An action framework for compliance and governance.

Purpose -- The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation. Design/methodology/approach -- The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes. Findings -- There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a "compliance action framework" which builds on work existing in other domains in relation to education, process control and governance. Research limitations/implications -- The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field. Originality/value -- The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection. [ABSTRACT FROM AUTHOR]