Security of electronic personal health information in a public hospital in South Africa

Chuma, Kabelo Given

01 1900

The adoption of digital health technologies has dramatically changed the healthcare sector landscape and thus generates new opportunities to collect, capture, store, access and retrieve electronic personal health information (ePHI). With the introduction of digital health technologies and the digitisation of health data, an increasing number of hospitals and peripheral health facilities across the globe are transitioning from a paper-based environment to an electronic or paper-light environment. However, the growing use of digital health technologies within healthcare facilities has caused ePHI to be exposed to a variety of threats such as cyber security threats, human-related threats, technological threats and environmental threats. These threats have the potential to cause harm to hospital systems and severely compromise the integrity and confidentiality of ePHI. Because of the growing number of security threats, many hospitals, both private and public, are struggling to secure ePHI due to a lack of robust data security plans, systems and security control measures. The purpose of this study was to explore the security of electronic personal health information in a public hospital in South Africa. The study was underpinned by the interpretivism paradigm with qualitative data collected through semi-structured interviews with purposively selected IT technicians, network controllers’, administrative clerks and records management clerks, and triangulated with document and system analysis. Audio-recorded interviews were transcribed verbatim. Data was coded and analysed using ATLAS.ti, version 8 software, to generate themes and codes within the data, from which findings were derived. The key results revealed that the public hospital is witnessing a deluge of sophisticated cyber threats such as worm viruses, Trojan horses and shortcut viruses. This is compounded by technological threats such as power and system failure, network connection failure, obsolete computers and operating systems, and outdated hospital systems. However, defensive security measures such as data encryption, windows firewall, antivirus software and security audit log system exist in the public hospital for securing and protecting ePHI against threats and breaches. The study recommended the need to implement Intrusion Protection System (IPS), and constantly update the Windows firewall and antivirus program to protect hospital computers and networks against newly released viruses and other malicious codes. In addition to the use of password and username to control access to ePHI in the public hospital, the study recommends that the hospital should put in place authentication mechanisms such as biometric system and Radio Frequency Identification (RFID) system restrict access to ePHI, as well as to upgrade hospital computers and the Patient Administration and Billing (PAAB) System. In the absence of security policy, there is a need for the hospital to put in place a clear written security policy aimed at protecting ePHI. The study concluded that healthcare organisations should upgrade the security of their information systems to protect ePHI stored in databases against unauthorised access, malicious codes and other cyber-attacks. / Information Science / M. Inf. (Information Security)

Privacy

Confidentiality

Personal information

Security

ePHI

Digital health technologies

Public hospital

Disclosure of information

Security threats

South Africa

651.5042610968

Privacy, Right of -- South Africa

Development of a diagnostic instrument and privacy model for student personal information privacy perceptions at a Zimbabwean university

