A Framework for secure medical records: a case study of Kenyatta National Hospital

Otieno, Theodulus Odhiambo
Journal Title
Journal ISSN
Volume Title
Strathmore University
Healthcare information systems are largely viewed as the single most important factor in improving healthcare quality and reducing related costs. However, managing Information Security is becoming more challenging because of security incidents due to non-compliance by health workers. This was an intrinsic case study to gain a better understanding of how a medical institution can embed information security culture in the management of security of its medical records. The application of case study research is appropriate in a new and emerging area of research as it a strategy that allows for an in-depth exploration of the phenomenon. A survey questionnaire was given to the employees of the Ear Nose and Throat department of Kenyatta National Hospital to measure the human aspects of the Information Security Program. Interviews were used to further explore the perceptions of respondents and probe for more information and clarification of answers. The study shows that management support, training and awareness, well-articulated and visible security policies will have a significant positive effect on compliance and hence the security of medical information. Additionally, the study showed that the employees have a great sense of commitment towards protecting the information of the organisation. This is because the management has taken the initiative to lead by example, avoids punishing workers for non-compliant behaviour and motivates the employees towards a security-conscious behaviour. This study sought to explore how the human factor may influence information security and how this can be harnessed together with technology to improve the security of medical records.
A Thesis Submitted to the School of Computing and Engineering Sciences in Partial Fulfilment for the Requirement of the Degree of Master of Science in Information Technology of Strathmore University
Human factor, Information security culture, Electronic medical records, Information security training, Information security awareness