By Public Health, For Public Health

Public Health Data Governance Framework for Local Health Departments

Practical data governance for local and state health departments—aligned with CDC's Public Health Data Strategy and built for your reality. We help you establish data stewardship, build data governance councils, create data sharing agreements, and implement HIPAA-compliant policies. Woman-owned. 8(a) certified.

Schedule a Consultation
  • Data Inventory & Catalog Know what data assets you have
  • Data Stewardship Clear ownership & accountability
  • HIPAA Compliance Access controls & data protection
  • Data Sharing Agreements Partner safely with DSA templates
The Challenge

The Data Governance Gap

Most health departments have data scattered across dozens of systems with no clear inventory, inconsistent access controls, and retention policies that exist only on paper.

"Do we have data on X?" "Probably, somewhere."

That's not sustainable. And when auditors come calling, "probably, somewhere" isn't a defensible answer.

Common Challenges We Address

  • No clear inventory of data assets
  • Inconsistent access controls
  • Retention policies that exist only on paper
  • Ad-hoc data sharing without agreements
  • No clear data stewardship responsibilities
What We Deliver

Practical Data Governance

Data Inventory

A clear catalog of what data you have, where it lives, who's responsible for it, and how sensitive it is.

Access Management Framework

Who can see what, how they request access, and how you audit compliance. Role-based, practical, enforceable.

Retention & Disposition

Clear policies for how long you keep data and how you dispose of it. Aligned with state requirements and defensible in audits.

Data Sharing Agreements

Templates and processes for sharing data with partners while protecting privacy and maintaining compliance.

Before You Can Do AI

Get Your Data House in Order First

Everyone's talking about AI for public health. But here's the truth: AI is only as good as the data it's built on. If you don't know what data you have, who owns it, or how it can be used, you're not ready for AI implementation.

Data governance is the foundation of public health data modernization. It's what makes AI possible—and what keeps it safe. Before you invest in machine learning or automation, make sure your data practices can support it.

Learn about our AI training and policy services →

The Golden Triangle of Data Modernization
People Process Technology Data Governance

Successful data modernization requires all three working together.

Beyond Policy

Data Governance is Change Management

The hardest part of data governance isn't writing the policies - it's getting people to follow them. That's why we treat every data governance engagement as a change management initiative.

This is central to our capacity building approach—we don't just hand you a document and leave. We build your team's ability to sustain and evolve your data governance program.

Stakeholder Buy-In

We involve the right people early so policies reflect operational reality.

Training & Communication

Policies only work if people understand them. We build training into every engagement.

Accountability Structures

Clear data stewards, regular reviews, and realistic enforcement mechanisms.

Before You Tackle Governance

Assess Your Full Data Maturity

Data governance is just one piece of the puzzle. Before diving into policies and procedures, understand where you stand across all dimensions of data modernization.

Our Data Modernization Maturity Model (DM³) helps you assess your organization across six domains - including governance - and build a comprehensive roadmap for improvement.

Explore DM³ →
DM3
Data Modernization Maturity Model
Governance

How your organization establishes trust, authority, and accountability over data assets to drive public health action.

Click a domain to learn more • 5 maturity levels each

Download the whitepaper to learn more

How We Work

Our Data Governance Process

1

Assessment

We inventory your data assets, map your current practices, and identify gaps and risks.

2

Policy Development

We draft policies collaboratively with your team - ownership, access, retention, sharing - tailored to your context.

3

Implementation

We help you operationalize policies with templates, training, and monitoring processes.

Frequently Asked Questions

Public Health Data Governance Questions

What is a data governance framework for public health?

A public health data governance framework is a comprehensive structure of policies, processes, roles, and standards that determine how your health department manages its data assets. It includes data inventory and cataloging, data stewardship assignments, access management policies, data quality standards, retention and disposition schedules, and data sharing agreement templates. Unlike generic frameworks, public health data governance must address HIPAA requirements, grant reporting needs, interoperability with state systems, and community health data equity considerations.

How do local health departments implement data governance?

Implementation starts with assessment: inventory your data assets, map current practices, identify gaps. Next, establish a data governance council with representatives from key program areas. Develop policies collaboratively—ownership, access, retention, sharing—tailored to your department's size and complexity. Then focus on change management: train staff, embed governance into existing workflows, and create accountability structures. We recommend starting with high-priority data (disease surveillance, vital records) before expanding to other systems.

What are data governance best practices for public health?

Best practices include: (1) Start with a clear data inventory—you can't govern what you don't know you have; (2) Assign data stewards for each major data domain, not just IT; (3) Create practical policies that staff can actually follow; (4) Establish a data governance council with cross-functional representation; (5) Build governance into existing workflows rather than creating parallel processes; (6) Train staff on data governance responsibilities; (7) Align with CDC's Public Health Data Strategy and state requirements; (8) Review and update policies annually.

How do you create a data governance council?

A data governance council provides oversight and decision-making authority for data management. To create one: (1) Secure executive sponsorship from the health director or deputy; (2) Identify representatives from major program areas (epidemiology, environmental health, vital records, IT, legal); (3) Develop a charter defining scope, authority, meeting cadence, and decision-making processes; (4) Start with clear, achievable goals like completing a data inventory or developing a data sharing agreement template; (5) Meet regularly (monthly or quarterly) with documented decisions. We provide charter templates and can facilitate initial council meetings.

What is data stewardship in public health?

Data stewardship assigns accountability for specific data assets to individuals who understand both the data and its program context. Data stewards are responsible for data quality, appropriate access, documentation, and ensuring data serves public health purposes. In health departments, stewards are typically program managers (not IT staff) who own the business processes that generate the data. For example, the epidemiology supervisor might steward surveillance data, while the vital records manager stewards birth and death data. We help departments define stewardship roles, train stewards, and create accountability structures.

What data governance training do health department staff need?

All staff need basic awareness training covering data governance principles, their role in protecting data, and how to escalate questions. Data stewards need deeper training on their specific responsibilities, data quality monitoring, and access management. Data governance council members need training on decision-making frameworks, policy development, and risk assessment. We offer data governance training specifically for local health departments—not generic corporate content adapted to public health.

How does HIPAA affect data governance?

HIPAA shapes data governance requirements for any data that constitutes protected health information (PHI). Your data governance framework must address: who can access PHI and under what circumstances, how access is documented and audited, minimum necessary standards for data use, secure storage and transmission requirements, breach notification procedures, and business associate agreements with vendors. However, many public health data sets have specific HIPAA exemptions for public health activities—understanding these exemptions is critical to not over-restricting legitimate public health work.

What is the CDC Public Health Data Strategy?

The CDC Public Health Data Strategy (PHDS) is a 2024-2027 initiative to modernize how public health data is collected, shared, and used. It emphasizes data governance as foundational infrastructure, promotes interoperability through standards like FHIR, supports state and local modernization efforts, and aims to create a "One CDC Data Platform" by 2026. For local health departments, PHDS alignment is increasingly important for CDC grants and partnerships. Our data governance framework aligns with PHDS principles and helps position your department for data modernization funding opportunities.

Ready to Get Your Data House in Order?

Let's talk about your data governance challenges and build a practical path forward.

Schedule a Conversation →
Subscribe To Flourish Notes Sign up to receive our monthly dose of public health analysis, joy, and favorite things.

Subscribe To Flourish Notes

Sign up to receive our monthly dose of public health analysis, joy, and favorite things.

Sign up to receive our monthly dose of public health analysis, joy, and favorite things.

You have Successfully Subscribed!