Institutional Repository

Security of electronic personal health information in a public hospital in South Africa

Show simple item record

dc.contributor.advisor Ngoepe, Mpho Solomon
dc.contributor.author Chuma, Kabelo Given
dc.date.accessioned 2021-04-12T07:48:53Z
dc.date.available 2021-04-12T07:48:53Z
dc.date.issued 2020-01
dc.identifier.uri http://hdl.handle.net/10500/27239
dc.description.abstract The adoption of digital health technologies has dramatically changed the healthcare sector landscape and thus generates new opportunities to collect, capture, store, access and retrieve electronic personal health information (ePHI). With the introduction of digital health technologies and the digitisation of health data, an increasing number of hospitals and peripheral health facilities across the globe are transitioning from a paper-based environment to an electronic or paper-light environment. However, the growing use of digital health technologies within healthcare facilities has caused ePHI to be exposed to a variety of threats such as cyber security threats, human-related threats, technological threats and environmental threats. These threats have the potential to cause harm to hospital systems and severely compromise the integrity and confidentiality of ePHI. Because of the growing number of security threats, many hospitals, both private and public, are struggling to secure ePHI due to a lack of robust data security plans, systems and security control measures. The purpose of this study was to explore the security of electronic personal health information in a public hospital in South Africa. The study was underpinned by the interpretivism paradigm with qualitative data collected through semi-structured interviews with purposively selected IT technicians, network controllers’, administrative clerks and records management clerks, and triangulated with document and system analysis. Audio-recorded interviews were transcribed verbatim. Data was coded and analysed using ATLAS.ti, version 8 software, to generate themes and codes within the data, from which findings were derived. The key results revealed that the public hospital is witnessing a deluge of sophisticated cyber threats such as worm viruses, Trojan horses and shortcut viruses. This is compounded by technological threats such as power and system failure, network connection failure, obsolete computers and operating systems, and outdated hospital systems. However, defensive security measures such as data encryption, windows firewall, antivirus software and security audit log system exist in the public hospital for securing and protecting ePHI against threats and breaches. The study recommended the need to implement Intrusion Protection System (IPS), and constantly update the Windows firewall and antivirus program to protect hospital computers and networks against newly released viruses and other malicious codes. In addition to the use of password and username to control access to ePHI in the public hospital, the study recommends that the hospital should put in place authentication mechanisms such as biometric system and Radio Frequency Identification (RFID) system restrict access to ePHI, as well as to upgrade hospital computers and the Patient Administration and Billing (PAAB) System. In the absence of security policy, there is a need for the hospital to put in place a clear written security policy aimed at protecting ePHI. The study concluded that healthcare organisations should upgrade the security of their information systems to protect ePHI stored in databases against unauthorised access, malicious codes and other cyber-attacks. en
dc.format.extent 1 online resource (xiv, 157 leaves) : black and white illustrations
dc.language.iso en en
dc.subject Privacy en
dc.subject Confidentiality en
dc.subject Personal information en
dc.subject Security en
dc.subject ePHI en
dc.subject Digital health technologies en
dc.subject Public hospital en
dc.subject Disclosure of information en
dc.subject Security threats en
dc.subject South Africa en
dc.subject.ddc 651.5042610968
dc.subject.lcsh Medical informatics -- Security measures -- South Africa en
dc.subject.lcsh Medical records -- South Africa -- Data processing en
dc.subject.lcsh Health services administration -- Information technology -- South Africa en
dc.subject.lcsh Information storage and retrieval systems -- Medicine -- Management en
dc.subject.lcsh Privacy, Right of -- South Africa en
dc.title Security of electronic personal health information in a public hospital in South Africa en
dc.type Dissertation en
dc.description.department Information Science en
dc.description.degree M. Inf. (Information Security)


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics