The best survey I’ve seen of information governance issues for EHR’s and eHealth in general is a white paper prepared by Canada Health Infoway titled Information Governance of the Interoperable Electronic Health Record (EHR). While the paper restricts its scope to privacy and security matters, it inevitably touches on governance issues that can be applied across the spectrum of eHealth risk. This is an important educational resource and essential reference for all students of eHealth risk management.
The paper raises many issues that need to be resolved before an interoperable EHR can become a reality. For example it acknowledges what I believe to be the biggest problem in privacy risk management - the problem of what to do with the results of privacy impact assessments.
“Although substantial expertise exists across Canada in the conduct of PIAs, few best practices or policies have been developed to monitor the implementation of privacy risk mitigation strategies and to integrate privacy monitoring and PIA revisions into the change management process. Developing programs to ensure continuous privacy management is an issue that will need to be addressed as part of effective EHR information governance.” (page 15)
The paper doesn't have all the answers, but it does ask the right questions. This is a must read.