Original Article/Research Practices and systems employed by health professionals toward protection and confidentiality of patient health records in Ghana Eric Gotah, Emmanuel Adjei, Philip Kwaku Kankam *, Monica Mensah Danquah Department of Information Studies, University of Ghana, Ghana A R T I C L E I N F O Keywords: Confidentiality Ethics Healthcare Health records Electronic healthcare systems Ghana Protection A B S T R A C T Objectives: Health information relies on a patient’s sensory perceptions as well as objective assessments, di agnoses, and test findings. Ghana’s current laws governing the confidentiality of patient health data seems a little pertinent in spite of ongoing conversations on the significance of patient health information and the necessity to protect patient information from improper disclosure. The study therefore investigated the extent of patient confidentiality in Ghana by looking into the guidelines, regulations, and rules that govern patient records. Methods: The interpretive, phenomenological, and narrative methodologies used in qualitative research were employed to study the phenomenon. Twenty (20) participants were interviewed in a semi-structured manner to gather the data needed for the analysis comprising of Doctors, Nurses, Administrative staff, Record Officers, and Information Communication Technology (ICT0 Technicians of five Departments in La General Hospital. The Activity Theory was used as a theoretical foundation for the study Conclusions: The study revealed that healthcare professionals uphold the moral standards relating to patient confidentiality and trust. Again, the findings of the study showed that medical records are safely stored through the use of Electronic Health Record system in the hospital in a manner that wouldn’t compromise patient confidentiality. However, the results establishes that health care workers can potentially serve as a conduit for the leak or breach of patient information through negligence and unprofessional practices. Public interest statement: The study investigated systems and practices that are employed by health workers in Ghana to ensure that patient health records are safeguarded in order to build patients confidence in how their health records are protected. Health workers were interviewed in this study and the findings of the study show that there are practices and systems put in place to safeguard patient health records in the hospitals. Although, it was established that EHR systems help in safeguarding patient health records, the study recommends the need for users of the Health Electronic Records to be fully involved in the implementation process and strict enforcement of policies regarding the use of the EHR system to help prevent negligence and unprofessional application of the system. Introduction The management of healthcare institutions has faced several diffi culties as a result of the sensitivity of patient records. The most well- known difficulties relate to patient records storage, access, safety, and security [1]. The patient records often include identity information such names, phone numbers, medical histories, diagnoses, and treatments, as well as exceedingly sensitive information. Therefore, adopting appro priate safeguards to protect the privacy and confidentiality of patient information included in hospital records is crucial [2]. The digitization of patient records through the use of Electronic Health Records (EHR) systems are been employed as appropriate tool to overcome these challenges. The EHR opens rich possibilities for medical professionals in managing health records, and searching capabilities to instantly access and process patient data [3]. Medical personnel are expected to protect the privacy of their patients. Healthcare providers must make sure that patient information is secure and protected due to increased worries, anxieties of unintentional information disclosure, and a shifting regu latory environment [4]. A concept known as confidentiality refers to private and individual health records that must be kept hidden and shielded from any possible breaches of security. To protect patients’ health and maintain society’s * Corresponding author at: P. 0. Box LG60, Legon-Accra, Ghana. E-mail address: pkkankam@ug.edu.gh (P.K. Kankam). Contents lists available at ScienceDirect Health Policy and Technology journal homepage: www.elsevier.com/locate/hlpt https://doi.org/10.1016/j.hlpt.2024.100933 Health Policy and Technology 13 (2024) 100933 Available online 28 October 2024 2211-8837/© 2024 Fellowship of Postgraduate Medicine. Published by Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies. mailto:pkkankam@ug.edu.gh www.sciencedirect.com/science/journal/22118837 https://www.elsevier.com/locate/hlpt https://doi.org/10.1016/j.hlpt.2024.100933 https://doi.org/10.1016/j.hlpt.2024.100933 http://crossmark.crossref.org/dialog/?doi=10.1016/j.hlpt.2024.100933&domain=pdf faith in the doctor-patient relationship, it is crucial that patient confi dentiality be respected [2]. Health information relies on a patient’s sensory perceptions as well as objective assessments, diagnoses, and test findings. These impressions include the patient’s living, behaviors, and leisure activities. If such extremely sensitive information is improperly disclosed, patients may suffer reputational damage, lose out on oppor tunities, incur financial obligations, or even face personal embarrass ment [5]. It has therefore been found that privacy and confidentiality are crucial concerns during EHR adoption decisions. Indeed, concerns of confidentiality are more challenging today because physicians frequently collaborate in broader teams with other healthcare providers [1,6]. However, the conventional doctor-patient relationship still exists: in theory, doctors continue to keep the consul ting room private, while patients continue to assume that their profes sional information would be maintained as private even when they are aware that data is shared. The Hippocratic Oath’s moral and ethical principles serve as the foundation for medical care in Ghana, where social ethics mandates institutionalized protections for patient confi dentiality. Therefore, it is without a doubt morally appropriate for pa tient health information to be kept as private as possible and, ideally, never disclosed to outside parties. However, it is impossible to offer high-quality patient care without communication within and among healthcare practitioners. A comprehensive EHR can therefore be employed to resolve communication errors “by connecting ordering physicians with pharmacists, who fill the prescriptions, and nurses, who administer prescriptions to patients” p. 490 [3]. The study therefore explores how confidentiality and protection of patient health records are ensured in Ghana in the midst of growing EHR system adoptions. The following research questions guided the study to achieve its purpose: a) What practices ensure that patients have trust and