Awareness of, attitudes towards, and practices of health information management professionals in South Korea relating to privacy of personal health information

Background: While information and communication technology has continued to advance, privacy of personal health information (PHI) has remained a challenge for health information management (HIM) professionals. Objective: This study aims to examine the awareness, attitude and practice relating to PHI privacy among HIM professionals in South Korea. Method: A survey questionnaire was developed for the study based on critical appraisal of relevant literature and expert consensus. It was completed by a sample of 312 respondents who were members of the Korean Health Information Management Association, over the age of 21, and worked in a healthcare organisation. Demographic data and questionnaire items (assessed on a 5-point Likert-type scale) were analysed using descriptive statistics, t-tests and ANOVA. Results: Mean scores and SDs for awareness, attitude and practice related to PHI privacy were calculated: 4.21 (0.60) for awareness, 4.17 (0.60) for attitude and 4.31 (0.63) for practice. Significant positive correlations were found between awareness and attitude scores (r = 0.765, p < 0.01); awareness and practice scores (r = 0.585; p < 0.01); and attitude and action scores (r = 0.672; p < 0.01). HIM professionals’ awareness, attitude, and practice towards PHI privacy differed significantly according to age, level of education, years of HIM experience, type of employment, main task, number of completed privacy education activities within the previous 3 years and whether or not they had signed a pledge of confidentiality on PHI. More highly-educated, full-time employed respondents, those who had completed a greater number of privacy education activities and had more experience as HIM professionals, achieved higher scores on awareness, attitude and practice than did other respondents. These differences were all statistically significant (p < 0.01). Conclusion: Although causality cannot be inferred from results of this study, findings suggest that there is a relationship between PHI being a core responsibility of HIM professionals and their subsequent awareness, attitude and practice to ensure its privacy and confidentiality. To improve privacy practice, educational efforts should be prioritised and supported at all levels, including national, organisational, individual, and by professional HIM associations.