Maguraushe, Kudakwashe

05 1900

Orientation: The safety of any natural being with respect to the processing of their personal information is an essential human right as specified in the Zimbabwe Data Protection Act (ZDPA) bill. Once enacted, the ZDPA bill will affect universities as public entities. It will directly impact how personal information is collected and processed. The bill will be fundamental in understanding the privacy perceptions of students in relation to privacy awareness, privacy expectations and confidence within university. These need to be understood to give guidelines to universities on the implementation of the ZPDA. Problem Statement: The current constitution and the ZDPA are not sufficient to give organisations guidelines on ensuring personal information privacy. There is need for guidelines to help organisations and institutions to implement and comply with the provisions of the ZDPA in the context of Zimbabwe. The privacy regulations, regarded as the three concepts (awareness, expectations and confidence), were used to determine the student perceptions. These three concepts have not been researched before in the privacy context and the relationship between the three concepts has not as yet been established. Research purpose: The main aim of the study was to develop and validate an Information Privacy Perception Survey (IPPS) diagnostic tool and a Student Personal Information Privacy Perception (SPIPP) model to give guidelines to universities on how they can implement the ZDPA and aid universities in comprehending student privacy perceptions to safeguard personal information and assist in giving effect to their privacy constitutional right. Research Methodology: A quantitative research method was used in a deductive research approach where a survey research strategy was applied using the IPPS instrument for data collection. The IPPS instrument was designed with 54 items that were developed from the literature. The preliminary instrument was taken through both the expert review and pilot study. Using the non-probability convenience sampling method, 287 students participated in the final survey. SPSS version 25 was used for data analysis. Both descriptive and inferential statistics were done. Exploratory factor analysis (EFA) was used to validate the instrument while confirmatory factor analysis (CFA) and the structural equation modelling (SEM) were used to validate the model. Main findings: diagnostic instrument was validated and resulted in seven new factors, namely university confidence (UC), privacy expectations (PE), individual awareness (IA), external awareness (EA), privacy awareness (PA), practice confidence (PC) and correctness expectations (CE). Students indicated that they had high expectations of the university on privacy. The new factors showed a high level of awareness of privacy and had low confidence in the university safeguarding their personal information privacy. A SPIPP empirical model was also validated using structural equation modelling (SEM) and it indicated an average overall good fit between the proposed SPIPP conceptual model and the empirically derived SPIPP model Contribution: A diagnostic instrument that measures the perceptions (privacy awareness, expectations and confidence of students) was developed and validated. This study further contributed a model for information privacy perceptions that illustrates the relationship between the three concepts (awareness, expectations and confidence). Other universities can use the model to ascertain the perceptions of students on privacy. This research also contributes to improvement in the personal information protection of students processed by universities. The results will aid university management and information regulators to implement measures to create a culture of privacy and to protect student data in line with regulatory requirements and best practice. / School of Computing / Ph. D. (Information Systems)

Confirmatory factor analysis

Correctness expectations

Diagnostic instrument

Exploratory factor analysis

External awareness

Individual awareness

Practice confidence

Perceptions

Personal information

Privacy

Privacy education

Privacy expectations

Instrument

Structural equation modelling

University confidence

005.807116891

Zimbabwe Data Protection Act

HIV exceptionalism and the South African HIV and AIDS epidemic: perspectives of health care workers in Pietermaritzburg

Still, Linda Joy

31 October 2008

The limited success of HIV-testing facilities in South Africa means that many people are not accessing necessary antiretroviral treatment services. This study investigates the practical implications of HIV exceptionalism inherent in Voluntary Counselling and Testing (VCT). A semi-structured interview schedule was used to survey participants for their perspectives on barriers to HIV-testing uptake as well as the effects of exceptionalist practices at VCT clinics. Responses showed marked perceptions of gender differences in people's willingness to test and several important barriers including problems of access to services. Significantly, exceptionalism displayed in certain clinic procedures was thought to contribute to stigma, and attempts to normalise HIV practice in order to combat the effects of stigma were being informally implemented. Participants' views on routine opt-out testing were explored. The researcher recommended further investigation on how HIV testing and treatment policies can be normalised so as to reduce stigma and increase testing uptake. / Social Work / M.A. Sociology (Social Behaviour Studies in HIV/AIDS)

Ethics

HIV exceptionalism

Rights

Routine opt-out testing

Stigma

Voluntary counselling and testing

362.196979200968475

Aspekte van deursoeking en beslaglegging in Suid Afrikaanse openbare skole : n Vergelykende studie