confidence in how their health records are handled by doctors? b) What could influence patient information leakages and breach of confidentiality? c) Are electronic systems, regulations, and standards employed to safeguard patient records and ensure confidentiality? Literature review Patients confidentiality in healthcare delivery and protection of health records When someone discloses information to another person in an insti tutional context where it is reasonable to assume that the information will be kept private and secret, there is a duty of secrecy. Acts of Parliament, common law, and judicial rulings all contribute to this obligation. According to [7], patient confidentiality and privacy is widely accepted as a crucial concept that deserves to be followed [7]. There is a global consensus that it is inappropriate for medical pro fessionals to use or disclose patient records that have been obtained without the patients’ consent. Confidentiality is a type of informational privacy that is distinguished by a special relationship, such as the doctor-patient relationship, and the personal information obtained during this relationship that should not be revealed to others without patient consent [8]. Protecting patient data in health records has received significant attention, generating a wide range of evaluation measures [9]. The Health Insurance Portability and Accountability Act (HIPAA) in the United States is crucial to this discussion since it establishes the standard for data privacy and requires stringent compliance from healthcare providers. Encryption techniques, secure data storage systems, and strict access controls are often recommended as technical precautions [10]. Furthermore, blockchain technology is emerging as a strong tool for assuring data integrity and confidentiality, preventing illegal access, and ensuring transparency in data sharing. [11] underline the need of ethical concerns and regular audits in sustaining confidence and keeping patient confidentiality requirements. These varied approaches highlight the complexity of protecting health information, requiring a combina tion of technological, legal, and ethical strategies to manage the ever-changing spectrum of data security risks. Patients must feel comfortable entrusting their life and health to doctors. To demonstrate their commitment to upholding the norms and standards that are required of them, doctors and other healthcare pro fessionals must respect human life [12]. The General Medical Council (2017) states that there are four domains in which practice should be done in order to achieve these criteria and regulations. The first is to have the knowledge, skills, and performance that guarantees doctors provide a high standard of care by practicing within the scope of their expertise and putting patients first. The second area of focus is safety and quality, which includes ensuring that patient comfort, dignity, or safety are not jeopardized. Additionally, to respect patients’ rights to privacy and confidentiality while providing them with the information they require in an easily understandable manner. The practitioners must also uphold trust by being truthful, forthcoming, acting honourably, and never engaging in unfair discrimination against clients or colleagues. When a patient’s life or safety is in jeopardy owing to harm or neglect as a result of another person’s activity, patient confidentiality may be compromised. This suggests in practice that doctors or other medical professionals shouldn’t discuss medical situations with people they don’t know, such their friends and co-workers, for fear of disclosing or jeopardizing the patient’s identity. Concerns with data security, privacy protection, and patient confidentiality, in general, has a few legal in struments in nations around the world. Some of the legal instrument for recording patient information include; “Electronic Medical record (EMR), Electronic Patient Record (EPR), Computerized Medical Record (CMR), Computer-Based Patient Record (CPR), and Electronic Health Record (EHR). Depending on the defining native land, healthcare sys tem, level of expertise, and time period, these instruments’ meanings only slightly vary [13]. The IT system has enabled this growth in data storage, and the health services of nations that contribute significantly to the massive volumes of data saved in this fashion do so in order to uphold patient rights regarding their privacy and confidentiality [6,14]. Every patient’s first point of contact is the outpatient department (OPD), where they are seen by a nurse or nurses and have their vital information collected before being directed to the proper consulting rooms. [11] assert that there is a general principle of patient confiden tiality that needs to be highly upheld, protected, and guided. According to their study, it is acceptable for medical personnel to share sensitive data when doing so is important for the patient’s care. They added that no patient medical information should be disclosed before the patient’s consent is obtained in order for clinicians to conduct medicine with the utmost respect and care. Electronic health records are widely utilized and offer a number of advantages, including better healthcare quality, quick information access, a decrease in clinical errors, and the potential to reduce costs associated with managing patient records [15,16]. Additionally, they help health professionals share data more effectively, which improves the communication of patient data [17]. [11] investi gation revealed that when an authorized individual requests access to a document pertaining to a piece of patient information in any Chinese hospital, they must complete and follow specified processes and specific request forms. They stated that hospital administrators and local gov ernment must adhere to the established processes and regulations, with each state being responsible for the implementation of such privacy laws. Patient confidentiality and privacy are seen as two opposite con cepts, with the patient’s right at one extreme and the doctor’s obligation to preserve patient information at the other [18]. In many cultures, the relationship between the patient and the doctor serves as the corner stone for the development of trust, especially when the patient may have a communicable condition like viral hepatitis. It is important to remember that under the Indian system, patient personal information should remain restricted and protected when patients are in a profound E. Gotah et al. Health Policy and Technology 13 (2024) 100933 2 coma or a serious state and are unable to give consent or authorize a relative to speak for them. Patients like the use of technology in their healthcare. When a patient visits the institution, clinicians can print important self-management tools, educational materials, and self-readable and illustrative clinical summaries for them using the Electronic Health Record (EHR) [12]. As a result, it is clear