HIPAA standartları açısından elektronik sağlık kayıtlarının güvenlik ve mahremiyet uygulamaları: Türkiye’de bir vaka çalışması

Bu araştırmada; genel ve dal olmak üzere özel hastanelerde elektronik sağlık kayıtlarının (ESK) güvenlik ve mahremiyetinin HIPAA ilkeleri kapsamında değerlendirilmesi amaçlanmıştır. Araştırma Kayseri ilinde bulunan genel ve dal hastanesi olmak üzere altı özel hastanenin çalışanlarını kapsamaktadır. Elektronik sağlık kayıt sistemini kullanan idari ve sağlık çalışanı olmak üzere 447 kişiye, yüzyüze görüşme yöntemi ile anket uygulanmıştır. Ölçekteki maddeler 5’li Likert ölçeği (1: kesinlikle katılmıyorum - 5: kesinlikle katılıyorum) ile değerlendirilmiştir. Faktör analizi sonucunda elektronik sağlık kayıtlarının güvenlik ve mahremiyeti ile ilişkili üç alt grup tanımlanmıştır.

Anahtar Kelimeler:

HIPAA, Sağlık Bilgi Sistemleri, Bilgi Güvenliği, Elektronik Sağlık Kayıtları, Mahremiyet, HIPAA

Security and privacy practices of electronic health records in terms of HIPAA standards: A case study in Turkey

In this study; It is aimed to evaluate the safety and privacy of electronic health records (EHR) with HIPAA rules in general and branch special hospitals. Six private hospitals participated the research in the province of Kayseri, Turkey. A questionnaire was applied to 447 people, including administrative and health practitioners using the electronic health record system, using a face-to-face interview method. The items in the scale were evaluated with a 5-point Likert scale (1: strongly disagree - 5: strongly agree). As a result of factor analysis, three subgroups related to EHR security and privacy are defined. Security and privacy scores of electronic health records were higher in general hospitals (78,54±23,5) compare to branch hospitals (68,49±26,8) (p=0.002). Moreover, it is seen that electronic health record use ability is higher in administrative units (75,99±22,5), compare to medical units (70,93±25,7) (p=0.033). it was determined that 69.8% (n = 264) of the staff working in general hospitals were trained and 34.8% (n = 24) of branch hospitals were trained (p=0.000). It is seen that the subscale scores are high in the individuals who are trained and in the groups who have higher age averages. Moreover, it was found that the average score of “Organizational Security” sub-dimension of female employees (3,91±0,68) was significantly higher than male employees (3,76±0,80) (p=0.042). There were no significant differences in all sub-dimensions that the security and privacy of electronic health records between the managers and other employees (p> 0.05).It is seen that healthcare institutions do not completely comply with HIPAA rules. General hospitals are more successful than branch hospitals in terms of security and privacy of electronic health records. Moreover, the level of consciousness of the administrative unit employees is higher than medical unit employees. Human factors and educational practices are very important in security measures.

Keywords:

Health Information Systems, Information Security, Electronic Health Records, Privacy, HIPAA,

PDF

___

Ajami S, Bagheri-Tadi T. Barriers for Adopting Electronic Health Records (EHRs) by Physicians, Acta Informatica Medica, 2013, 21(2): 129-134
Aksu Kılıç P, Kitapçı Şişman N, Çatar R. Ö, Köksal L, Mumcu G. An Evaluation of Information Security from the Users’ Perspective in Turkey. Journal of Health Informatics in Devoloping Countries, 2015, 9(2): 55-67
Aldosari B. Causes of EHR Projects Stalling or Failing: A Study of EHR Projects in Saudi Arabia, Computers in Biology and Medicine, 2017, 91: 372-381.
Bohu Y, Klouche S, Lefevre N, Webster K, Herman S. Translation, Cross-Cultural Adaptation and Validation of the French Version of The Anterior Cruciate Ligament-Return to Sport After Injury Scale, Knee Surg. Sports Traumatol Arthrosc., 2015, 23: 1192-1196.
Chen Q, Benusa A. HIPAA Security Compliance Challenges: The Case for Small Healthcare Providers, International Journal of Healthcare Management, 2017, 10 (2): 135-146
Cronbach L. Coefficient Alpha and The Internal Structure of Test, Psychometrika, 1951, 16(3): 297-334.
Çınaroğlu S, Avcı K. Comparison of Asessments of Medical and Surgical Nurses About Usage of Electronic Health Records, TAF Preventive Medicine Bulletin, 2015, 14 (3): 257-264.
Forcepoint, Industry Drill-Down Report Healthcare, 2015. www.insight.com/content/dam/insight-web/en_US/article-images/ebooks/Partner/2015-industry-drill-down-report-healthcare.pdf
Hartley C, Jones E. EHR Implementation: A Step-by-Step Guide for the Medical Practice, American Medical Association, 2th Edition, Chicago, 2012.
Kohli R, Tan S. Electronıc Health Records: How Can Is Researchers Contrıbute To Transformıng Healthcare?, MIS Quarterly, 2016, 40(3): 553-573.
Lapke M, Garcia C, Henderson D. The Disconnect Between Healthcare Provider Tasks and Privacy Requirements, Health Policy and Technology, 2016, 1-8.
Mishra S, Leone G, Caputo D, Calabrisi R. Securıty Awareness For Health Care Informatıon Systems: A HIPAA Compliance Perspective, Issues in Information Systems, 2011, 12(1):224-236.
Liginlal D, Sim I, Khansa L, Fearn P. HIPAA Privacy Rule Compliance: An Interpretive Study Using Norman’s Action Theory, Computers & Security, 2012, 31: 206-220.
Lukaschyk J, Brockmann-Bauser M, Beushausen U, Transcultural Adaptation and Validation of the German Version of the Vocal Tract Discomfort Scale, Journal of Voice, 2017, 31 (2): 261-268.
Pham T. The Current State of Healthcare Endpoint Security, Industry News, 2016. Shahmoradi L, Darrudi A, Arji G, Nejad A. Electronic Health Record Implementation: A SWOT Analysis, Acta Medica Iranica, 2017, 55 (10): 642-649.
Simon S, Kaushal R, Cleary P, Jenter C, Volk L, Poon E, Orav J, Lo H, Willıams D, Bates D,. Correlates of Electronic Health Record Adoption in Office Practices: A Statewide Survey, Journal of the American Medical Informatics Association, 2007, 14 (1): 110-117.
Singh B. Nurse’s Attitude Towards Computerization in Private Hospitals of Tamil Nadu, India, Research J. Pharm. and Tech., 2016, 9 (12): 1451-1456.
Vignola R, Tucci A. Adaptation And Validation of The Depression, Anxiety and Stress Scale to Brazilian Portuguese, Journal of Affective Disorders, 2014, 155: 104-109.