A new paper
from the Asian Development Bank (ADB) highlights efforts to develop a health
ICT governance architecture framework through consultations and close
collaboration with experts.
The paper notes that a range of solutions, such as digital
disease surveillance systems, electronic medical records, and social health
insurance payment processes, are being implemented in different countries.
However, good governance for successful implementation and sustainability
throughout the health system requires a holistic approach which is often
missing. The health sector lags behind other sectors and industries in the development
and adoption of ICT governance frameworks.
To fill this gap, ADB developed a health ICT governance
architecture framework (HIGAF). The framework was further refined through consultations
with health sector ICT experts in the region further refined the framework,
leading to the creation of HIGAF 2.0. HIGAF 2.0 is designed specifically to
meet the evolving needs of developing member countries in the region.
The Asia eHealth Information Network (AeHIN), a peer-led network of digital health
experts from government, civil society, the private sector, developed
countries, development partners, and academia in more than 25 countries and ADB
can assist countries to develop and implement HIGAF 2.0.
HIGAF 2.0 simplifies key elements of the COBIT 5 framework for the governance and
management of enterprise IT and combines them with digital health resources,
including the WHO and International Telecommunication Union National (ITU) eHealth
Strategy Toolkit and the Broadband Commission report Digital
Health: A Call for Government Leadership and Cooperation between ICT and Health.
The framework also takes into account a global repository of digital health
standards, policies and architecture artefacts, stakeholder mapping and the
principles of good governance.
In HIGAF 2.0, the seven components of the WHO/ITU eHealth
Strategy Toolkit have been expanded to include information and architecture and
divided into: what to govern and how to govern.
Three tiers encircling the framework, represent three
digital health components from the WHO/ITU eHealth Strategy Toolkit, which
describe how to govern. The first tier is leadership, governance and
multisector engagement to enable the taking of system-wide decisions.
The second tier covers the governance process – legislation,
policy, and compliance – to create the enabling environment to ensure law enforcement
and alignment of IT policies nationwide and across sectors. It includes laws
and policies on data standards, privacy and security, which are key to
establishing trust and protection for the public as well as the health sector
The third tier of strategy and investment ensures that
financing priorities are aligned across governments, donor agencies, and the
The framework requires a national digital health strategy,
defined by the national health strategy, policies, and plans.
At the center of the framework, there are six digital health
components to be governed: Services and application, Standards and
interoperability, Architecture, Infrastructure, Information and Workforce.
The framework classifies the components of governance into
three main categories: process, structure, and stakeholders.
Stakeholders in digital health include government
ministries, decentralised levels of government, civil society organisations,
the private sector, and service providers. Stakeholders extend beyond the
health sector. Examples would be civil society organisations, private vendors,
and non-health ministries such as the ministry of ICT and ministry of finance.
A three-step process is presented for stakeholder mapping:
(i) identify stakeholders with roles in policy- and decision-making and
implementation in and beyond the health sector; (ii) identify those who will
use and will be affected by digital health solutions; and (iii) identify those
who bring in key resources (human, financial, and technological).
The WHO and International Telecommunication Union National
eHealth Strategy Toolkit provides guidance on how to map, engage, and consult
different stakeholder groups in creating an eHealth vision.
The paper highlights that a governance framework must take
into account the main stakeholders in health service delivery, and in health
care financing, consider public spending, out-of-pocket expenditure, and donor
funding, as well as health insurance mechanisms. Feedback should be sought from
frontline health workers and patients in planning and implementing digital
of digital health with exchange of patient-centric data would require
polycentric and diffused forms of patient-centered governance, as opposed to
traditional hierarchical, forms. But even in diffused forms of governance, the health
enterprise, with the MOH at its core, would need to maintain a central role in
regulatory functions such as policy making, coordination, and standard-setting.
When implemented, a digital health governance framework has
to reflect the power relations and lines of accountability between the
different stakeholders. For example, having a central actor responsible for
defining standards hierarchically lower than other stakeholders might make it
difficult to implement the digital health standards. Establishing a governance
structure is one of the first steps to be taken in COBIT 5.
The Broadband Commission has proposed three different possible
governance models. Digital health can be driven from within the MOH, which then
mobilises technical capacity and skills from other ministries. Alternatively,
the MOH drives digital health, but a government-wide agency provides ICT
infrastructure capacity. In a third model, the MOH leads health strategy, but
ICT is designed by a third-party agency.
Governance processes encompass policy and decision making,
planning, resource allocation, coordination, and monitoring and evaluation.
These are usually driven by the digital health enterprise with the MOH at its
HIGAF 2.0 draws from COBIT 5 from governance processes. In
COBIT 5, processes are defined as “a set of practices and activities to achieve
certain objectives and produce a set of outputs in support of achieving overall
IT-related goals.” These processes can be divided into those concerning
governance and those pertaining to enterprise management. The former includes
practices and activities aimed at evaluating strategic options, providing
direction to IT, and monitoring the outcome. The latter processes cover
responsibility for planning, building, running, and monitoring.
Access the paper “Transforming Health Systems through Good Digital
Health Governance” here.