Healthcare professionals’ perception on emergence of security threat using digital health technologies in healthcare delivery

Abstract

Background

The advancement of digital health technologies (DHTs) in the healthcare industry has revolutionized healthcare by improving efficiency and accessibility. The shift from paper-based records to electronic health records (EHRs) as a result of modern technologies introduced various security threats, endangering patient data privacy and system reliability. This study explores intricate security threats among healthcare professionals affecting DHT utilization.

Methodology

A structured questionnaire was designed to solicit for data from healthcare professionals on the existence of possible security threats, magnitude of physical and technical threats, and the extent to which the activities of staff and vendors affect the current DHTs being utilized in Cape Coast Teaching Hospital and Directorate of University Health Services at the University of Cape Coast. Purposive and convenience sampling techniques were employed to select healthcare professionals from various medical fields, and their views were captured for the study.

Results

Findings and data analyzed from the study revealed that technical threats, such as hacking, phishing, malware, and encryption weaknesses, pose more substantial dangers to DHTs compared to physical threats. The study explored viable strategies to prevent unauthorized access to DHTs and safeguard patient information. Encouraging measures, such as encryption, multi-factor authentication, regular security training, and periodic password changes, emerged as promising methods in addressing DHT security threats.

Conclusion

The study emphasizes the necessity of robust security measures and regular updates to effectively counter the emerging security threats. It underscores the critical necessity for a comprehensive protocol to enhance DHT security, addressing physical, technical, and personnel-related threats.

Introduction

The digital health technology (DHT) is a multidisciplinary concept that integrates technology and health to provide healthcare. This amalgamation has led to the use of electronic health records (EHRs), e-health, telehealth applications, telemedicine, etc., in patient care. The widespread use of EHRs in healthcare systems constitutes a significant improvement over traditional paper-based record-keeping procedures. ¹ Nonetheless, the increased dependence on DHTs to expedite EHRs creates a slew of security flaws and threatens the confidentiality of important patient data. These security flaws encompass unauthorized access, data violations, and security breaches that carry substantial implications to the integrity of delicate information for healthcare.^1,2 Some of the dangers emerge in a variety of ways, including unlawful access and data theft, with serious consequences for both patients and healthcare practitioners.^1,2 Historically, the concept of EHRs emerged alongside technological advancements in the 1960s and 1970s, revolutionizing healthcare delivery by making medical data more accessible from virtually anywhere. ³ The growing prevalence of EHRs and the influence of clinical decision support on healthcare procedures, adoption strategies, patient identification in clinical trials, and unexpected effects of DHTs have all been subjects of extensive research, profoundly transforming the structure and accessibility of medical records. ⁴

DHTs have become integral to modern healthcare delivery, but some poor design and improper use can result in errors that endanger the integrity of the stored information. ⁵ These errors can have far-reaching consequences endangering patient safety and undermining the quality of care. DHT-related errors can also facilitate fraud and abuse, leading to legal repercussions. ⁶ Inappropriately designed or used DHT can compromise the quality and accuracy of information crucial for healthcare providers to make critical decisions about patient care, potentially harming patients and eroding confidence in the healthcare system. ¹ To ensure patient safety and information integrity, it is imperative to design and utilize DHT that minimizes error risks and maximizes information quality and accuracy. ⁶ Security threats to DHTs can have severe repercussions for both patients and healthcare organizations. Patients may suffer privacy breaches and face physical and financial harm due to the misuse of their health data. ⁷ In addition, healthcare organizations may experience financial losses, damage to reputation, and legal liabilities. ⁷ Moreover, security threats to DHTs can erode public trust in the healthcare system at large. ⁸ Again, the increasing complexity and interconnectivity of healthcare systems can create vulnerabilities exploited by attackers through DHTs. ⁹ A study by Grossman ³ postulates that rapid EHR adoption often occurs without adequate training and awareness among healthcare providers regarding security issues.

