Abstract
The rapidly changing healthcare market requires healthcare institutions to adjust their operations to address regulatory, strategic, and other risks. Healthcare organizations use a wide range of IT systems producing large amounts of sensitive and confidential data. However, few tools are available to measure the data governance activities of healthcare institutions and align healthcare data management with legislation. The Governance, Risk, and Compliance (GRC) Model focused on integrating that ability to achieve organizational goals. The demand for corporate governance is crucial for protecting the healthcare system from risks. An adaptation of a modified version that includes strategy, processes, technology, people, as well as legal and business requirements was developed to analyze the factors affecting IT GRC implementation in healthcare organizations. Although about 48% of participants reported that their organizations implemented IT GRC programs, 16% stated that they are considering implementing IT GRC programs soon. In almost 71% of healthcare organizations, IT governance, risk management, and compliance are integrated. Among the factors influencing the implementation of IT GRC programs in Saudi healthcare organizations, legal context ranked as the most critical, followed by process, strategy, then technology, business, and finally, people contexts. This study shows that healthcare organizations must assess various factors for the effective implementation of IT GRC activities.
Highlights
Increasing economic uncertainty, evolving market trends, and expanding regulations are escalating health organizations’ risk exposure [1]
Maintaining competitiveness and managing risk in the healthcare environment requires new actions, plans, and strategies. These changes have been facilitated by updated government regulations, organizational structures, accountability measures, and the relationship between consumers and healthcare providers [2]
Among organizations that implemented the IT GRC program, 71.9% of the participants stated that their organizations have an integrated IT GRC program that covers all of governance, risk management, and compliance processes. 77.4% of the participants reported that the person in charge of IT GRC in the organization is from the IT department (i.e., Chief Information Officer (CIO) or equivalent or another IT director)
Summary
Increasing economic uncertainty, evolving market trends, and expanding regulations are escalating health organizations’ risk exposure [1]. Maintaining competitiveness and managing risk in the healthcare environment requires new actions, plans, and strategies These changes have been facilitated by updated government regulations, organizational structures, accountability measures, and the relationship between consumers and healthcare providers [2]. The emergence of IT GRC as an approach for protecting healthcare organizations from excessive risk and removing growth barriers has been due to numerous factors. Due to increased media attention, data breach, and the increasingly complex healthcare regulatory environment, board members and executives are more thoroughly accustomed to how their healthcare organizations operate. This increased scrutiny has ensured that the individuals in the governance have timely and accurate information regarding their organization. These individuals have the capability of making decisions that ensure compliance, prevent unnecessary risk, and reduce the impacts and chances of regulatory penalties and patient litigation [10]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
