Security of electronic personal health information in a public hospital in South Africa

Abstract

ABSTRACT Digital health technologies have changed the healthcare sector landscape and thus generated new opportunities for collecting, storing and accessing electronic personal health information (ePHI). However, this has also caused ePHI to be exposed to a variety of new security threats, attacks and vulnerabilities. This qualitative study explored the security of ePHI in a public hospital in South Africa. Data were collected through semi-structured interviews with purposively selected network controllers, IT technicians, administrative and records clerks and triangulated through document analysis. Data were coded and analyzed using ATLAS.ti, version 8. The findings showed that the public hospital is witnessing a deluge of cyber threats such as Worms, Trojan horses, and shortcut viruses. This is compounded by technological vulnerabilities such as power and system failure, obsolete computers, and systems. Security measures such as username-password, encryption, firewall, and antivirus and security audit log exist in the hospital to protect ePHI. The study recommends the need to implement an intrusion protection system and constantly update the firewall and antivirus. It is concluded that without proper security protocols, ePHI could be exposed to threats and cyber attacks. The public hospital is urged to use blockchain technology to strengthen the security of ePHI.