Executive Summary

This content highlights emerging trends in data governance planning tailored to medical health research. As healthcare becomes increasingly data-driven, strong governance frameworks are essential for protecting sensitive patient information and avoiding ethical, legal, and financial risks. The discussion defines data governance as the policies, technologies, and regulations that guide data throughout its lifecycle, emphasizing its critical role in research environments. Key innovations—such as automation, AI-driven tools, cloud solutions, and Data Governance as a Service (DGaaS)—offer greater efficiency, scalability, and security but also require careful and strategic implementation. A central message stresses that health data must be treated as an extension of the individuals it represents, making patient privacy and trust foundational to any governance strategy. The content ultimately calls for a balanced approach that embraces technological advancements while upholding the highest ethical standards, ensuring that healthcare research can progress responsibly and sustainably. Together, these principles support a future where data-driven medical discoveries are both impactful and ethically grounded.

Introduction

Data governance refers to the “technical, policy, and regulatory frameworks to manage data along its value cycle — from creation to deletion — and across policy domains including health, research, public administration, and finance”^[1]. More specifically, data governance guides technology, processes, and people to ensure consistent accessibility, security, usability, and quality of the organization’s data^{[2] [3]}. It also facilitates the implementation of an organization’s data strategy.^[4]

While data governance principles are relevant to many domains, we will focus on data governance in the context of medical health/healthcare research. The World Bank highlights the particular importance of data governance within the context of health-related data:

“Data are a double-edged sword (World Bank, 2021) …[promoting] the use and reuse of data is crucial to achieving [health] benefits, but… [also increases the] …potential for abuse. This is why data governance is important, especially in the context of sensitive data concerning health.”^[5]

Failure to properly implement data governance when conducting health-related research has serious consequences including, but not limited to, leaking sensitive personal details about a patient, loss of an organization’s reputation, and possible financial and legal repercussions for the organization at fault^[6]. HIPAA violations, for example, may result in both civil and criminal penalties (including hefty fines and imprisonment)^[7]. When data governance principles are properly followed, medical health research offers a host of benefits, including better patient health outcomes, fewer medical errors, and improved clinical decisions^[8]. Health research also impacts patients by informing policy decisions^{6 [9]}.

Data Governance & Medical Health Research

Given the powerful and indispensable role that medical health research plays in the lives of real people, we will examine data governance trends relevant to health research. We will also explore the connection of each trend to data governance planning. Finally, we will contextualize data governance (general and planning) in relation to healthcare research.

Data Governance Trends

We will focus first on five specific data governance trend umbrellas.

The topics we discuss below are 1) Automation in Data Governance 2) Cloud-Based Data

Governance Solutions 3) Privacy, Security, and Compliance in Data Governance 4) Data Governance as a Service (DGaaS) and 5) Ethics in Data Governance. Each topic is an umbrella of data governance trends in 2024.

Automation in Data Governance

Automation in data governance refers to the use of AI, machine learning, and other automation technologies that support data governance processes. Perhaps a reason for its growing popularity is the efficiency that it affords the organizations and companies who use it^[10]. AI can be leveraged
for a variety of purposes including—but not limited to—automated data governance workflows (e.g., data policy management), detecting and drawing attention to data issues, granting usage permissions, improving data quality, and removing human error from repetitive tasks. Given the sheer amount of data now collected, some may even call automation in data governance a necessity rather than a luxury^[11]. Organizations must do everything in their power to maximize both the quality and the security of the data that comes into their possession.

The use of AI, or any other automation, is also integral to effective data governance
planning. Organizations designing a data governance framework can factor in what tasks can
be completed by an automated system and which tasks need direct human involvement¹⁰. Automation helps organizations develop a more efficient data governance plan that more effectively leverages human brain power where it is needed most, leaving automated systems to carry out the remaining tasks.

Cloud-Based Data Governance Solutions

Another emergent trend is utilizing the Cloud for data governance^{10 11 [12]}. Given that an increasing number of organizations and companies are transitioning to Cloud-based data practices, incorporating Cloud-based data into a data governance framework is becoming increasingly imperative¹⁰. The adoption of Cloud-based data governance solutions is nothing short of revolutionary when considering its many benefits including adaptability, accessibility, and affordability¹². Despite its numerous conveniences, with the Cloud comes increased security risks. Many Cloud platforms, however, have security features baked into the software as well as certifications designed to assist with regulation compliance^{12 [13]}. As the size of the Cloud environment grows, so does the level of needed security to protect the stored data¹⁰. Therefore, the Cloud-based data governance trend is relevant to data governance planning because one of the most important aspects of a data governance plan is determining where the data will be securely stored, who will have access to it, and how unauthorized people will be prevented from accessing it.

Privacy, Security, and Compliance in Data Governance

Data safety (i.e., privacy, security, and compliance) is another vital trend in data governance. Planned and existing data governance frameworks must now ensure compliance with both existing and emerging regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA)¹². Specifically, data governance planning must account for aspects of data safety including the regulatory landscape, data classification, risk management, and consumer rights.

The regulatory landscape refers to the increased need for data governance to fully comply with all existing and emerging regulations¹². Increased vigilance of privacy, security, and compliance also requires consistent and intentional surveillance to ensure that every regulation is met. The next aspect of data safety, known as data classification, is the process of identifying personal data that needs to be kept confidential, categorizing it as such, and implementing necessary safety measures to protect it. Risk management, in a similar vein, is another part of safety in data governance. This element consists of periodic and regular assessments of potential risks to the data.

The fourth aspect of privacy, security, and compliance in data governance is consumer rights. This refers to a data governance framework’s responsibility to uphold the consumer rights enumerated in any pertinent regulations^{10 12}. Companies are now held more accountable for how they handle and protect customer data¹⁰. Indeed, an organization’s data governance plan must be airtight in order to preserve regulation-granted rights. Taken together, the various aspects of this trend are relevant to data governance planning as all developing data governance frameworks must comply with privacy and security regulations¹².

Data Governance as a Service (DGaaS)

Another noteworthy trend is Data Governance as a Service (DGaaS), described as programs that provide “expertise, tools, and frameworks that help organizations establish and maintain robust data governance practices without the need for extensive in-house resources”^[14]. In other words, DGaaS involves outsourcing a data governance plan to ensure that collected data is maximally secure and well-managed¹¹. The impact of a DGaaS framework is manifold, as it provides organizations with a budget-friendly option that helps achieve data compliance, access new business opportunities, and streamline data movement processes^[15]. DGaaS also facilitates organizational collaboration and fosters maximum usage of the data^[16].

As mentioned previously, perhaps the most redeeming quality of DGaaS is that it enables strong and effective data governance plans in collaboration with organizations that lack the skills or resources to design and implement a robust data governance plan on their own¹⁴. DGaaS is a relevant trend to data governance planning because this service is how some organizations are able to obtain a data governance plan in the first place. In other words, DGaaS makes airtight data governance frameworks accessible to a much wider population than they otherwise would be if they were limited to organizations that possess in-house resources.

Ethics in Data Governance

The final data governance trend we will discuss, ethics in data governance, is one that is relevant to most all other aspects of data governance. Data governance ethics includes many of the aspects named above (e.g., accountability, consent, transparency, privacy, and usage)^{10 12}. As such, this trend overlaps with those previously mentioned. Data governance ethics are relevant to automation in data governance, Cloud-based data governance, data governance safety (privacy, security, and compliance), and Data Governance as a Service (DGaaS). All of these trends in data governance must be implemented in a way that prioritizes ethical practices. Data governance ethics are relevant to data governance planning because all data governance frameworks must incorporate ethical practices. This trend particularly dovetails with aspects such as data safety and Cloud-based data governance. Effective data safety and secure Cloud-based data governance solutions are only possible if ethical practices are built into data governance plans. For example, data governance frameworks must be designed to comply with regulations such as GDPR, CCPA and HIPAA.