Scores of research show that security threats to DHTs manifest in diverse ways and can originate from various sources like weak passwords, unencrypted data, unauthorized entry to healthcare systems, accessing sensitive health information by unauthorized individuals, unauthorized changes, or deletions of information that introduce errors or inaccuracies, leading to harmful or incorrect treatment decisions that endanger patient safety.^1,2,7,8 DHTs are also susceptible to malware, including viruses and ransomware, which can compromise the integrity of the information within these systems. ⁷ These security threats can have grave consequences for patient safety and the quality of care. The increasing worry about security risks affecting DHTs necessitates proactive actions from healthcare providers to protect their records. Deploying robust security measures like strong passwords, encryption, and regular software updates can reduce these risks. Managing the emergence of DHT security threats requires implementing solid security protocols and educating healthcare providers about safeguarding sensitive health data.^1–2,8 These protocols involves measures like enforcing strict password policies, secure authentication methods, and regular software updates to address vulnerabilities.^9,10,11 The primary concern for every individual is their health, and the introduction of DHTs has unmistakably contributed to improving healthcare services. ¹² However, alongside the myriad benefits that DHTs offer in healthcare delivery, they also pose a certain risk, particularly in the realm of system security. Currently, concerns about the privacy and security of protected health data pose substantial challenges to the broad adoption of DHTs.^13,14 There is an urgent need to identify these security threats and recommend effective measures to mitigate them. This can be accomplished by evaluating healthcare professionals’ perceptions of potential security threats, assessing the impact of physical and technical risks, as well as the influence of staff and vendor activities on the use of current DHTs at the Cape Coast Teaching Hospital (CCTH) and the Directorate of University Health Services in University of Cape Coast (DUHS-UCC).

Methods

Study setting

This study was carried out at the CCTH and DUHS-UCC. These two facilities were chosen for the research based on availability, accessibility, knowledge of personnel on digital health technologies, electronic health record system, and resource availability.

The CCTH is situated at the northern part of Cape Coast in the central region. It is among the five teaching hospitals in Ghana. The hospital uses an electronic health system to provide healthcare services to its clients. It has a 400-bed capacity and serves as the referral hospital for the central region. The CCTH was the first of a series of ultra-modern regional hospitals established by the Ministry of Health in Ghana. It started full operation in 1998 and became a teaching hospital in June 2013. The hospital is made up of several clinics that provide special care. These clinics include orthopedic, urology, anti-retroviral therapy, eye, and ear, nose, and throat clinics, among others.

The DUHS-UCC situated on the university's campus started operating in 1963. The hospital was built with the intention of serving the workers, their dependents, students, and the university's teaching and non-teaching staff and has now open its services to the broader public. It has an average total patient attendance of 90,488 and staffs around 350 in 2022. The hospital consists of various departments like the outpatient department, medical laboratory, male and female wards, and pediatric ward. The hospital serves as a health training center for students offering courses like medicine, pharmacy, physician assistant, and health information management at the University of Cape Coast.

Figure 1 shows the map of the central region showing the location of the study areas, that is, the CCTH and DUHS-UCC.

Figure 1.

Map of the central region showing the location of the study areas.

Study design, participant, and sampling

The research utilised a cross-sectional survey design to assess healthcare professionals’ perceptions of escalating security threats affecting DHTs at both the CCTH and the DUHS-UCC. The selection of a cross-sectional design was intentional due to its effectiveness in gathering comprehensive data while allowing for the simultaneous investigation of multiple variables. The study employed purposive and convenience sampling techniques to recruit participants from various medical fields chosen for their specific attributes, expertise, experiences, and accessibility. Inclusion criteria for participants were staff members from the CCTH and the DUHS-UCC who were above 18 years old, regularly utilized DHTs in their daily activities, faced no barriers in accessing DHTs, and possessed knowledge regarding DHT usage. Healthcare professionals excluded from this study included national service personnel, interns, and healthcare workers whose daily activities do not require the use of a DHT system. Based on the established criteria, the study's participant categories included nurses, health information officers, pharmacists, doctors, laboratory technicians, and members of the information technology team. These groups of healthcare professionals were chosen due to their familiarity with, availability, and access to DHTs within the hospitals. A sample size of 359 was determined from a total population of 2406 individuals at both the CCTH and DUHS-UCC using Krejcie and Morgan's formula for sample size calculation. Krejcie and Morgan's sampling theory was applied due to the researchers’ limited access to the entire population of interest, which required inferences to be made from a representative sample. ¹⁵ This approach enables researchers to draw conclusions about the population with a high degree of confidence and provides greater accuracy than methods, such as Cohen's Statistical Power Analysis. ¹⁶ Based on Krejcie and Morgan's formula:

$$n={\displaystyle \frac{X^{2}NP(1-P)}{(d^2(N-1)+X^{2}P(1-P))}}$$

where n = required sample size; N = population size; P = the population proportion (assumed to be 0.5 since this would provide the maximum sample size); X² = table value of the Chi square; and d = degree of accuracy expressed as a proportion (0.05). With the study population of 2406, a confidence interval of 95% giving a degree of accuracy of 0.05 and a degree of freedom of 1 give a Chi-squared table value of 3.841.

$$n={\displaystyle \frac{3.841\times 2406\times 0.5(1-0.5)}{({0.05}^2(2406-1)+3.841\times 0.5(1-0.5))}}$$

$$n=331$$

Therefore, from the Krejcie and Morgan table, a sample size of 359 (plus 8.45% of 331 considering the dropout of study participants) participants was determined and used for the study.

Data collection

An ethical approval for the study was sought from the Cape Coast Teaching Hospital Ethical Review Committee Board with ethical clearance reference number CCTHERC/EC/2023/077. The heads of the selected departments in the hospitals where the study was performed were asked for their written consent and agreement to carry out the study. Before administering the questionnaires, participants’ prior consent was sought a week before the data collection to review the consent forms. Participants received guarantees of confidentiality. As a result, names and other crucial details that would jeopardize achieving these demands were left out. The researchers developed a questionnaire tailored to the study's objectives and conducted multiple pilot tests among healthcare professionals from various hospitals to ensure clarity and address any ambiguities prior to its use with the intended participants. A 1-day training session was organized for the data collectors and supervisor, focusing on the data collection process and the study's goals. These goals included assessing potential security threats, evaluating the extent of physical and technical risks, examining the impact of staff and vendor activities on DHT usage at the CCTH and DUHS-UCC, and identifying strategies to mitigate potential threats to DHTs. Six data collectors and one supervisor were involved in the study. Three data collectors were assigned to each hospital to oversee the data, while the supervisor collected activities across both sites.

Data collection was carried out from February to June 2023 on weekdays between 9:00 am and 4:00 pm, excluding public statutory holidays. The researchers diligently adhered to all COVID-19 regulations and implemented necessary precautions to avoid unnecessary disruptions and distractions (see attached questionnaire).

Results

The measurement of the various threats of DHTs was estimated by their means on a scale of 1 to 5. The higher the mean of a given variable or the closer the mean to number 5, the higher the chance of that threat being in existence and affecting the current DHT. The standard deviation (SD) of the variables is used to measure how the individual ratings of the various threats as scored by the participants deviate from its corresponding means. Thus, the higher the SD, the more dispersed the individuals’ ratings from the mean of the given threat or variable. Moreover, on a 95% confidence interval, the ratings of the existence of various threats are being estimated for the population from which the sample for this study was drawn from. From the tables (Tables 1–6), the lower and upper bounds within which the ratings (mean) for the existence of a given threat may lie between are indicated.

Table 1.

Socio-demographic characteristics of participants.