that the right of a patient to have their private information protected has been recognized throughout recorded history. Although there are regional variations of this, the overall goal is the same, with only a few circumstances, as mentioned above, under which this right may be waived [5,6]. In order to create a contemporary medical code for use globally in an era where patient confidentiality has become increasingly important, the International Code of Medical Ethics was developed in 1948. It was created to support and uphold patient privacy, which helps to clarify the doctor’s obligation in this regard. A doctor must respect a patient’s right to confidentiality, according to the World Medical Association (2007). When a patient consents to it or when there is an actual threat of harm to the patient or others that can only be removed by a breach of confi dentiality, it is ethical to reveal secret information. In addition, patients’ privacy and autonomy are protected by national and international legislation; in the UK, this is covered by the Common Law and the Eu ropean Agreement on Human Rights Act (1998) assures that all Euro pean nations uphold these rights [19]. Patients must also be informed of their legal rights, including any protest or dissatisfaction procedures. Furthermore, Muslim scholars and medical experts concurred that patient confidentiality should be safeguarded and limited to uphold human dignity at the first international conference on Islamic medicine, held in Kuwait in January 1981. It was decided that since this is against Islamic law, doctors shouldn’t share or disclose any patient information. This strives to maintain people’s dignity, safeguard their privacy, and conceal their secrets [20]. The practice of patient confidentiality has been shaped in part by religious convictions. The Geneva International Code and Declaration of Medical Ethics is fairly explicit on the subject, emphasizing that physicians owe their patients utmost confidentiality with regard to their medical information and everything else that may have been confided to him or which the doctor knows because of the confidence entrusted to him. Methodology Research approach The interpretive, phenomenological, and narrative methodologies used in qualitative research are all used in this study. Phenomenological methods seek to comprehend participants’ subjective, lived experiences as well as their views of and thoughts on those experiences [21]. The researcher is interested in an individual’s potential for meaning-making within interpretative approaches, that is, an individual’s method of self-reflection on their experiences and the meaning they assign to these experiences [22]. The goal of narrative techniques is to comprehend a person’s subjective experiences [23]. Through the use of case study and qualitative approach, the study collected and analyzed data regarding explanations, descriptions, narratives, views, and thoughts about health records keeping practices with the intent to safeguarding the confiden tiality of patient health information in the La General Hospital, in Ghana [24]. The rationale for using the qualitative research approach was to understand the subjective, lived experiences of participants and their perceptions and reflections on these experiences. Study setting This study was carried out at the La General Hospital, one of Ghana’s general hospitals. The La General Hospital is the second-largest hospital in the Greater Accra Region and one of Ghana’s tertiary hospitals. The Hospital opened its doors for business in 1933 with 151 patient beds. La Polyclinic, the hospital’s previous name, was founded to provide healthcare to the general population in Ghana’s capital. The La General Hospital has a strong Information Technology (IT) Unit in charge of system supervision, and it has a system in place for its patient data. Along with the paper records system, the hospital also uses customized pro-medical software for patient records. This is simply at the records section and therefore using the incremental methodology. The hospital is still having trouble implementing the EHR system fully. The decision to implement a hybrid system at the hospital has, however, increased patient privacy in medical records. Patients will receive higher-quality healthcare delivery and confidentiality, and their health status will improve more fairly as a result of increased access to quality integrated healthcare, ready accessibility of community-based healthcare re sources, strengthened and responsive health systems, and improved governance and accountability in the La General Hospital. To investigate the effect of customer perceived service quality on customers’ satisfac tion for Private Health Centers in Malaysia, Haque et al. (2012) per formed a conceptual survey utilizing the customer satisfaction model. In this study, they clarified that patient satisfaction could be achieved through the execution of numerous support procedures as well as increasing the patient-centered facilities. At the La neighbourhood of Accra, Ghana, the La General Hospital is a government building that first opened its doors in 1933. It was established to provide healthcare to the general public in Ghana’s cap ital city and was once known as La Polyclinic. A medical superintendent is in charge of the hospital’s regular operations. Both the inpatient and outpatient departments of the hospital operate. Every patient’s initial port of call is the OPD, where they are attended to by nurses who take their vitals before sending them on to the proper consulting rooms. The La General Hospital employs professionals on a permanent, temporary, and contract basis. General OPD care, internal medicine, surgery, ob stetrics and gynecology, pediatrics, dietetics, electrocardiography and reproductive, child health, identifying obstetrics, urology, cardiovas cular, cerebrovascular, and musculoskeletal illnesses are among the services provided. Therefore, the researchers selected the La General Hospital healthcare facilities because they are located in a suburban area of the nation and will help them understand the difficulties they face when trying to adopt a basic e-Health facility system or legislation to protect the privacy of patient health information in the delivery of healthcare. Study population Since the study was interested in gathering data from all users of patient records at the La General hospital, the population for the study included all staff at the five units of the hospital whose core mandate involved the use of patients’ health information. Thus, the total popu lation for the study was seventy-four (74) comprising 26 staff from the medical unit, 16 staff from the administration, 13 staff from the Emer gency unit, 6 staff from the Information Communication Technology (ICT) unit and 13 staff from the OPD unit. The study was interested in employing census to include all the staff in the study. Upon initial engagement with the staff to seek