Van Rensburg, Angelique Gene Janse

06 1900

Afrikaans text / The Canadian and South African legal systems established equivalent constitutional values and principles pertaining to searches conducted with or without a valid search warrant. It creates the basis for a comparative study on this particular aspect. The Supreme Court of Canada held in R v A. M 2008 S.C.C 19 random sniffer dog searches conducted without neither a reasonable suspicion nor any legislative authority on learners enrolled in public schools, is unconstitutional due to its infringement of a learner's reasonable expectation to privacy, as protected in section 8 of the Canadian Charter of rights and Freedoms. South African learners are randomly search by law enforcement officers by using sniffer dogs for purposes of detecting the possession of illegal drugs in instances without neither a reasonable suspicion nor statutory authority. The search is subsequently conducted in terms of the common law. The common law is not regarded as law of general application to limit a fundamental right in terms of the limitation clause. By taking into consideration the ratio in R v A. M (supra) the conclusion is subsequently that random sniffer dog searches conducted on learners in South African public schools, without neither a reasonable suspicion nor statutory authority, is unconstitutional which infringes section 14 of the Constitution of South Africa of 1996. / Die basis vir hierdie studie is ontleen aan die ooreenstemmende vereistes en beginsels in die Kanadese en Suid Afrikaanse reg ten aansien van deursoekings met of sonder 'n wettige lasbrief uitgevoer. In die Kanadese beslissing van R v A.M 2008 SCC 19 is die grondwetlikheid van ewekansige deursoekings met behuip van snuffelhonde op leerders sonder statutere magtiging uitgevoer, deur die Supreme Court of Canada as ongrondwetlik bevind aangesien 'n leerder wel oor 'n redelike verwagting op privaatheid beskik. Indien leerders sonder 'n redelike vermoede en statutere magtiging met behuip van snuffelhonde deursoek word, geskied dit ingevolge die gemenereg en dit word nie beskou as 'n algemeen geldende reg om 'n fundamentele reg kragtens die beperkingsklousule te beperk nie. Met inagneming van die ratio in R v A.M (supra) kan daar dus tot die gevolgtrekking gekom word dat ewekansige deursoekings met behulp van snuffelhonde op Suid Afrikanse leerders in die afwesigheid van 'n redelike vermoede asook sonder statutere magtiging uitgevoer, tans ongrondwetlike optrede daarstel wat op artikel 14 van die Grondwet van 1996 inbreuk maak. / Law (College) / LL.M.

Reasonable suspicion

Learners' right to privacy

Unconstitutionality

South Africa and Canada

Questionnaire

Sniffer dog search

Random searches in RSA public schools

Data collection analysis

Random sniffer dog searches

Comparative study

344.79068

Public schools -- South Africa

Public schools -- Canada

Searches and seizures -- South Africa

Searches and seizures -- Canada

Privacy, Right of -- South Africa

Civil rights -- South Africa

Students -- Drug use -- South Africa

The regulation of unsolicited electronic communications (SPAM) in South Africa : a comparative study

Tladi, Sebolawe Erna Mokowadi

06 1900

The practice of spamming (sending unsolicited electronic communications) has been dubbed “the scourge of the 21st century” affecting different stakeholders. This practice is also credited for not only disrupting electronic communications but also, it overloads electronic systems and creates unnecessary costs for those affected than the ones responsible for sending such communications. In trying to address this issue nations have implemented anti-spam laws to combat the scourge. South Africa not lagging behind, has put in place anti-spam provisions to deal with the scourge. The anti-spam provisions are scattered in pieces of legislation dealing with diverse issues including: consumer protection; direct marketing; credit laws; and electronic transactions and communications. In addition to these provisions, an Amendment Bill to one of these laws and two Bills covering cybercrimes and cyber-security issues have been published. In this thesis, a question is asked on whether the current fragmented anti-spam provisions are adequate in protecting consumers. Whether the overlaps between these pieces of legislation are competent to deal with the ever increasing threats on electronic communications at large. Finally, the question as to whether a multi-faceted approach, which includes a Model Law on spam would be a suitable starting point setting out requirements for the sending of unsolicited electronic communications can be sufficient in protecting consumers. And as spam is not only a national but also a global problem, South Africa needs to look at the option of entering into mutual agreements with other countries and organisations in order to combat spam at a global level. / Mercantile Law / LL. D.

