Open Health

Platformable logo
Understand
watch12 min read
email

A brief introduction to health data governance policy development

Written by Eric Rochman & Mark Boyd
Updated at Fri Nov 28 2025
featured image

Who should read this:

Health professionals, data practitioners, policy-makers, researchers, and organisations working with health data who want to build or improve ethical, secure, and effective data governance systems

What it’s about:

A brief introduction to health data governance policy to assist practitioners start to move towards preparing a suite of data governance policies that guide their organisation's data activities.

Why it’s important:

A suite of health data governance policies provide a clear overview of how your organisation manages data, why you can be trusted, how you work collaboratively, and what avenues for interaction, complaint, and dispute resolution are available to your network and community. Your policies will guide your decisions on how to define your processes and actions when implementing a cohesive and thorough health data governance framework.

This introductory article provides a short overview of some of the key issues when developing a draft health data governance policy.  We will revisit and expand on policy issues as we progress through the health data governance framework. 

Data governance policy
Your health data governance policies are documented sets of guidelines that ensure your organisation's data and information assets are managed consistently, and used responsibly. You may start with a single policy including sections on data quality, access, security, privacy, and usage, as well as defining roles and responsibilities for implementing those policies and monitoring compliance with them. Over time, as your data governance framework matures, you may wish to separate each subject into its own policy and build out a suite of guidelines.

Establishing health data governance policies for ethical and responsible data management practices

Many organisations start with collecting and using data and find that as they do so, they have no overarching context or clear set of guidelines on how data governance should be implemented. We suggest creating an interim health data governance policy that collates all organisational knowledge in one area and that can help highlight what areas must be further defined as you continue to build out your framework.

Ideally, this policy is written by a data governance team made up of organisational leaders, program leads, and data owners. Often, this role is delegated to one person to draft and is then signed off by an oversight body. An effective data policy has input from different parts of your organisation, including leadership, finance, IT, program managers, and other data owners. How your data policy is developed will depend on your organisational context and role

The policy should be used by the executive team, managers, and everyone in your organisation who collects or uses data. Policies should then inform the processes that are created. Sometimes, a policy includes both the overarching policy context and guidelines, and defines the process that should be followed. 

Your data governance policy formally outlines how you ensure that health data is accurate, accessible, consistent, and protected. The policy also establishes who is responsible for information under various circumstances and specifies what procedures should be used. In addition, it can incorporate risk management and data ethics principles to reduce potential business problems from the use of data.

A data policy is a living document, which means it is flexible, and can be quickly updated to respond to changing needs. Each policy you develop should have a clear date it was approved (and by whom), and when it will be reviewed. It is worth setting up a policy review calendar or automation to make sure you are regularly checking your policy is up to date. While building out the health data governance framework described in these articles, we suggest a regular cadence, perhaps every month to quickly incorporate your most recent thinking.

Importance Of A Data Governance Policy

Data has become one of the most valuable assets held by organisations. Data is now used to plan and monitor strategy, design products and services, prioritise research, improve service delivery, and collaborate with others.

However, data is only a valuable asset if it is relevant to your organisation's needs and objectives, is accurate, and available consistently over time and throughout the organisation. Health data policies describe how you collect and manage data so that it maintains its utility.

Ongoing access to the data your organisation needs is driven by trust. Your data policies define how you will ensure trust is maintained at a high level.

Developing Your Data Governance Policy

Your health data governance policy should be developed drawing on the following:

  • Your organisational mission statement and goals
  • Your data justice principles
  • Consultation with staff and ecosystem stakeholders
  • Participatory mechanisms with your community and patients/users, again drawing on your data justice principles

A well-crafted policy creates a governance framework that empowers the following:

The appropriate level of oversight of your data based on its value and risk.
Consistent, efficient, and effective management of your data throughout the organisation and over time.
Appropriate protection and security levels for different categories of data.
A data governance structure that supports the strategic vision for your data program.

Data Governance Policy Structure

To start, your health data governance policy should include the following, or sign post to other policies or assets where this information is available:

+
An inventory of the data sources being managed within the organisation
+
The goals of the organisation's data governance program and metrics for determining success
+
The roles and position titles of those who will oversee elements of the governance program
+
A description of the expectations for maintaining data quality and data lifecycle management as well as expectations around data integrity and data integration
+
A description of which roles can access which data elements
+
A definition of acceptable data usage
+
A categorisation of the different types of data you collect and manage, depending on whether it's sensitive, confidential, or publicly available, along with the levels of security and protection required at the different levels
+
Any laws and regulations that must be followed and what compliance means for the organisation's data program

We recommend when starting out, first collect any organisational knowledge or existing policies that cover these areas. For example, job descriptions may describe the expectations around roles and data responsibilities that is not held anywhere else. Perhaps your annual reports have explicitly mentioned how you respect community data but this hasn't been written down anywhere else.

Compliance and regulations will be discussed briefly in a follow-up article.

Making Your Own Data Policy

There are two main ways to make your data governance policy: 

Use a Template
You can use a pre-designed template that you can follow and tweak based on your organisation’s needs. We include some template recommendations in the next post that you can use in your organisation.
Run a Workshop
You can also carry out a data policy workshop with your data governance team and draft your policy using a bottom-up approach. We discuss workshop techniques in the next article.
💡 Open Office Hours on Health Data Governance
Join us to discuss your health data governance framework.

We are hosting Health Data Governance Open Office Hours every week for the rest of the year. If you have questions about:

• Our Health Data Governance Framework • How to implement any of the components • Your experiences or difficulties in moving to health data governance • How AI might fit in to your plans

Feel free to join any of these drop-in open sessions.

🗓 Every Friday, 3–4pm CET (10am EST, 2pm GMT)
Add to Calendar
Google Calendar Outlook Web Yahoo Calendar iCal / Apple Calendar

 

Further reading

Example policies from other institutions

Looking to strengthen your health data governance?

Whether you're starting from scratch or refining your approach, Platformable helps you build ethical, equitable, and effective open health data ecosystems.

Contact Us to Learn More →
member image

Eric Rochman

EXTERNAL PARTNER
member image

Mark Boyd

DIRECTORmark@platformable.com

Related article

Platformable logo
Related articles
Resources
BlogLinkedinYoutube
Company
About usMeet an expertBecome a partnerContact us
emaillinkedinyoutubetidal

Join our newsletter community

arrow iconGO TO TOP