Variable	Frequency (n = 359)	Percentage (%)
Gender
Male	140	39.0%
Female	219	61.0%
Age group
18–21 years	13	3.6%
21–30 years	226	63.0%
31–40 years	104	29.0%
41–50 years	14	3.9%
51–60 years	2	0.6%
Department/unit
Nursing	158	44.0%
Health information management	15	4.2%
Pharmacy	60	16.7%
Doctor/physician assistant	45	12.5%
Laboratory technician	71	19.8%
Others	10	2.8%
Years of work experience
Less than 1 year	80	22.3%
1–5 years	210	58.5%
6–10 years	50	13.9%
11–15 years	16	4.5%
More than 15 years	3	0.8%
Experience with DHT
Less than 1 year	81	22.6%
1–5 years	255	71.0%
6–10 years	15	4.2%
11–15 years	7	1.9%
More than 15 years	1	0.3%

Source: Author Field Data (2023).

Table 2.

Measuring the extent of physical security threats affecting DHTs (Sec A).

S/N	Measuring item	Mean	Standard deviation	95% confidence interval
				Lower bound	Upper bound
A1	Physical threats are likely to jeopardize the security of DHTs	3.09	1.275	2.96	3.22
A2	Physical theft of DHTs hardware pose a significant threat security.	3.44	1.165	3.31	3.56
A3	Unrestricted access to DHTs equipment to personnel can increase the incidences of security breach.	3.68	1.097	3.57	3.80
A4	The institution has inadequate and fragile measures for preventing physical threats to DHTs.	3.99	0.937	3.90	4.09
A5	Physical security measures in your institution lack the adequate funding and resources needed.	3.55	0.937	3.46	3.65
A6	Lack of multi-factor authentication and access controls poses physical threats to DHTs.	3.80	0.764	3.72	3.88
A7	Employees are not properly trained to identify and report physical security threats to DHTs .	3.59	1.111	3.48	3.71

Source: Author Field Data (2023).

Table 3.

Measuring the extent of technical security threats affecting DHTs (Sec B).

S/N	Measuring item	Mean	Standard deviation	95% confidence interval
				Lower bound	Upper bound
B1	Technical threats increase the likelihood of security breach of DHTs.	4.04	0.677	3.97	4.11
B2	Malware and viruses are technical threats to DHT security.	3.94	0.648	3.88	4.01
B3	Hacking is a likely technical possibility that hackers can employ to illegally access DHT system.	4.18	0.783	4.10	4.26
B4	Phishing attacks can lead to DHT security breach.	3.67	0.962	3.57	3.77
B5	The organization has experienced technical security breaches in the past that have compromised the security of electronic health records.	3.07	0.916	2.97	3.17
B6	The use of encryption and other technical security measures help to mitigate the risk of technical threats to DHTs.	4.01	0.635	3.94	4.07
B7	The institution has implemented adequate measures to prevent technical threats from compromising the security of DHTs	3.61	0.938	3.51	3.71

Source: Author Field Data (2023).

Table 4.

Measuring how the activities of staffs and vendors directly or indirectly affect DHTs (Sec C).

S/N	Measuring item	Mean	Standard deviation	95% confidence interval
				Lower bound	Upper bound
C1	Unintended disclosure of patient information by staff contribute to security threat to DHTs.	3.73	1.089	3.62	3.85
C2	Sharing of passwords by staff to others poses a threat to DHTs.	3.94	0.872	3.85	4.03
C3	All staff play a role to ensure that DHT security is maintained.	4.26	0.819	4.17	4.34
C4	Staff or vendor misconduct leading to DHT security breach should be punished.	3.80	0.894	3.80	3.98
C5	Healthcare organizations should conduct background checks on staff and vendors with access to DHTs data.	3.93	0.907	3.83	4.02
C6	Failing to log out of DHT systems can lead to security breach	4.04	0.989	3.93	4.14
C7	Healthcare organizations should monitor vendor who access the DHTs data	4.03	0.730	3.95	4.10

Source: Author Field Data (2023).

Table 5.

Measuring the feasibility of the measures to prevent unsecured access to DHT and patient's data (Sec D).

