Reasons for Picture Archiving and Communication System (PACS) data security breaches: Intentional versus non-intentional breaches

Tintswalo B. Mahlaola; Barbara van Dyk

doi:10.4102/hsag.v21i0.966

Original Research

Reasons for Picture Archiving and Communication System (PACS) data security breaches: Intentional versus non-intentional breaches

Tintswalo B. Mahlaola, Barbara van Dyk

About the author(s)

Tintswalo B. Mahlaola, Department of Medical Imaging and Radiation Sciences, Faculty of Health Sciences, University of Johannesburg, South Africa
Barbara van Dyk, Department of Medical Imaging and Radiation Sciences, Faculty of Health Sciences, University of Johannesburg, South Africa

Full Text:

PDF (389KB)

Abstract

Background: The Picture Archiving and Communication System (PACS) has led to an increase in breached health records and violation of patient confidentiality. The South African constitution makes provision for human dignity and privacy, virtues which confidentiality seeks to preserve. Confidentiality thus constitutes a human right which is challenged by the use of technology. Humans, as managers of information technology, constitute the weakest link in safeguarding confidentiality. Nonetheless, it is argued that most security breaches are nonintentionally committed by well-meaning employees during routine activities.

Objective: The purpose of this article is to explore the nature of and reasons for confidentiality breaches by PACS users in a South African context.

Methods: A closed-ended questionnaire was used to collect quantitative data from 115 health professionals employed in a private hospital setting, including its radiology department and a second independent radiology department. The questionnaire sought to explore the attitudes of participants towards confidentiality breeches and reasons for suchbehaviour.

Results: Breach incidences were expressed as percentage compliance and classified according to the nature and reasons provided by Sarkar's breach classification. Cross tabulations indicated a statistical significance (p < 0.00) between the expected and observed confidentiality practices of participants and also the adequacy of training, system knowledge and policy awareness.

Conclusion: Our study supports previous findings that, in the absence of guidelines, most security breaches were non-intentional acts committed due to ignorance. Of concern are incidents in which sensitive information was intentionally shared via social media.

Keywords

Intentional breaches; Patient confidentiality violation; PACS; Unintentional breaches

Metrics

Total abstract views: 2740
Total article views: 1349

Crossref Citations

No related citations found.

African Online Scientific Information Systems (Pty) Ltd t/a AOSIS
Reg No: 2002/002017/07
International Tel: +27 21 975 2602
5 Hafele Street, Durbanville, Cape Town, 7550, South Africa
publishing(AT)aosis.co.za replace (AT) with @

All articles published in this journal are licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license, unless otherwise stated.
Website design & content: ©2024 AOSIS (Pty) Ltd. All rights reserved. No unauthorised duplication allowed.
By continuing to use this website, you agree to our Privacy Policy, Terms of Use and Security Policy.

________

Subscribe to our newsletter

Get specific, domain-collection newsletters detailing the latest CPD courses, scholarly research and call-for-papers in your field.

Health SA Gesondheid | ISSN: 1025-9848 (PRINT) | ISSN: 2071-9736 (ONLINE)