their consent on the study, 44 of them expressed interest in participating in the study. After applying the eligibility criteria, 36 of the staff who expressed interest qualified since eight (8) of the interested have had been with the facility for less than a year. To this end, the participant groups were arranged based on the time and date they expressed interest in the respective units for the interviews. Data collection instrument/pre-testing This study employed a semi-structured interview schedule to collect qualitative data from participants. The interview guide was designed to elicit information from staff members regarding health records man agement and measures implemented to safeguard patient health E. Gotah et al. Health Policy and Technology 13 (2024) 100933 3 information confidentiality. To ensure the reliability and validity of the interview guide, a pre-test was conducted with three staff members (a doctor, a records officer, and an ICT officer) at the hospital. These in dividuals, who had less than one year of service, were excluded from the main study. The pre-test results aligned with the study’s objectives, indicating that the interview guide was effective in collecting the desired data. Consequently, no modifications to the instrument were necessary. Data collection procedure To facilitate open and natural responses, interviews were conducted in participants’ natural settings, allowing them to express their views and thoughts on record-keeping practices in their respective units. Interview time and venues were arranged and agreed upon based on the convenience and availability of the research participants which took at the hospital premises. Moreover, with the help of the hospital admin istrator, the researchers were led to other departments to introduce themselves and the purpose of the study. The researchers made an appointment with the participants for the interview which took place in their various offices. During the interview, the English language was the predominant medium of communication as some of the responses were recorded over a recording device and some manually for transcription which took between 15 min to 20 min. To manage difficult issues such as having an emergency or a case, participants were offered the opportu nity of a break as they required. Several open-ended questions were prepared to help encourage participants to describe their views and experiences, to help draw out the information that was required to meet the aims of the study Data analysis The qualitative data collected through interviews were subjected to an analysis process. Initially, the researchers conducted a thorough reading of the entire transcript, identifying relevant responses that addressed the research questions. This was followed by a systematic coding process, where themes and categories of information were identified and labeled. Quotes from participants were incorporated into the report to provide rich context and to illustrate key findings. Through iterative readings of the transcript, the researchers refined the coding framework, allowing for the emergence of new themes and subthemes. This iterative process facilitated a deep understanding of the data, enabling the researchers to identify patterns, relationships, and mean ings that were vital to the study. Finally, the researchers employing the thematic analysis, where data were carefully organized and in a coherent and meaningful manner. This approach allowed for detailed understanding of the respondents’ perspectives, which were then compared and contrasted with existing literature to identify areas of agreement and disagreement Ethical considerations The researchers made sure that all of the sources of data used during the entire study were properly acknowledged in order to prevent plagiarism. The researchers got an introductory letter from the Depart ment of Information Studies at the University of Ghana and delivered it to La General Facility to describe the purpose of the study in order to maintain the confidentiality and anonymity of the hospital and the re spondents. The study’s participants were given the appropriate privacy and confidentiality protections, notably during the data collection pro cess and study analysis. Considering that neither the study nor the disclosure of the respondents’ names. Before conducting interviews, the researchers got the respondents’ verbal approval. The researchers fully informed and explained the intent of the study to the respondents and sought their permission before the interviews. Findings In this section, the study’s response rate, and participants’ de mographic data are presented along with the themes that emerged from thematic analysis of their responses. It also includes opinions on pre serving the privacy of patient health information from official interviews with medical professionals, including doctors, administrators, records and ICT personnel, and nurses. These opinions came from healthcare professionals who worked at La General Hospitals. Four sub-sections were used to present the results, one for each of the four study topics. Ascertaining patient confidence in doctor confidentiality in the provi sion of healthcare was the primary goal of the first research objectives, which were described in the first subsection. For high-quality and effective healthcare delivery, it is essential to have a solid understanding of patient-doctor confidentiality. The elements that affect patient in formation leaks and confidentiality violations at the La General Hospital were discussed in the second section. If patients believe their personal information will be shared by doctors without their permission, they may decide not to seek medical attention. The third and fourth sub- sections investigated the laws, policies, rules, and standards that apply to patient records, privacy violations, and patient rights at La General Hospital as well as the efficacy of the EHR system in protecting patient confidentiality. Response rate Of the 36 targeted respondents who were willing and had met the eligibility criteria for the study, twenty (20) participated in this study giving a response rate of 57.1 %. This is because, as indicated in Table 1, four (4) of the respondents out of the 36, were unable to participate in the interviews due to some emergency situations that took them out of post during the data gathering period, leaving 32 of the respondents. Hence the remaining 32 of the respondents were regarded as the po tential respondents. However, after interviewing 15 staff from the hos pital, the next five interviews produced similar information. Hence, based on the theory of saturation the qualitative data for the study were obtained from 20 respondents who served as the actual respondents from which information to answer the study objectives were sort. Respondents’ demographics The demographic characteristics of the staff who took part in the interviews when the study had reached saturation are presented