Table 9.
Legal requirement used in the study.
| No | Requirement | Count, n (%) | Reference |
| 1 | GDPRa | 13 (21.67) | [16,78-82,88-94] |
| 2 | Directive 95/46/EC | 10 (16.67) | [65,70,71,74,75,95-99] |
| 3 | Norwegian Personal Health Data Filing System Act | 3 (5) | [16,100,101] |
| 4 | Act relating to Patients’ Rights | 2 (3.33) | [16,101] |
| 5 | Act relating to the Processing of Personal Data | 2 (3.33) | [16,101] |
| 6 | Directive 2011/24/EU on patients’ rights in cross-border health care | 2 (3.33) | [73,90] |
| 7 | Health Care Personnel Act | 2 (3.33) | [16,101] |
| 8 | Act relating to Public Supervision of the Health Service | 1 (1.67) | [101] |
| 9 | Data protection and privacy in electronic communications—e-Privacy Directive | 1 (1.67) | [75] |
| 10 | Directive 2002/58/EC | 1 (1.67) | [65] |
| 11 | Directive 2009/136/EC | 1 (1.67) | [74] |
| 12 | Directive 99/93/EC | 1 (1.67) | [75] |
| 13 | EU regulation and compliance of national and transborder data flows | 1 (1.67) | [89] |
| 14 | GEHRb/CENc standards ENVd 12265 and ENV 13606 | 1 (1.67) | [102] |
| 15 | Good Clinical Practice | 1 (1.67) | [71] |
| 16 | Health Research Act | 1 (1.67) | [16] |
| 17 | IECe 80001-1:2010 | 1 (1.67) | [97] |
| 18 | ISOf 27001 | 1 (1.67) | [89] |
| 19 | Medical Device Regulation 2017/745 of EU | 1 (1.67) | [41] |
| 20 | Ministry Of Government Administration, Reform and Church affairs’ Requirements specification for PKIg for the public sector | 1 (1.67) | [65] |
| 21 | Penal Code | 1 (1.67) | [41] |
| 22 | Recommendation CM/Rec(2019)2 of the Committee of Ministers to member States on the protection of health-related data | 1 (1.67) | [76] |
| 23 | Recommendation No. R (97) 5 of the Committee of Ministers to Member States on the Protection of Medical Data | 1 (1.67) | [77] |
| 24 | Regulation 2014/910 (the “eIDAS Regulation”) | 1 (1.67) | [103] |
| 25 | Regulation of the Minister of Health of the Republic of Indonesia Number 269/2008 on Medical Record | 1 (1.67) | [83] |
| 26 | Regulations relating to the Processing of Personal Data | 1 (1.67) | [101] |
| 27 | The Ghana Health Services Patient’s Charter | 1 (1.67) | [104] |
| 28 | The Ghana National Health Insurance Regulations of 2004 | 1 (1.67) | [104] |
| 29 | The National Identification Authority Act 707 | 1 (1.67) | [104] |
| 30 | The Republic of Ghana’s constitution | 1 (1.67) | [104] |
| 31 | The Universal Declaration of Human Rights | 1 (1.67) | [104] |
| 32 | UNDANG-UNDANG No.36/2009 and Pasal 103 ayat 1 | 1 (1.67) | [105] |
| 33 | Undang-undang republik, Indonesia nomor 29, Tahun 2004 tentang, Praktik kedokteran | 1 (1.67) | [106] |
aGDPR: General Data Protection Regulation.
bGEHR: Good European Health Record.
cCEN: European Committee for Standardization.
dENV: Electronic Healthcare Record Communication for the exchange of electronic health records.
eIEC: International Electrotechnical Commission.
fISO: International Organization for Standardization.
fPKI: public key infrastructure.