Amatayakul, M, Work, M (2007) Value of HIM in and security privacy compliance. Journal of AHIMA 78(5): 44–50.
Google Scholar | Medline American Health Information Management Association (2019a) AHIMA Code of Ethics. Available at: https://bok.ahima.org/doc?oid=105098#.XvBTFWgzZhE (accessed 20 June 2020).
Google Scholar American Health Information Management Association (2019b) What Is Health Information? Available at: https://www.ahima.org/careers/healthinfo (accessed 10 April 2020).
Google Scholar Anthony, DL, Stablein, T (2016) Privacy in practice: professional discourse about information control in health care. Journal of Health Organization and Management 30(2): 207–226.
Google Scholar | Crossref | Medline Bellika, JG, Makhlysheva, A, Bakkevoll, PA (2018) A significant increase in the risk for exposure of health information in the United States: result from analysing the US data breach registry. In: Proceedings from The 15th Scandinavian conference on health informatics 2017, Kristiansand, Norway, , pp. 55–59. Linköping University Electronic Press.
Google Scholar Canadian Health Information Management Association (2008) Code of Ethics. Available at: https://www.echima.ca/code-of-ethics/ (accessed 20 June 2020).
Google Scholar Cha, K-J, Ha, Y-M (2015) Development and validation of an instrument to assess hospital workers’ perception for protection of personal health information. Journal of the Korea Academia-Industrial cooperation Society 16(2): 1253–1263.
Google Scholar | Crossref Elger, BS (2009) Violations of medical confidentiality: opinions of primary care physicians. British Journal of General Practice 59(567): e344–e352.
Google Scholar | Crossref | Medline | ISI Fernando, JI, Dawson, LL (2009) The health information system security threat lifecycle: an informatics theory. International journal of medical informatics 78(12): 815–826.
Google Scholar | Crossref | Medline Flite, CA, Harman, LB (2013) Code of ethics: principles for ethical leadership. Perspectives in Health Information Management 10(Winter): 1d.
Google Scholar | Medline Gordon, WJ, Fairhall, A, Landman, A (2017) Threats to information security-public health implications. The New England Journal of Medicine 377(8): 707–709.
Google Scholar | Crossref | Medline Hassidim, A, Korach, T, Shreberk-Hassidim, R, et al. (2017). Prevalence of sharing access credentials in electronic medical records. Healthcare informatics research 23(3): 176–182.
Google Scholar | Crossref | Medline Health Information Management Association of Australia (2015) HIMAA professional practice guidelines. Available at: https://himaa.org.au/himaa-member-principles-of-professional-practice/ (accessed 20 June 2020).
Google Scholar Jiang, JX, Bai, G (2019) Evaluation of causes of protected health information breaches. JAMA Internal Medicine 179(2): 265–267.
Google Scholar | Crossref | Medline Jung, SY, Ju, HO (2009) Perception and performance of emergency-room nurse’s protection behavior for the consumer health information. Journal of Korean Academy of Nursing Administration 15: 403–414.
Google Scholar Kim, MO (2012) A study on protecting patients’ privacy of obstetric and gynecologic nurses. Korean Journal of Women Health Nursing 18(4): 268–278.
Google Scholar | Crossref Korean Health Information Management Association (2018) KHIMA Code of Ethics. Available at: https://khima.or.kr/contents/content.php?doc=ethics (accessed 20 June 2020).
Google Scholar Korea Health Industry Development Institute (2017) Establishment and Activation of Health Information Exchange Infrastructure for Digital Healthcare. Report no. 2017-52. Chung-buk, South Korea: Korea Health Industry Development Institute.
Google Scholar Korea Ministry of Government Legislation (2018). Enforcement Decree of the Medical Service Technologists, etc. Act. Presidential Decree No. 29383. Available at: https://elaw.klri.re.kr/kor_service/lawView.do?hseq=49834&lang=ENG (accessed 30 May 2021).
Google Scholar Korea Ministry of Government Legislation (2020a) Act on Promotion of Information and Communication Network Utilization and Protection, etc. Act No. 16955. Available at: https://elaw.klri.re.kr/kor_service/lawView.do?hseq=53117&lang=ENG (accessed 30 May 2021).
Google Scholar Korea Ministry of Government Legislation (2020b). Medical Service Act. Act No. 17069. Available at: https://elaw.klri.re.kr/kor_service/lawView.do?hseq=53532&lang=ENG (accessed 30 May 2021).
Google Scholar Korea Ministry of Government Legislation (2020c). Personal Information Protection Act. Act No. 16930. Available at: https://elaw.klri.re.kr/kor_service/lawView.do?hseq=53044&lang=ENG (accessed 30 May 2021).
Google Scholar Kweon, EH (2013) A study on practice of protective actions for medical information-A comparison between hospital administrators and occupational therapists. The Journal of The Korea Institute of Electronic Communication Sciences 8(12): 1959–1970.
Google Scholar | Crossref Kwon, J, Johnson, ME (2014) Proactive versus reactive security investments in the healthcare sector. Management Information Systems Quarterly 38(2): 451–472.
Google Scholar | Crossref Li, T, Slee, T (2014) The effects of information privacy concerns on digitizing personal health records. Journal of the Association for Information Science and Technology 65(8): 1541–1554.
Google Scholar | Crossref | ISI Liu, V, Musen, MA, Chou, T (2015). Data breaches of protected health information in the United States. The Journal of the American Medical Association 313(14): 1471–1473.
Google Scholar | Crossref Moffit, RE, Steffen, B(2017) Healthcare Data Breaches: A Changing Landscape. Baltimore, MD: Maryland Healthcare Commission, 1–19.
Google Scholar Park, H, Lee, SI, Kim, Y, et al. (2013) Patients’ perceptions of a health information exchange: a pilot program in South Korea. International Journal of Medical Informatics 82(2): 98–107.
Google Scholar | Crossref | Medline Pool, JK, Akhlaghpour, S (2019) Causes and impacts of personal health information (PHI) breaches: a scoping review and thematic analysis. In: Twenty-third pacific Asia conference on information systems, China, .
Google Scholar Pushpalatha, K, Saha, D, Gudi, N, et al. (2018) Awareness about privacy and security of patient health information. Indian Journal of Public Health Research & Development 9(12): 190–194.
Google Scholar | Crossref Rinehart-Thompson, LA, Hjort, BM, Cassidy, BS (2009) Redefining the health information management privacy and security role. Perspectives in Health Information Management 6(Summer): 1d.
Google Scholar | Medline Seo, HE, Doo, EY, Choi, SJ, et al. (2017) Influence of information literacy and perception of patient data privacy on ethical values among hospital clinical nurses. Journal of Korean Academy of Nursing Administration 23(1): 52–62.
Google Scholar | Crossref Shahid, MU, Hina, S, Mahmood, W, et al. (2017) Awareness survey of anonymisation of protected health information in Pakistan. International Journal of Advanced Computer Science and Applications 8(5): 365–369.
Google Scholar US Department of Health and Human Services (2013) Breach Notification Rule, Definition of Breach. Available at: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html (accessed 16 June 2020).
Google Scholar Webster, P (2020) Canadian digital health data breaches: time for reform. The Lancet Digital Health 2(3): e113–e114.
Google Scholar | Crossref Willison, DJ (1998) Health services research and personal health information: privacy concerns, new legislation and beyond. Canadian Medical Association Journal 159(11): 1378.
Google Scholar Yun, DH (2019) A study on knowledge, recognition, and practice of protecting the medical information in medium-small size hospital employees. The Journal of Humanities and Social science 10(5): 1439–1452.
Google Scholar

Comments (0)

No login
gif