Reasons for Picture Archiving and Communication System (PACS) data security breaches: Intentional versus non-intentional breaches
Background: The Picture Archiving and Communication System (PACS) has led to an increase in breached health records and violation of patient confidentiality. The South African constitution makes provision for human dignity and privacy, virtues which confidentiality seeks to preserve. Confidentiality thus constitutes a human right which is challenged by the use of technology. Humans, as managers of information technology, constitute the weakest link in safeguarding confidentiality. Nonetheless, it is argued that most security breaches are nonintentionally committed by well-meaning employees during routine activities.
Objective: The purpose of this article is to explore the nature of and reasons for confidentiality breaches by PACS users in a South African context.
Methods: A closed-ended questionnaire was used to collect quantitative data from 115 health professionals employed in a private hospital setting, including its radiology department and a second independent radiology department. The questionnaire sought to explore the attitudes of participants towards confidentiality breeches and reasons for such behaviour.
Results: Breach incidences were expressed as percentage compliance and classified according to the nature and reasons provided by Sarkar's breach classification. Cross tabulations indicated a statistical significance (p < 0.00) between the expected and observed confidentiality practices of participants and also the adequacy of training, system knowledge and policy awareness.
Conclusion: Our study supports previous findings that, in the absence of guidelines, most security breaches were non-intentional acts committed due to ignorance. Of concern are incidents in which sensitive information was intentionally shared via social media.
Keywords: Intentional breaches, Patient confidentiality violation, PACS, Unintentional breaches
The author(s) retain copyright on work published by AOSIS unless specified otherwise.
Licensing and publication rights
Author(s) of work published by AOSIS are required to grant AOSIS the unlimited rights to publish the definitive work in any format, language and medium, for any lawful purpose. AOSIS requires journal authors to publish their work in open access under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence.
The authors retain the non-exclusive right to do anything they wish with the published article(s), provided attribution is given to the applicable journal with details of the original publication, as set out in the official citation of the article published in the journal. The retained right specifically includes the right to post the article on the authors’ or their institution’s websites or in institutional repositories.
Previously published work may have been published under a different licence. We advise the community that if they would like to reuse the work to consult the applicable licence at article level.
Note: If you need to comply with your funding body policy, you can apply for the CC BY license after your manuscript is accepted for publication.