S/N	Statement	Mean	Standard deviation	95% confidence interval
				Lower bound	Upper bound
D1	Healthcare institution should have sufficient measures against DHT security threats.	4.22	0.593	4.16	4.28
D2	Two-factor authentication should be a requirement for accessing DHTs	4.04	0.755	3.97	4.12
D3	Encryption should be employed when storing data to the database.	4.36	0.530	4.30	4.41
D4	Appropriate access controls and restrictions will prevent health institution from suffering data breach.	4.10	0.976	4.00	4.22
D5	Regular security training for staff would reduce cases of security threats to DHTs.	4.20	0.762	4.12	4.28
D6	Password access to DHT systems should be changed periodically	4.15	0.884	4.06	4.24

Source: Author Field Data (2023).

Table 6.

Measuring the existence of other possible security threats that may affect DHTs (Sec E).

S/N	Statement	Mean	Standard deviation	95% confidence interval
				Lower bound	Upper bound
						E1	Unauthorized personnel have access to confidential medical information in your facility.	1.90	1.301	1.77	2.04
E2	Conversion from a paper-based system to EHR (electronic health record) leaves a risk of misplacing data in the process.	3.01	1.220	2.88	3.14
E3	Clinicians share their passwords with other or fellow colleagues.	2.56	1.065	2.45	2.67
E4	Active identities of former employees provide the opportunity for such employees to have access to the DHT system	2.95	1.311	2.82	3.09
E5	Passwords without a mix of numbers, symbols and letters are easy to guess.	3.18	1.355	3.04	3.32
E6	Systems without anti-virus software are more liable to security breach.	3.54	1.087	3.43	3.66

Source: Author Field Data (2023).

Part I: demographic characteristics of the research participants

Table 1 shows the demographics of the respondents who participated in the study. A total of 359 respondents took part in the study, of which 140 were males representing 39%, and 219 were females representing 61.0% with no missing data.

Discussion

Demographic characteristics of the research participants

From Table 1, participant age groups were divided into five sections. The majority age of participants who took this research were between the ages of 21 and 31 years with a population of 226 (63.0%), followed by ages 31–40 with 104 participants (29.0%). The least participants were from the age groups 51 to 60 with the population of 2 (0.6%). Moreover, the participants departments, or units were considered. Majority of the participants were from the nursing department, that is, 158 (44.0%), followed by the laboratory technician department, that is, 71 (19.8%), and the least department coming from ‘others’ (antenatal, male, and female wards), with 10 participants representing 2.8% of the population. Furthermore, the participants’ years of experience with DHTs were well represented. Accordingly, 1 to 5 years were 255 (71.0%) representing the majority years with the use of DHTs and more than 15 years having 1 (0.3%) respondent.

Objective 1: to examine the extent to which physical and technical securities pose threats to DHTs

In measuring this objective, seven independent variables were used. These variables collectively intend to determine the extent of both physical and technical threats to DHTs. The outcome of the survey shows that physical threat has 71.98% chance of possessing threats to DHTs. By contrast, technical threat had 75.83% chance of possessing a threat to DHTs. That is, technical threats can cause 4% more threat to DHT systems than physical threat (refer to Tables 2 and 3). Figure 2 and 3 show the top three identified physical and technical threars with high chances of causing a threat to DHT systems.

Figure 2.

Top three physical threats with high chances of affecting DHTs.

Figure 3.

Top three technical threats with high chances of affecting DHTs.