Relevance to Medical Health (Healthcare)

We will now discuss insights and innovations relevant to both data governance trends and medical health/healthcare research. First, we will explore the relationship between general data governance and healthcare research. Following this exploration will be a discussion of how data governance planning is relevant to healthcare research.

General Data Governance and Healthcare Research

As one group of scholars stated, we have seen a contemporary “datafication of healthcare”[17]. This highlights the indispensable need for proper data governance in healthcare data and research. This is particularly true given the distrust that many people have towards research conducted using their medical data. Public distrust of the healthcare system is not unwarranted, given historical abusive practices perpetrated in the name of research[18] [19]. With these past abuses taken into account, the importance of data governance in medical health research cannot be overstated. Healthcare systems have the responsibility to treat both patients and their data with respect not only because it is the right thing to do but also because potential research participants will likely not consent if they lack confidence in the researchers’ interest in their wellbeing¹⁷. However, if health researchers are truly prioritizing human wellness and safety—as they purport to do—treating potential participants with respect should not be an issue¹⁷.

According to the Organization for Economic Co-operation and Development (OECD), prioritizing both cutting edge research and human privacy is not only possible but imperative[20]. In OECD’s health data governance guide, they support health research so long as it “enables significant improvements in patient health, healthcare quality, and performance and, thereby, the development of healthy societies while, at the same time, continuing to promote and protect the fundamental values of privacy and individual liberties.” The OECD also recommended that international guidelines for health data governance be adopted globally, given its sensitive nature.

Data Governance Planning and Healthcare Research

According to the Pan American Health Organization (PAHO), “any organization that collects, manages, or uses health data should implement data governance practices.”[21] A potential way to help ensure that all organizations in question do have a data governance plan is to provide a universal template for organizations to follow. One group of scholars proposed a “common framework” designed to universally implement the standards of health data governance[22]. This framework is called FED-HD (Federated health data). The FED-HD framework is composed of six tiers, with each tier having its own protocols for accessing and transferring data, among other processes. The tiers consist of: tier 1 (internal TRE [Trusted Research Environment] access), tier 2 (federated controlled), tier 3 (federated aggregated), tier 4 (federated queryable), tier 5 (governed), and tier 6 (hosted). That is, each successive tier in the framework connotes increased data security and access requirements. The FED-HD framework provides a helpful guide for research to follow when making a data governance plan to maximize the security of sensitive medical health data.

Regardless of the nature of a data governance framework/plan for health data, The World Bank provides an outline of the elements that it should contain6. These elements comprise three stages of health data governance planning: an in-take stage, a planning stage, and an execution stage. The in-take stage often involves creating a committee to facilitate the in-take stage tasks. Once formed, the committee conducts a baseline assessment of the current health data circumstances including consideration of the “enabling environment” (e.g., leadership and governance, workforce, etc.) and the “information and communication technology environment (e.g., infrastructure, services, and applications)⁶. The planning stage consists of tasks such as identifying key people to include in the framework development process, developing the data governance framework, ensuring that it meets existing data governance policies (HIPAA, etc.), deciding whether to apply it on a national (or international) scale, and protecting it from anticipated future risks. The final step of the process, implementation involves aspects such as budgeting to make the framework launch possible, going live with the framework, and consistently monitoring and evaluating the data governance framework.

Although the stages are illustrated linearly, we posit that strong data governance frameworks are products of a cyclical approach. For example, if an issue is found in stage 3, the committee should return to stages 1 and 2 to assess the current situation and adjust the design of the data governance framework so that issues detected in the evaluation are addressed.

Conclusion

Effective data governance starts with recognizing that data represents real people whose privacy and dignity must be protected. In medical health research, this responsibility is especially important as new tools like automation and AI reshape data management. These innovations must be paired with strong ethical practices, particularly when working with marginalized groups vulnerable to medical discrimination. Governance frameworks should be adapted to the specific communities whose data they protect. By balancing technological advancement with ethical responsibility, organizations can advance research while safeguarding trust and confidentiality.

