows and expands, the maturity level also steps up. Data Governance will be accomplished most effectively as an on going program and a continuous improvement process. A typical data governance implementation has a focus on one of five different areas. Policy, standards and strategy Data quality Privacy compliance and security Data architecture and data integration Data warehouse and business intelligence Increasing access to data, across all members of the Medical School is an important strategic goal of the Council and therefore the Council will focus on Policy, Standards and Strategy. This does not mean that there cannot be activities in the other focus areas however, the Council will place a high priority on Policy, Standards and Strategy where gaps exist. 5.6 PROCESSES Process describes the methods used to govern data. Ideally, these processes should be transparent, standardized, documented, and repeatable. They should be crafted in such a way to support regulatory and compliance requirements for Data Management, Privacy, Security, and Access Management. The Data Governance Council will decide how much structure and formality to bring to the process of governing data. The Data Governance Institute recommends (and routinely implements) formal, documented, repeatable procedures for: 1. Aligning Policies, Requirements, and Controls 2. Establishing Decision Rights 3. Establishing Accountability 14

4. Performing Stewardship 5. Managing Change 6. Defining Data 7. Resolving Issues 8. Specifying Data Quality Requirements 9. Building Governance Into Technology 10. Stakeholder Care 11. Communications 12. Measuring and Reporting Value 5.7 SCOPE Following the recommendation of the Executive Sponsor Group, the Council will initially limit its scope to Medical School administrative data ie. grants administration, faculty, and financial data followed next by education data i.e. students, admissions, assessments, evaluations, curriculum, and then by secondary use clinical data used for research purposes. The scope of data to be governed will include: Data (including metadata) originating from any systems of record owned by the Medical School. Data created by a UMMS workforce member (see definitions). All Institutional Data managed by UMMS units that may be used for administrative, medical research, academic, or educational research activities. All categories of data, regardless of the medium in which the data is held or transmitted (e.g. physical or electronic). The scope does include data created or collected outside of the Medical School s systems of record to the extent that is possible. Consistent with the data governance policy (to be drafted) UMMS will act as the Data Manager of this type of data and the steward of data that is used to enrich the non UMMS data. It should be noted that those data, like all University related data, are subject to the requirements of U M Standard Practice Guide policy Institutional Data Resource Management Policy 601.12. 5.8 COUNCIL OPERATING GUIDELINES To facilitate the operationalization of the Data Governance Program, there are a number of tactical guidelines that will be implemented. 4.8.1 Meeting Frequency During the start up phase of the Program and Council, the Council will meet weekly 15

to establish operations and productive working relationships. Once a routine agenda, processes and training are well established it is expected that the Council will meet less frequently. 4.8.2 Meeting Agenda The Council meeting agenda will be finalized under the direction of the Council Chairperson. The agenda will consist of a consolidated list of items submitted by Stewards and Council members including but not limited to the following items in the agenda: 1. Roll call 2. Assessment of quorum 3. Review of completed and remaining action items from prior meeting 4. Review issues a. Assign new issues b. Status existing issues c. Assign resources and prioritize issues 5. Review metrics The meeting will be concluded by a quick summary of items discussed, decisions made and new action items. The data governance council should keep a work plan that includes periodically evaluating data governance precepts against business strategic plans, risks, priorities, goals, industry standards, and regulations. They should also routinely evaluate data risks facing the organization. 5.8.3 Meeting Format Meetings may be in person, via telephone, videoconference, or similar means. 5.8.4 Meeting Roles and Responsibilities Initially, the Council Chairperson is responsible for facilitating the meeting but may designate an alternate as necessary. The Council Chairperson will send out the agenda for the meeting, arrange the invitations for the meeting, record meeting notes, and coordinate follow up activities regarding action items, issues, and risks. 5.8.5 Materials All materials, including agenda items, will be distributed at least two business days in advance of each meeting to all team members. Each member is responsible for confirming appropriate review of materials by that member s area of responsibility. 5.8.6 Emergency Meetings Emergency meetings may be called by any member of the Council. Advanced timing of materials is waived; materials may be presented at the time of the meeting. All documentation standards must be upheld. 16

5.8.7 Minutes The Council Chairperson will provide a mechanism to record the minutes of each meeting and maintain all records relating to the meetings in a central repository. All minutes will be completed no later than 48 hours following the meeting. 5.8.8 Decision Making Business or technical experts may be invited to attend scheduled meetings to provide input to the decision making process and will be called upon as required. 5.8.9 Issue Resolution All issues will be formally tracked and will be addressed using the Council s formal Issue Resolution Process. 5.8.10 Escalation Issues that cannot be resolved by the Council will be escalated to the Medical School Executive Committee consistent with Medical School Governance protocol. Beforehand, the Dean s Cabinet may review and provide a recommendation to the Medical School Executive Committee. Medical School Executive Committee is the highest escalation point, and all decisions are final. 5.8.11 Communication Plan Clear, ongoing, and two way communication from the Council to the stakeholders will be provided. Key decisions will be communicated in writing with a detailed explanation of how the decision was reached. A master tracking log will be maintained by the Chairperson to track all issues, risks, escalations, decisions, actions required, owner of the action, and resolution to verify implementation of the decisions made at the meetings. Record keeping should provide a clear history of which stakeholders were involved in resolving an issue, what resources/analysis was used, and what alternatives were considered. All issues require a clearly worded resolution before being closed, as well as the identification of the type of communication required as a result of the resolution. 6.0 BIBLIOGRAPHY The following sources were used to compile this charter. Direct credit was given where exact duplicates were used. University of Michigan Standard Practice Guide, Institutional Data Resource Management Policy KIK Consulting and Educational Services. LLC Deloitte Consulting 17

Data Governance Institute University of Hawaii 18

7.0 DEFINITIONS INSTITUTIONAL DATA refers to a data element which satisfies one or more of the following criteria: It is relevant to planning, managing, operating, controlling, or auditing administrative functions of an administrative or academic unit of the University; It is created, received, maintained, or transmitted as a result of educational, clinical, research or patient care activities; It is generally referenced or required for use by more than one organizational unit; It is included in an official University administrative report; It is used to derive an element that meets the criteria above; It is generated by a University workforce member or agent using any of the above data. PUBLIC DATA refers to data whose disclosure to the general public poses little or no risk to the University s reputation, resources, services, or individuals. PRIVATE/CONFIDENTIAL DATA refers to data whose unauthorized disclosure may have moderate adverse effect on the University s reputation, resources, services, or individuals. This is the default classification category and should be assumed when there is no information indicating that data should be classified as public or sensitive. SENSITIVE DATA refers to data whose unauthorized disclosure may have serious adverse effect on the University s reputation, resources, services, or individuals. Data protected under federal or state regulations or due to proprietary, ethical, or privacy considerations will typically be classified as sensitive. WORKFORCE MEMBER refers to any faculty, staff, student, volunteer, trainee, or other person whose conduct is under the University's direct control, whether or not the University pays them for their services. SYSTEM OF RECORD refers to an information storage system (commonly implemented on a computer system ) that is the authoritative data source for a given data element or piece of information. METADATA refers to information that describes various facets of an information asset to improve its usability throughout its life cycle. e.g. for an X ray as a content object; the metadata includes the doctor's name, patient's name, date of image and the body part subjected to the X ray. 19