in Table 2. As presented in Table 2, for the sake of anonymity, the names of the respondents have been replaced with pseudocodes ranging from 1 to 20 Patient confidence in doctor confidentiality in the provision of healthcare As the study’s first objective, this section presents an analysis of the data collected from respondents (n = 20) regarding their trust in the confidentiality of healthcare providers. The analysis is based on re sponses to targeted questions designed to assess patients’ perceptions of healthcare providers’ ability to maintain confidentiality. The analysis focuses on the level of trust patients have in their doctors to maintain secrecy and uphold the confidentiality of personal and sensitive medical information shared during the provision of healthcare services. Indeed, confidentiality is essential to the doctor-patient relationship, which depends on trust. If patients believe their personal information will be disclosed by doctors without their agreement or without the opportunity to have some control over the degree of information provided, they may avoid seeking medical attention or underreport symptoms. This was evident in the interviews as almost every interviewee (n = 18), spoke about the confidence patients have in their doctors. Majority of re spondents (n = 15) cited the doctors’ ethical and legal obligations, their honesty and lack of discrimination, and their professional conduct as E. Gotah et al. Health Policy and Technology 13 (2024) 100933 4 important indicators that influence patients’ faith in physicians. Further, given that sensitive and private information might be found in medical records. The idea that information shared between doctors and patients should be kept confidential is widely acknowledged. Cli nicians are also expected to adhere to a code of confidentiality in the various healthcare facilities as a matter of law and ethics. In fact, all the interviewees affirmed that they always uphold moral standards relating to patient confidentiality and trust. The respondents emphasized that patients’ trust in doctors is largely attributed to their commitment to upholding moral and ethical standards. A significant majority of re spondents (n = 16) concurred that a breach of an institution’s ethical standards can have severe consequences, including damage to its reputation and erosion of its integrity. These findings suggest that adherence to ethical principles is crucial in maintaining the trust and confidence of patients in healthcare providers. Moreover, the re spondents recognized that institutions have a responsibility to uphold ethical standards, and any failure to do so can have far-reaching and detrimental effects on their credibility and reputation. This well captured by on interviewee who said “…The trust patients have in doctors makes us to adhere to the legal and ethical guidance that govern our profession. Moreover, their trust in us (clinicians) enable us to take patients trust and confidentiality as a pri mary issue. We the clinicians make sure we keep the information safe without leaking them. This assure patients of their right of privacy. (Pt.8 female, 29yrs, dpt. ICT) Indeed, trust is a fundamental component of the patient-doctor relationship, essential for accurate diagnosis and high-quality health care delivery. Patients must feel confident in sharing their personal health information and entrusting their lives to healthcare providers. Recognizing this, the Ghana Health Service has established guidelines for clinicians on maintaining patient confidentiality, thereby promoting a culture of trust and respect. By adhering to these guidelines, physicians will demonstrate their commitment to upholding the highest standards of their profession, prioritizing the well-being and privacy of their pa tients. This unwavering dedication to respecting human life and confi dentiality fosters a safe and supportive environment, enabling patients to receive optimal care and achieve better health outcomes. Another interviewee for instance said: “…All clinician has taken an oath which make them not to expose pa tient’s information without their concern. This enables us to protect pa tient and public trust they have in us. We also make sure we work within Ghana Health Service (GHS) codes of conduct to protect patient privacy. (pt.10, female, 31yrs, dpt. Medical Unit) An interviewee also mentioned: Table 1 Population and response rate N = 74. Unit Willingness to participate Eligibility criteria work experience >1yr Availability to participate Actual respondents Able to participate Not able to participate Medical unit 26 17 11 6 5 Administration 16 9 5 4 3 Emergency unit 13 7 7 – 6 ICT 6 3 2 1 2 OPD 13 8 7 1 4 Total 74 44 32 12 20 Source: Field Data. Table 2 Respondents demographics (n = 20). Respondents (Pseudocodes) Age Gender Profession Education Years worked Department 1 32 Male IT Staff FD 10yrs ICT Dpt. 2 28 Male Adm. Staff MA 3months Administration 3 26 Female Physician Assistant FD 2yrs Medical unit 4 34 Female Record Officer MA 10yrs OPD 5 55 Female Doctor MA 8yrs Emergency 6 51 Female Doctor MA 10yrs Emergency 7 42 Male Doctor MA 6yrs Emergency 8 40 Male Administrator MA 6yrs Administration 9 29 Female IT Staff MA 5yrs ICT Dpt. 10 31 Female Physician Assistant MA 3yrs Medical Unit 11 32 Female Physician Assistant MA 7yrs Medical Unit 12 45 Female Doctor MA 7yrs Emergency 13 48 Male Doctor MA 10yrs Emergency 14 32 Male Doctors MA 6yrs Emergency 15 34 Female Adm. Staff MA 5yrs Administration 16 26 Male Physician Assistant FD 2yrs Medical Unit 17 34 Male Record Officer MA 6yrs OPD 18 30 Male Physician Assistant MA 4yrs Medical Unit 19 35 Female Record Officer MA 8yrs OPD 20 33 Male Record Officer MA 5yrs OPD Source: Field Data. Note: MA-Master’s Degree; FD-First Degree. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 5 “…In-service trainings are often organized in the hospital that emphasis much on the patient’s right and privacy. Also, the guidance of interna tional codes of ethics and GHS rules and regulations are available for us to follow. (pt.11female, 32yrs, dpt. Medical Unit) Elements that affect patient information leaks and confidentiality violations The study’s second objective was to examine some of the key ele ments that could have an influence on patients’ information leaks. Certainly, discrimination against individuals based on their racial or medical history is prohibited due to its detrimental impact on their dignity and well-being. Unfortunately, patients may avoid seeking medical care, including essential check-ups, when they perceive discriminatory behavior from healthcare providers. This is particularly concerning in cases involving communicable diseases and HIV/AIDS, where social isolation and stigma already pose significant barriers to care. When patients become aware of disparaging remarks made by healthcare providers or feel that their condition has been disclosed to others without their consent, they may experience feelings