[1] Organisation for Economic Co-operation and Development. Data governance. https://www.oecd.org/en/topics/sub-issues/data-governance.html

[2] Sullivan, M. Data Governance Essentials: Securing and Managing Your Data. Transcend. https://transcend.io/blog/data-governance

[3] IBM. What is data governance? https://www.ibm.com/topics/data-governance

[4] Knight, M. What is Data Governance? Definition, Types, Uses. Dataversity. https://www.dataversity.net/what-is-data-governance/

[5] World Bank Group. Data Governance in Health. https://documents1.worldbank.org/curated/en/099081723223522777/pdf/P175075036726f0a00832307b7ae23a06a6.pdf

[6] Krishnan, K. 9 best practices for data governance in a healthcare setting. Concentric AI. https://concentric.ai/data-governance-in-healthcare-a-technical-overview/

[7] Baig, A. What Does Data Governance Mean in the HIPAA & Healthcare Industry? Securiti. https://securiti.ai/data-governance-in-healthcare/

[8] IBM. Mastering healthcare data governance with data lineage. https://www.ibm.com/blog/mastering-healthcare-data-governance-with-data-lineage/

[9] Eastwood, B. What is the Role of Data Governance in Healthcare? Health Tech. https://healthtechmagazine.net/article/2023/04/data-governance-in-healthcare-perfcon

[10] Murphy, L. Current Data Governance Trends & Predictions. Secoda. https://www.secoda.co/blog/data-governance-trends

[11] Donovan, M. The Future of Governance: 4 Trends to Watch Out For. Monte Carlo. https://www.montecarlodata.com/blog-future-of-data-governance-4-trends/

[12] Atlan. The Top 12 Data Governance Trends in 2024. https://atlan.com/data-governance-trends/#the-top-12-trends-of-data-governance-in-2024

[13] IBM. What is cloud storage? https://www.ibm.com/topics/cloud-storage.

[14] Muthiaaisyahputri. The Future of Data Governance: Trends and Predictions. Medium. https://medium.com/@muthiaaisyahputri26/the-future-of-data-governance-df8d86aad2c8

[15] Knight, M. Data Governance Trends in 2024. Dataversity. https://www.dataversity.net/data-governance-trends-in-2024/

[16] Duzha, A., Alexakis, E., Kyriazis, D., Sahi, L. F., Kandi, M. A. From Data Governance by design to Data Governance as a Service: A transformative human-centric data governance framework. ACM Digital Library. https://dl.acm.org/doi/fullHtml/10.1145/3616131.3616145

[17] Kerasidou, A. & Kerasidou, C. X. Data-driven research and healthcare: public trust, data governance and the NHS. BMC Medical Ethics. https://bmcmedethics.biomedcentral.com/articles/10.1186/s12910-023-00922-z

[18] Johns Hopkins Medicine. The Legacy of Henrietta Lacks. https://www.hopkinsmedicine.org/henrietta-lacks

[19] Centers for Disease Control and Prevention. The U.S. Public Health Service Untreated Syphilis Study at Tuskegee. https://www.cdc.gov/tuskegee/timeline.htm

[20] OECD. Health Data Governance for the Digital Age: Implementing the OECD Recommendation on Health Data Governance. https://www.oecd.org/en/publications/health-data-governance-for-the-digital-age_68b60796-en.html

[21] PAHO. IS4H Toolkit Knowledge Capsules: Data Governance in Public Health. https://www.paho.org/en/documents/is4h-toolkit-national-is4h-data-governance-framework.

[22] Torabi, F., Squires, E., Orton, C., Heys, S., Ford, D., Lyons, R. A. & Thompson, S. A common framework for health data governance standards. https://doi.org/10.1038/s41591-023-02686-w