Abstract

Health information governance weaknesses can create operational risks in digital healthcare environments, including incomplete documentation, duplicate patient records, weak access control, poor interoperability, absent audit trails, and delayed reporting. These risks may affect data quality, information security, care continuity, accountability, reporting reliability, healthcare quality, and community-level planning. This paper proposes an artificial intelligence rule-based information governance framework for classifying such risks in health information management and health information systems. Using a scenario-based design-science approach, the framework defines governance input variables, maps them to health information management and health information system mechanisms, applies explicit IF-THEN rules, assigns risk classes, generates explanation traces, and produces governance recommendations. The framework is demonstrated through six synthetic scenarios covering duplicate records, unauthorized access, incomplete referral information, missing clinical documentation, weak audit trails, and delayed public health reporting. The demonstration shows how governance weaknesses can be converted into structured inputs, interpretable risk outputs, and corrective actions. The study does not claim empirical validation or deployment as a software system. Instead, it specifies a structured design artifact that can support future simulation, expert validation, rule-engine implementation, and empirical testing using real health information system data