This is the second in a series of articles on improving people’s understanding of a widely misunderstood term – “metadata” – written by Steven Strutz. The first article can be found here – Toward a Better Understanding of Metadata – Metadata Defined.
NSA Metadata Definition
The NSA, notable for its surveillance programs that use Metadata, states that “[Metadata] may include security labels and discovery information, as well as user and environmental attributes. Metadata is intended to be used by human consumers or by autonomous processes such as access control mechanisms in the Global Information Grid (GIG), network-centric content discovery services, or automated information dissemination systems. As decisions are made based on Metadata content, the assurance provided for the actual Metadata must be considered… In many scenarios, the assurance provided to Metadata and to the relationship between Metadata and data is essential. Such scenarios range from simple discovery queries to enabling Assured Information Sharing (AIS) through Cross Domain Solutions (CDS) (From Cryptographic Binding of Metadata, The Next Wave, Vol. 18, No. 2, 2009, pp. 22– 23).
Metadata Provides Data Clarity
It is easily determined that these definitions are often woefully inadequate and fall short of satisfying our need to better understand Metadata, hence the need to augment our understanding of just what Metadata is. Metadata enables people to search, define, reuse, and govern data consumed across the company and throughout the technology environment.
It has become apparent that viewing data without a robust and scalable understanding of the importance of Metadata Management leads to:
- Confusion, misuse, and errors
- Lack of focus and direction
- Longer discovery and resolution responses
- Poor Integration between sources and targets
- Increased defects during data processing activities
- Greater difficulty resolving defects
Robust Metadata Management leads to clearer Subject Matter organization, veracity, and certification of Data Integrity.
Metadata Standards and Protocols
Gartner has expanded its definition, “Metadata is information regarding the characteristics of any artifact, such as its name, location, perceived importance, quality or value to the enterprise, and its relationships to other artifacts that an enterprise has deemed worth managing.” This has led to protocols that better manage Metadata within or across specific domains, geographies, businesses, or functions to more easily facilitate transacting commerce and collaboration.
- The International Foundation for Information (IF4IT) – Metadata for Manufacturing Management
- International Organization for Standardization (ISO) – International Standards
- ISO/IEC JTC1 SC32 WG2 – Metadata-specific Standards
- Library of Congress – Research Library
- Specialized Metadata Protocols:
- Measurements (Qualitative)
- Specialized Metadata Protocols:
The Formalization of Metadata Protocols
Many organizations have heeded the call to facilitate changing our understanding and use of Metadata.
- The Dublin Core Metadata Initiative, or “DCMI“, is an open organization supporting innovation in Metadata design and best practices across the Metadata ecology. The Dublin Core Metadata Element Set, Version 1.1 – is a vocabulary of fifteen properties for use in resource description.
- Open Archives Initiative Protocol for Metadata Harvesting
- ISO 15836:2009 Information and documentation – The Dublin Core Metadata element set
- “Levels of interoperability”
- Level 1 (Shared term definitions)
- Level 2 (Formal semantic interoperability)
- Level 3 (Description Set syntactic interoperability)
- Level 4 (Description Set Profile interoperability)
- UML – Unified Modeling Language
- XML – Extensible Markup Language
- SQL – Structured Query Language
- MOF – Managed Object Format
- RDF – World Wide Web Consortium (W3C) Resource Description Framework
- OMG – Object Management Group
Emerging Success of Metadata Usage in Financial Services
The OMG Finance Domain Task Force (FDTF) was created to develop sustainable business and technology standards that promote the notion that Data and its Semantics are the DNA of financial services. Analogous is the Financial Services EDM Council, which is “a neutral business forum founded by the financial industry to elevate the practice of data management as a business and operational priority. The prime directive is to ensure that users have trust and confidence that data is precisely what is expected without the need for manual recalculation or multiple data transformations.”
“The EDM Council is the author and steward of the Financial Industry Business Ontology (FIBO). FIBO is a collaborative effort among industry practitioners, semantic technology experts and information scientists to standardize the language used to precisely define the terms, conditions, and characteristics of financial instruments; the legal and relationship structure of business entities; the content and time dimensions of market data; and the legal obligations and process aspects of corporate actions.”
Financial Industry Business Ontology (FIBO) today remains a joint effort by OMG and the Enterprise Data Management (EDM) Council. FIBO is an industry initiative to define financial industry terms, definitions, and synonyms using semantic web principles such as RDF/OWL and widely adopted OMG modeling standards such as UML. FIBO will contribute to transparency in the global financial system, aid industry firms in providing a cost-effective means for integrating disparate technical systems and message formats, and aid in regulatory reporting by providing a clear and unambiguous meaning of data from authoritative sources.
SMAC is Changing in the Healthcare Industry
Newly emerging technologies are disrupting how healthcare conducts business and Metadata provides keys to the successful assimilation of these technologies.
- Social Media – “Social media is key for marketing and recruiting in the United States, but overseas, healthcare organizations are ahead in using the technology for health monitoring [eWeek].”
- Mobility and Mobile Devices – “Vantage Health’s first mobile app is expected to be for lung cancer screening, with additional mobile healthcare apps in the planning stages [eWeek].”
- Internet of Things – “The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems [webopedia].”
- Advanced Analytics – “Big data analytics tools along with patient lifestyle changes can help save the healthcare industry up to $450 billion [eWeek].”