Figure 2 shows the variable (Sec A4, A6, and A3) that represent the top three identified physical threat variables with a high chance (percentage of threat out of the total of 71.98% physical threat chance) of causing threat to the DHT system (Author Field Data, 2023). A study by Kruse et al. ¹⁷ found that unintentional staff acts, such as inappropriate document disposal or filing and leaving workstations unlocked, are all examples of physical risks to DHT. Additionally, Narayana Samy et al. ¹⁸ also argued that physical threats may be intentional or unintentional acts, such as inadvertent information entry, and deliberate conditions, such as pollution, chemical spills, and liquid leakage. Theft, vandalism of the infrastructure and/or hardware, disruption, and accidental or intentional errors are some of the threats. Based on these studies, it would be safe to say that unrestricted access to EHR equipment poses a threat to the DHT system. Suleski et al. ¹⁹ highlighted a primary concern related to multi-factor authentication (MFA), pointing out the requirement for users posing multiple devices like smartphones or security tokens. This necessity potentially increases their susceptibility to physical threats, such as theft or assault. Should an attacker seize a user's MFA device, there exists the potential for unauthorized access to the DHT system. Furthermore, MFA might pose challenges in specific scenarios like remote locations or device malfunction, potentially impeding user access to the DHT system and disrupting patient care. Moreover, Sher et al. ²⁰ recommended adopting a layered security approach amalgamating diverse measures. These encompass enforcing robust passwords, employing multifactor authentication, implementing access control, utilizing data encryption, ensuring physical security, performing vulnerability scanning and patching, and offering security awareness training. This multifaceted approach helps protect against diverse threats, such as hacking, phishing, malware, data breaches, and even natural disasters. Sher et al. ²⁰ further stressed the importance of regularly reviewing and updating security measures to ensure their continued effectiveness. Employing multiple layers of security organizations can enhance their security posture.

Figure 3 shows the variable (Sec B3, B2, and B4) that represent the top three identified technical threat variables with a high chance (percentage of threat out of the total 75.83% technical threat chance) of causing threat to the DHT system (source: Author Field Data, 2023).

According to Jessica Davis of Health IT News, data can be leaked due to a phishing scam, which can be disastrous. In 2017, such leaks being disastrous laid bare more than 3.16 million patient records. Phishing attacks are a common threat to healthcare organizations. Hackers send emails that appear to be authentic from healthcare organizations to care practitioners, requesting them to click on links or open attachments using their passwords or codes. ²¹ Malware is another threat that can be found on unsuspected or perceived-to-be-safe websites. ²² Norton Antivirus reports that “malware creation is on the rise due to the unmixed volume of new types created daily and the enticement of money that can be made through organized internet crime.” Studies by Jamoom et al, shows that it depends on the type of malware that will be able to extract information from the users’ interested site. Some of these sites may obtain medical information from electronic health records. There is a particular type of malware, called ransomware. ²³ Metri and Sarote ²⁴ argued that security threats to cloud data include spoofing identity by a hacker pretending to be a valid user, tampering with the data that involves malicious alterations and modification of the content, repudiation with the users who deny their signature authenticity after performing an activity with the data, and information disclosure via the exposure of information to unauthorized users. ²⁴ McDermott also proposed that hacking threats arise when a company's cybersecurity protocols are purposely broken by an employee or a trusted contractor. ²⁵ By implementing layered security measures, such as strong passwords, multifactor authentication, access control, data encryption, physical security measures, vulnerability scanning and patching, and security awareness training, ²⁰ organizations can be protected against diverse threats, such as hacking, phishing, malware, data breaches, and even natural disasters. Regularly reviewing and updating security measures are also important in ensuring their continued effectiveness. ²⁰

After analyzing both types of threat, the technical threat poses much threat to the DHTs than the physical threat. This is because computers and other electronic machines can be stolen, but no information can be accessed. Should the system for storing the data be attacked, hackers can access patient data and affect the functioning of the system. Keshta and Odeh emphasized that technical threats present significant risks, highlighting the importance of encrypting data using either symmetric or asymmetric methods. They also recommended storing data within radio-frequency identification tags and imposing access restrictions on these tags for enhanced security. ²⁶

Objective 2: how staff and vendors contribute to DHT security threat

In determining how the activities and behavior of staffs and vendors of DHT systems directly or indirectly add up to the electronic health records security threat, seven independent variables were used as a means of assessment. After diving into the data garnered for the study, it showed that the activities of staffs and vendors have 79.50% chance of causing threat to DHT systems (refer to Table 4). The top three most dangerous activities of staffs and vendors that possess threat to these DHT are visualized in Figure 4.

