Data governance and data management plan (DMP)
1. Data governance and data management plan
Data governance helps us manage data laws, regulations, compliance, and licensing, among many more things.2. Data governance
It is a strategy that outlines the data management policies and standards within an organization or throughout a project’s lifecycle. It details how data is acquired, stored, accessed, managed, and disposed of and aligns any efforts with the responsible data dimensions. Data governance also specifies the roles and responsibilities of people handling the data, such as outlining who is responsible for data security, regular data audits, and model fairness testing. For example, as part of data governance, an HIPAA compliance policy may include a checklist covering key aspects relevant to the project. This policy specifies a person responsible for obtaining informed consent and documenting it and includes storage, access, and security protocols.3. Data governance
A data governance strategy also sets internal processes for data flows within the project and covers the tools and technology used. For example, it can outline metrics and methods for measuring and maintaining data quality at each project stage. This can include bias detection steps and mitigation techniques and how fairness is defined for the project.4. Data management plan (DMP)
A component of data governance is the data management plan (DMP) which is a formal document outlining exactly the what, who, when, and how tasks required to make the project legal and technically and ethically responsible. For example, if the data governance strategy requires regular audits for HIPAA compliance, the DMP specifies the audit frequency, scope, and list of tests to conduct. For health records, DMP specifies that data must be encrypted using AES-256-bit encryption standards and encryption keys to be managed by the data security officer. The DMP is often made available for external audits and demonstrates accountability and transparency.5. Making a DMP
Data governance policies and data management plans are created and approved by multiple stakeholders, including project managers, AI developers, IT security specialists, legal advisors, executives, and more. In some cases, such as in health and medical research, the DMP also needs to be approved by a regulatory body. These policies and documents are not static and should be reviewed and updated regularly.6. Key elements of DMP
There is no standardized format for a DMP, but some AI agencies may provide guidelines or templates. Let’s review some commonly found sections: data collection and consent, data usage, and data security and storage. We’ll explore each section in the context of our AI chatbot.7. Dental chatbot: DMP
For data collection and consent, the DMP will specify the consent process before data is collected, how consent is documented, the type of data being collected, and the patient’s data rights.8. Dental chatbot: DMP
For data usage, the DMP will specify how the data is used in the chatbot, in our case, exclusively for scheduling appointments, providing information on dental procedures, and offering personalized dental care advice. It specifies the access and sharing permissions for the authorized clinic staff and the chatbot development team under strict guidelines. It specifies any prohibited actions, such as data sharing with third parties without explicit patient consent. For data storage and security, it specifies that patient data is stored in encrypted databases within the clinic’s secure cloud storage solution, adhering to HIPAA’s requirements for data protection. It also specifies security measures such as encryption for data at rest and in transit, the authentication methods for database access, and the security audit schedule to identify and mitigate vulnerabilities.9. Let's practice!
That was a quick overview of data governance and DMPs. Let’s cement this knowledge with some practice.Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.