- Cloud – “Google Cloud Platform now includes the availability of Business Associates Agreements (BAAs) for customers who must prove HIPAA support [eWeek].”
Role of Metadata in Healthcare
The Health Information Exchange (HIE) allows healthcare professionals and patients to appropriately access and securely share a patient’s vital medical information electronically. There are many healthcare delivery scenarios driving the technology behind the different forms of health information exchange available today.
- Consider HIE (ONC), “The demand for electronic health information exchange from one healthcare professional to another is growing along with nationwide efforts to improve the quality, safety and efficiency of healthcare delivery. Meaningful use requirements, new payment approaches that stress care coordination, and federal financial incentives are all driving the interest and demand for health information exchange.”
- John Moehrke of GE Healthcare blogs, “Metadata is associated with data to provide for specific data handling purposes. These domains of data handling purposes fall into some general categories. Each metadata element typically has more than one of these purposes, although there are some metadata elements that cover only one purpose. It is important to understand these domains of metadata purposes.”
- DICOM — Digital Imaging and Communications in Medicine — is the international standard for medical images and related information (ISO 12052).
HIPPA regulations focus on the privacy of patients’ data. However, recent hacking incidents pressure companies to redouble their security efforts to ensure the sanctity and portability of patient data.
- The Affordable Care Act – “The Affordable Care Act puts consumers back in charge of their healthcare. Under the law, a new “Patient’s Bill of Rights” gives the American people the stability and flexibility they need to make informed choices about their health.”
- HIPPA – “The U.S. Department of Health & Human Services Office for Civil Rights enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules
- HIPAA Privacy Rule – protects the privacy of individually identifiable health information
- HIPAA Security Rule –sets national standards for the security of electronic protected health information
- HIPAA Breach Notification Rule – requires covered entities and business associates to provide notification following a breach of unsecured protected health information
- Confidentiality provisions – protect identifiable information being used to analyze patient safety events and improve patient safety.”
Impact of Meaningful Use
Meaningful Use adds another dimension to compliance that increases incentive for companies to meet requisite standards. These are just two of the many regulatory influences currently driving changes in the Healthcare industry.
- Legislation and Regulation – Medicare “is changing the way it pays hospitals for services provided to people with Medicare. Instead of only paying for the number of services a hospital provides, Medicare is also paying hospitals for providing high quality services.”
- Meaningful Use – The Centers for Medicare and Medicaid Services (CMS) overseas, “The Medicare and Medicaid EHR Incentive Programs [that] provide financial incentives for the “meaningful use” of certified EHR technology.
- To receive an EHR incentive payment, providers have to show that they are “meaningfully using” their certified EHR technology by meeting certain measurement thresholds that range from recording patient information as structured data to exchanging summary care records
- CMS has established these thresholds for eligible professionals, eligible hospitals, and critical access hospitals (CAHs)”
European Regulatory Demands
The European Data Protection Requirements established the legal framework for the protection of personal data. The Basel Committee on Banking Supervision (BCBS) issued Principles for effective risk data aggregation and risk reporting to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices. The primary intent for all organizations will be to remain compliant.
- European Union Data Protection Requirements
- General Data Protection Regulation (GDPR)
BCBS239 Data Aggregation and Reporting Principles
The Basel Committee on Banking Supervision (BCBS) 239 edict outlines “Principles for effective risk data aggregation and risk reporting”. BCBS239 was introduced by the Basel Committee to address key lessons learned following the global financial crisis of 2007. One of the most significant of these lessons learned was that many banks lacked the cohesion in their data management to ameliorate risk exposure at group levels, across business lines and legal entities. Consequently, many banks are unable to manage risk properly due to weak data aggregation practices and reporting practices, which has had a negative impact on the stability of the financial sector as a whole. Consequently, the Basel Committee issued guidance to enhance the banks’ ability to effectively manage risk enterprise-wide.
“[This] set of principles [proposes] to strengthen banks’ risk data aggregation capabilities and internal risk reporting practices (the Principles). In turn, effective implementation of the Principles is expected to enhance risk management and decision-making processes at banks.
The adoption of these Principles will enable fundamental improvements to the management of banks. The Principles are expected to support a bank’s efforts to:
- Enhance the infrastructure for reporting key information, particularly that used by the board and senior management to identify, monitor, and manage risks;
- Improve the decision-making process throughout the banking organization;
- Enhance the management of information across legal entities, while facilitating a comprehensive assessment of risk exposures at the global consolidated level;
- Reduce the probability and severity of losses resulting from risk management weaknesses;
- Improve the speed at which information is available and hence decisions can be made; and
- Improve the organization’s quality of strategic planning and the ability to manage the risk of new products and services.
Strong risk management capabilities are an integral part of the franchise value of a bank. Effective implementation of the Principles should increase the value of the bank. The Committee believes that the long-term benefits of improved risk data aggregation capabilities and risk reporting practices will outweigh the investment costs incurred by banks.
For bank supervisors, these Principles will complement other efforts to improve the intensity and effectiveness of bank supervision. For resolution authorities, improved risk data aggregation should enable smoother bank resolution, thereby reducing the potential recourse to taxpayers.”
- Basel Committee for Banking Standards (BCBS) Risk Aggregation Principles (e.g., 239)
- Governance requirements
- Board Ownership
- Management Ownership
- Strategic Ownership
- Glossary and Taxonomy
- Infrastructure support
- Business Continuity
- Data Management
- Governance requirements