Figure 4.

Top three staff and vendor threats with high chances of affecting DHTs.

Figure 4 shows the variable (Sec C6, C2, and C1) that represent the top three identified staff and vendor's activities with a high chance (percentage of threat out of the total 79.50% staffs and vendors related threat chance) of causing threat to DHT.

According to Keshta et al., ²⁶ hacking threats arise when a company's cybersecurity protocols are purposely broken by an employee or a trusted contractor. Unauthorized access to DHTs is a major concern when passwords are shared as it enables viewing of sensitive patient information leading to identity theft, financial fraud, and potential harm to medical treatment. Fernández-Alemán also emphasized that password sharing makes tracking DHT access difficult, hindering investigations and privacy protection. Sharing passwords with untrustworthy individuals can lead to impersonation and unauthorized access to other systems and increases the likelihood of compromise. Insecure sharing methods like email or public forums can result in interception by unauthorized individuals. ²⁷ Fernández-Alemán et al. ²⁷ went on to say that failing to log out of DHT systems poses significant security threats. Unauthorized users can access sensitive patient information if a user leaves their DHT session logged in. This can result in identity theft, financial fraud, and harm to patient well-being. Additionally, failing to log out makes it easier for hackers to gain access to the system, potentially leading to data theft or malware installation.

Objective 3: to explore measures to prevent unsecured access to DHTs and patient's data

In exploring measures and remedies to the security threat identified, six carefully selected measures were presented to the healthcare professionals for them to ascertain if these proposed measures will be feasible enough to mitigate the issues of DHT security threats. A warranted conclusion drawn from the analysis shows that there is 83.61% feasibility chance that the proposed measures can help combat the menace of DHT threat (refer to Table 5). Figure 4 shows the top three feasible measures perceived to be appropriate remedies to DHT security issues.

Figure 5 shows the variable (Sec D3, D5, and D1) that represents the top three feasible (out of the overall feasibility level of 83.61%) and appropriate remedies to DHT security threat issues (source: Author Field Data, 2023).

Figure 5.

Top three most feasible remedies to DHT security threats.

According to George and Bhila, ²⁸ it is vital to evaluate the security readiness of healthcare business associates, such as insurance providers and payment agencies with which healthcare organizations constantly exchange information. A study by Narayana Samy et al. ¹⁸ stated that security audits are also necessary to review the list of accesses to patients’ health records and detect illegal access. Lord ²⁹ argued that educating healthcare staff on security awareness and providing training equip them with the knowledge necessary for making good decisions and appropriate use of the system when dealing with patients’ data. In addition, Eberts and Capurro ³⁰ found that physicians with more electronic health records experience had positive perceptions concerning DHT training than physicians with computing skills. A study by Meingast et al. ³¹ suggested that encryption should be adopted in data transmission. The study recommends employing both hardware- and software-based encryption methods to ensure the highest level of security for patients’ health information. This is also in tandem with a study by Keshta and Odeh, ³² which stated that encryption and decryption of data can help secure data on the electronic system. According to their study, the highest response from participants suggests that encryption should be employed when storing electronic health records to the database as the most feasible remedy to DHT threats.

Objective 4: other security threats affecting DHTs

In the exploration of other security threats to DHTs, six independent variables were used to ascertain whether the respondents are of the view that those variables used are some of possible threat to their DHTs (Table 6). From the analysis of the data collected from the respondents, there was 57.28% overall average change of possible security threat that can affect the DHT system. Out of the six variables used for measuring possible security threat, variable Sec E (E6) “Systems without anti-virus software are more liable to security breach” possesses the highest chance of causing security treat, followed by variable Sec E (E5), and then variable Sec E (E2), which has the least chance of possible threat (source: Author Field Data, 2023).

Figure 6 shows variable Sec E (E6, E5, and E2) that represents the top three identified variables with a high chance (out of the 57.28% total possible threats of other variables) of causing a possible security threat to the EHR system.

Figure 6.

Top three possible security threats to DHTs.