of shame, mistrust, and vulnerability. This can lead to delayed or foregone care, exacerbating their condition and undermining public health efforts. It is essential for healthcare providers to uphold the principles of confidentiality, respect, and empathy, ensuring that all patients receive compassionate and non-discriminatory care. Notably, the study re spondents emphasized their commitment to upholding patients’ rights, which serves as a key motivator for their truthful behavior. The in terviewees expressed a strong dedication to treating patients and col leagues with fairness, respect, and dignity, aligning with the fundamental principles of healthcare ethics. These were well captured by some of the interviewees as follows “…We let them relax and talk to them, making them know that their privacy is secured. That’s when they are not willing to release the infor mation. Sometime we ask our nurse or assistant to go out and we make sure to be honest and act with integrity and never to discriminate any of our patient. (pt.5, female, 55yrs, dpt. OPD/Emergency) ……We always guide our behavior by been honest and act with integrity and non-discriminatory to our patients……. if third party in the consult room before the patient walk in, the doctor introduces the patient to the person/nurse working with the doctor assuring the patient the confiden tiality of his or her information. (pt.14, male, 36yrs, dpt. ODP/Emergency) Furthermore, the clinicians their primary objective is to empower patients to achieve optimal health and well-being. This goal drives their commitment to delivering high-quality care and staying up-to-date with the latest techniques and research. During the interviews with the study respondents, the interviewees recognized the importance of acknowl edging their professional limitations and working within them to maintain their competence. Indeed, quite a number of the interviewees (n = 15) emphasized the need for continuous attention to workplace professionalism to foster a positive and respectful relationship between patients and healthcare providers. Some of the interviewees (n = 9) also highlighted their individual accountability for professional conduct, underlining the importance of maintaining the trust of patients and the public. Some comments made by the interviewees are as follows: “…We doctors can maintain patient trust by showing professionalism at work and also adhering to policies and regulation at the hospital settings. (pt.4, female, 33yrs, dpt. OPD) “…We doctors maintain patient trust in our work by sounding mature or professional during discussion with the patient, involving and putting on a smiling face during consultation. Also, when the third party in the consulting room before the patient walk in is excused from the room. (pt.7 male, 42yrs, dpt. OPD/Emergency) “…I make sure that I am well-informed with information pertaining to patient’s healthcare. We doctors’ work within the limits of our compe tency and do not abuse patient and public trust in us. Also, we update our self regularly about being professionals in our work. (pt.13, male 38yrs, dpt. OPD/Emergency) More also, patient information leakages and breach of confidenti ality is a key aspect of patient confidentiality in healthcare settings. It refers to the unauthorized access, disclosure, or misuse of sensitive pa tient information, which can compromise patient trust and have serious consequences. A patient may disclose information about his or her sickness at the healthcare delivery center, and the disclosure of such information may take place while the patient is receiving treatment in the Outpatient Clinic and the doctor and nurse are handling the patient’s information. A breach could also occur while a patient’s information is being transferred from the outpatient clinic to the medical records store, between the medical records store and the hospital IT system, or it could happen due to the patient’s condition while the information is being transferred between those two locations. Analysis of the interviewee’s responses revealed three primary themes related to potential compro mises or leaks of patient information as presented in Table 3. Regarding Theme 1, as presented in table 1, a subset of interviewees (n = 17) expressed concerns that inexperienced nurses and paramedics may inadvertently compromise patient confidentiality due to a lack of understanding or adherence to ethical principles. This was evident in statements such as: “….Some of the factors could be amateur nurses, cleaners and para medics who work with us in the consulting room. This people can easily leak the information to their friends through mere chatting. Also, un professional discussion of patient’s illness among the doctors can be channel of leakages. (pt.14, male, 36yrs, dpt. OPD/Emergency) “…Information may leak when novice nurses and paramedics who work with us unfortunately discuss the patient’s information with their friends. Also, when cleaners are doing their work in the ward, they can eavesdrop what the patient is tell us……and in that case we cannot sack or stop such cleaner since we are all aware of patient’s privacy. (pt.5, female, 55yrs, dpt. OPD/Emergency) Regarding Theme 2: Environmental Factors, respondents (n = 18) provided insight into how case notes left unattended and discussions among clinicians can compromise patient confidentiality. This was well captured in statements from two interviewees: Table 3 Responses on potential compromises of patient information. Theme 1: Healthcare provider actions (n = 17) Theme 2: Environmental factors (n = 18) Theme 3: Patient-specific information (n = 27) Actions by nurses and paramedics, such as careless handling of patient records or unauthorized access, as a potential risk to patient confidentiality. Leaving case notes unattended or engaging in discussions among clinicians in public areas or without proper privacy measures were cited as environmental factors that could compromise patient confidentiality. Sensitive information about a patient’s condition, such as contagious diseases or mental health status, could be vulnerable to leakage or compromise if not properly protected. Source: Field Data. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 6 Patient information can be leaked as a result of unprofessionalism of some clinicians. That’s some of the doctors disclose some patients’ information to their colleagues which amount to a breach of patient’s confidentiality. Some clinicians do not care about the ethics of doctor-patient confiden tiality hence some leaving untended case notes on the floor unaware…. all these could be a means by which leakages could happened. (pt.15, female, 34yrs. Dpt. Administration) …. That’s some of the doctors disclose some patients’ information to their colleagues which among to a breach of patient’s confidentiality. The negligence of some medical doctors such leaving case notes on tables, trolleys and floor unattended to can be a cause. (pt.9, male, 40yrs, dpt. Administration) Finally, on theme 3, some of the interviewees also clarified that patients who required an aide to communicate their symptoms to doc tors for proper diagnosis and treatment because they were incapacitated or were dangerously ill could be a threat to the patient’s information. In rare cases, when a patient loses the ability to convey information for an accurate diagnosis, a third party may be required to provide a detailed account of the patient’s problems. This could result in the leakage of patient information. The individuals that came next explained these circumstances. For instance, one of the interviewees said: “…In a situation where the patient cannot talk or disabled and needed assistance to communicate his/her problem can be a major factor in patient’s information leakage…. Also, the discussion of patient’s illness among we the doctors con be a major factor. (pt.4, female, 34yrs, dpt. OPD) Another interviewee also said: If visitors of the patient who are not relative of the patient has the in formation of the patient, can leads to leakages. Also, when the patient is critically ill or disable and not able to communicate the needed infor mation for effective diagnosis, require a third party which can be threat to information leakages. (pt.10, female, 31yrs, dpt. Medical unit) Another section of the interviewees also believed that other communicable disease patients who were separated from other patients or given a special place might cause patient information to leak. The participants reiterated that if other patients learned that such a private area is for patients with contagious disorders, there might be a breach of confidence. Some interviewees stated that hospital visitors who are not the patient’s relatives always want to know about the patients’ condi tions, and this can contribute to the leaking of patient information. Some of the comments made in this regard are outlined as follows: “..An increase in patients may be threat because information we receive from patients are confidential. Therefore, patient with TB or other communicable diseases are given separate location so when other patients know, the patient information is breached in one way or the other. Such patient with TB may not want to continue their medications. (pt.8, female, 29yrs, dpt. ICT) “…It is likely to pose threat, for instance, patient with TB or HIV are given secluded place so when another patient knows, the patient information is breached that. Such patient with TB or HIV no longer continues their medications. (pt.1, male, 32yrs, dpt. ICT) “…One of the reoccurring challenges we have, is when different people visit the patient who are not even his/her relatives. Such visitors always ask questions concerning the patient’s health condition which could breach patient’s privacy. (pt.17, male, 34yrs, dpt. OPD) Regulations and standards that govern patient records at La general hospital The third objective sought to find out the availability and knowledge of the health providers of electronic systems, regulations, and standards employed to safeguard patient records and ensure confidentiality. From the responded gathered, all of the interviewees (n = 20) demonstrated a comprehensive understanding of the core principles of clinical practice, including the importance of patient confidentiality, informed consent, and respect for autonomy. Their responses reflected a strong foundation in ethical principles and a commitment to upholding the highest stan dards of care. This demonstrated knowledge and understanding suggests that the respondents have received adequate training and education in clinical practice and are well-equipped to navigate complex ethical sit uations. This information made it quite obvious that patient expect that their doctors will keep their personal information confidential. Indeed, clinicians are expected to understand and abide by the principles of confidentiality and respect for patient privacy as outlined in the GHS guidance. The foundation for deciding when to release patients’ per sonal information was established in this guidance, and it was then applied to disclosures made in support of an individual patient’s direct care as well as for the protection of other patients and the general public. Moreover, the participants (n = 20) uniformly acknowledged the exis tence of a clear directive or rule that delineates the responsibilities of physicians regarding the handling and protection of patient information. They cited ethical guidelines, robust health records systems, and the Ghana Health Service (GHS) Code of Practice as essential mechanisms for safeguarding patients’ rights and privacy. Furthermore, some of the interviewees (n = 16) again mentioned how the doctor’s code of ethics helps them to handle and secure their patients’ personal information. To the degree that they can, they make sure that any personal data they possess or manage is adequately safe guarded at all times against unauthorized access or loss. As they follow it, these ethics prevent them from violating the rights of their patients and co-workers. Other participants said that they understood their ob ligations. Due to this, they were able to acquire and keep a working knowledge of the material governing their profession that was pertinent to their function as doctors. Some of the statements made by the in terviewees were as follows: “…Aside the GHS code of conducts, there are ethical guidance that does not permit patients or their relatives to have access to patients’ folders except the photocopy of such folder. (pt.20, male, 33yrs, dpt. OPD) “…There is an international ethics that govern medical profession. This guidance helps to manage and protect patient’s information. Also, in dividual’s responsibility helps us to maintain and develop appropriate behavior towards patient. (pt.8, female, 29yrs, dpt. ICT). “…Only the doctor and the nurse in charge of the patient has access to the patient folder… It shows that our individual responsibility also helps us to protect patient information. Because we will be held accountable for any issues regard breach of confidentiality. This also help us to behave appropriately. (pt.10, male, 31yrs, dpt. Medical Unit. Additionally, the participants emphasized that physicians are obli gated to comply with legal requirements when accessing, utilizing, or disclosing personal information, just like all individuals. In this regard, they clarified that the Ghana Health Service (GHS) handbook’s policies and procedures govern the use and dissemination of personal informa tion. These guidelines serve as a crucial framework, enabling physicians to exercise vigilance in their behavior and decision-making. The re spondents also affirmed that established protocols are followed when ever external entities request patient health information. This ensures that sensitive data is shared only through authorized channels, E. Gotah et al. Health Policy and Technology 13 (2024) 100933 7 