Anti-spam laws

Commercial electronic messages

Consumers

Consent

Direct marketing

Dictionary attacks

Disguising of headers (spoofing)

Electronic communications

Electronic mail (e-mail)

Harvesting and sale of e-mail addresses

International cooperation

Opt-out mechanism

Opt-in mechanism

Personal information

Spam

Unsolicited bulk email

Unsolicited commercial communications

Unsolicited electronic communications

343.9944068

Privacy, Right of -- South Africa

HIV exceptionalism and the South African HIV and AIDS epidemic: perspectives of health care workers in Pietermaritzburg

Still, Linda Joy

31 October 2008

The limited success of HIV-testing facilities in South Africa means that many people are not accessing necessary antiretroviral treatment services. This study investigates the practical implications of HIV exceptionalism inherent in Voluntary Counselling and Testing (VCT). A semi-structured interview schedule was used to survey participants for their perspectives on barriers to HIV-testing uptake as well as the effects of exceptionalist practices at VCT clinics. Responses showed marked perceptions of gender differences in people's willingness to test and several important barriers including problems of access to services. Significantly, exceptionalism displayed in certain clinic procedures was thought to contribute to stigma, and attempts to normalise HIV practice in order to combat the effects of stigma were being informally implemented. Participants' views on routine opt-out testing were explored. The researcher recommended further investigation on how HIV testing and treatment policies can be normalised so as to reduce stigma and increase testing uptake. / Social Work / M.A. Sociology (Social Behaviour Studies in HIV/AIDS)

Ethics

HIV exceptionalism

Rights

Routine opt-out testing

Stigma

Voluntary counselling and testing

362.196979200968475

Aspekte van deursoeking en beslaglegging in Suid Afrikaanse openbare skole : n Vergelykende studie

Van Rensburg, Angelique Gene Janse

06 1900

Afrikaans text / The Canadian and South African legal systems established equivalent constitutional values and principles pertaining to searches conducted with or without a valid search warrant. It creates the basis for a comparative study on this particular aspect. The Supreme Court of Canada held in R v A. M 2008 S.C.C 19 random sniffer dog searches conducted without neither a reasonable suspicion nor any legislative authority on learners enrolled in public schools, is unconstitutional due to its infringement of a learner's reasonable expectation to privacy, as protected in section 8 of the Canadian Charter of rights and Freedoms. South African learners are randomly search by law enforcement officers by using sniffer dogs for purposes of detecting the possession of illegal drugs in instances without neither a reasonable suspicion nor statutory authority. The search is subsequently conducted in terms of the common law. The common law is not regarded as law of general application to limit a fundamental right in terms of the limitation clause. By taking into consideration the ratio in R v A. M (supra) the conclusion is subsequently that random sniffer dog searches conducted on learners in South African public schools, without neither a reasonable suspicion nor statutory authority, is unconstitutional which infringes section 14 of the Constitution of South Africa of 1996. / Die basis vir hierdie studie is ontleen aan die ooreenstemmende vereistes en beginsels in die Kanadese en Suid Afrikaanse reg ten aansien van deursoekings met of sonder 'n wettige lasbrief uitgevoer. In die Kanadese beslissing van R v A.M 2008 SCC 19 is die grondwetlikheid van ewekansige deursoekings met behuip van snuffelhonde op leerders sonder statutere magtiging uitgevoer, deur die Supreme Court of Canada as ongrondwetlik bevind aangesien 'n leerder wel oor 'n redelike verwagting op privaatheid beskik. Indien leerders sonder 'n redelike vermoede en statutere magtiging met behuip van snuffelhonde deursoek word, geskied dit ingevolge die gemenereg en dit word nie beskou as 'n algemeen geldende reg om 'n fundamentele reg kragtens die beperkingsklousule te beperk nie. Met inagneming van die ratio in R v A.M (supra) kan daar dus tot die gevolgtrekking gekom word dat ewekansige deursoekings met behulp van snuffelhonde op Suid Afrikanse leerders in die afwesigheid van 'n redelike vermoede asook sonder statutere magtiging uitgevoer, tans ongrondwetlike optrede daarstel wat op artikel 14 van die Grondwet van 1996 inbreuk maak. / Law (College) / LL.M.

Reasonable suspicion

Learners' right to privacy

Unconstitutionality

South Africa and Canada

Questionnaire

Sniffer dog search

Random searches in RSA public schools

Data collection analysis

Random sniffer dog searches

Comparative study

344.79068

Public schools -- South Africa

Public schools -- Canada

Searches and seizures -- South Africa

Searches and seizures -- Canada

Privacy, Right of -- South Africa

Civil rights -- South Africa

Students -- Drug use -- South Africa