A study conducted by Keshta and Odeh ³² suggested that adapting to the change from manual records to electronic records causes significant changes to healthcare providers’ working routines, indicating loss of control. User resistance of the electronic health record has been a great challenge in its implementation. Research by Cho et al. ³⁴ showed that some factors that can lead to user resistance include perceived value, colleague opinions, self-efficacy for change, and organizational support of change. Other studies argue that the growing use of mobile devices to capture and exchange electronic health information presents complex security and confidentiality problems. For instance, Alunyu et al. ³⁵ found that this is especially true for systems having passwords without a mix of letters, numbers, and symbols. A study by Shi et al. ³³ outlined a number of reasons why antivirus software is important in preventing security to EHR breaches. Some of these include scanning electronic health records for malware and viruses that could steal patient information or damage the system, blocking unauthorized access to DHTs that can help prevent hackers from stealing patient information, and updating EHRs with the latest security patches that can help protect the system from known vulnerabilities. The lack of antivirus software exposes electronic health systems to these threats.

Limitation

The present study's findings hold significance, yet their applicability is constrained by a few factors. Primarily, the use of questionnaires for data collection limits broad generalization. Diversifying data collection methods would enhance the study's scope. Additionally, the study's short data collection duration led to limited participant involvement. For broader relevance, healthcare administrators need familiarity with electronic health systems, and future research should encompass a larger study area with increased participant numbers.

Conclusion

This study highlights the overbearing need for a holistic approach to DHT security at the CCTH and DUHS-UCC, integrating technical fortification, staff training, viable remedies, and proactive measures against emerging threats. The evaluation of threats to DHTs within the study area clarifies significant insights into the complex challenges faced by the hospitals. The study discerns that while both physical and technical threats pose risks to DHT integrity, technical threats exhibit a higher propensity, accounting for a substantial risk percentage of 75.83% compared to physical threats at 71.98%. The prevalence of technical threats, such as phishing, malware, and hacking, intensifies concerns due to their potential ramifications on patient data security and the seamless functioning of the system.

Moreover, the significant contribution of staff and vendors to DHT security threats cannot be underestimated, accounting for a substantial 79.50% of the identified threats. Behaviors like sharing passwords, neglecting to log out, and accessing data without authorization stand out as primary instigators of security weaknesses in DHT systems, demanding focused intervention strategies. An assessment of proposed remedial actions reveals an overall feasibility rate of 83.61%, affirming the practicality of measures, such as security training, encryption, and multifactor authentication, in effectively addressing the array of security risks associated with DHTs. Additionally, the recognition of potential threats beyond the fundamental physical and technical vulnerabilities accentuates the comprehensive security challenges encountered by DHT systems. Elements, such as user resistance to EHR adoption, insufficient password protection on devices, and the absence of antivirus software, contribute to an estimated 57.28% threat level, emphasizing the necessity for diversified security approaches.

Recommendations

The study proposes the following recommendations for the Ministries of Health, Healthcare Authorities, and Hospital facilities planning to adopt DHT systems. First, enforce robust authentication methods incorporating multifactor authentication and stringent password policies to enhance the security of DHTs. Second, implement antivirus software, malware protection, and data encryption to shield against external threats like phishing attacks and malware intrusions. Lastly, regular updates and assessments of security protocols are crucial in combatting evolving threats. The implementation of these suggestions will play a pivotal role in safeguarding patient data and maintaining the confidentiality and integrity of DHT systems in healthcare settings. Recognizing the significant impact of security threats on DHT utilization, future research on DHT should focus more on exploring physical and technical authentication mechanisms and enabling users to familiarize themselves with such measures.

List of abbreviations

DHT

Digital health technology

DHTs

Digital health technologies

EHR

Electronic health record

EHRs

Electronic health records

ICT

Information and communication technology

CCTH

Cape Coast Teaching Hospital

DUHS-UCC

Directorate of University Health Services — University of Cape Coast

MFA

Multi-factor authentication