maintaining the confidentiality and security of patient information. By adhering to these guidelines and procedures, physicians demonstrate their commitment to upholding the highest standards of data protection and patient privacy. Some of the respondents for instance said: “…There are policies and regulations from GHS that regulates patient- doctor confidentiality. We know that all information about patient should be secure to make sure that the privacy is protected. (pt.19, female, 35yrs, dpt. OPD) “…All clinician has taken an oath which make them not to expose pa tient’s information without their concern. And we always adhered to the GHS codes of ethic. (pt.16, female, 26yrs, dpt. Medical Unit) Finally, recent advancements in information technology and com puter science have significantly transformed the healthcare sector, enabling the development and implementation of innovative solutions. A notable example is the Electronic Health Record (EHR) system, which has been widely adopted across the healthcare industry to digitize and streamline the management of vast amounts of paper-based records. This transition has enhanced the efficiency and accuracy of recording medical information. The interviews with the study respondents demonstrated that they were computer literate persons and had received training on utilizing the CareWex electronic health record system and its applications at the La General Hospital. The respondents highlighted the significant role of this software in supporting their efforts to maintain confidentiality in the doctor-patient relationship. By leveraging the features and security measures of the EHR system, healthcare providers can effectively safeguard sensitive patient information, ensuring the integrity and trust of the healthcare process. Some of the respondents for instance said: ……there is an electronic health record software that the hospital is currently using which I believe will help to protect the privacy and right of the patient. But in regarding patient right to privacy, in-service training often organises to train and re-inform us the doctors to about patient confidentiality. (pt.8, male, 40yrs. dpt. Administration) ….. And the use of the electronic system to record patient information also prevent the leakages. (pt.17, male, 34yrs, dpt. OPD) Discussion of findings Patient trust in doctor’s confidentiality Two major prospects will aid the doctors to act per doctor-patient trust confidentiality in the La General Hospital. These are: (1) Ethical and legal duty (2) Professionalism. Ethical and legal duty It has been observed that as employees gain more knowledge about information leaking, they start to make better judgments regarding maintaining their privacy [25]. This kind of understanding inspires the creation of ethics or standards for environmental governance. Further more, in order to provide services, private and governmental agencies demand that people provide personal information [26]. To maintain the confidentiality, integrity, and availability of this information, personnel process it and store it manually or digitally. Certain laws require health providers to limit the disclosure of certain types of information [2]. Participants recalled that there are regulations that concentrate on doctors and legal obligations of patient information confidentiality. They contend that the conditions of data protection law, which puts several obligations on data controllers who are physicians, must be met in the processing of patient data. The Activity theory is seen by [27] as human interaction with soci ety. This activity has a complicated social structure that incorporates the interaction between the client and the personnel. Practically speaking, knowledge is constantly valued and appreciated by people, organiza tions, and society at large. Therefore, information security practices are required to safeguard all of an organization’s information, whether it is organized or processed, pertaining to both individuals and the organi zation as a whole [28]. Because of this, regardless of the business objective, the secrecy of information is constantly high on the agenda of many organizations [5,16]. Participants discussed how trust and secrecy are crucial components of the doctor-patient relationship. They claimed that if patients believe their personal information would be exposed or has already been disclosed by doctors without their agreement, they may decide not to seek medical treatment. Therefore, they have a moral and legal obligation to prevent unauthorized exposure of patients’ per sonal information. They believe that unless it is required by regulations, they shouldn’t typically reveal information if they are aware that a pa tient has opposed to it being disclosed for uses unrelated to their care. That is, if the public interest can be demonstrated and the publication of the patient’s information has been authorized under a statutory pro cedure that overrides common law secrecy. Additionally, these results supported a study by [29] that found that major hospitals with predominantly manual patient record systems encounter storage issues. Access to patient records is another issue that users and custodians must deal with. Therefore, a healthcare provider is required under ethical and legal regulations to preserve patient health records, and they also include provisions for civil and criminal penalties for noncompliance. The results supported [30] assertion that healthcare professionals must follow laws and regulations regarding patient infor mation confidentiality in order to safeguard and protect medical infor mation in light of growing public concern, worries about unintended data exposure, and a changing regulatory environment. Professionalism Personnel who handle medical records should be competent, quali fied, and conduct themselves professionally, according to both [31] and [32] doctors and nurses, who use patient records, should be provided with clear instructions on how to respond to their patients in a way that is not minifying. Participants said that when interacting with their pa tients, they always act professionally. They believed that the nature of their employment required them to frequently update their knowledge and patient-handling abilities, particularly in the consulting room. Ac cording to activity theory, an activity is made up of a subject that in volves employees and clients, co-workers, or colleagues [27]. The findings thus supported or concurred with [31] explanation that strong leadership and professionalism are necessary to achieve good personal service and harmonious relationships with clients and col leagues. [31] went on to say that professionalism might lessen breaches of health information. In this regard, the participants stated that hiring medical records managers who have the necessary training is a requirement for a healthcare facility. They claimed to frequently attend workshops to refresh their knowledge of their profession and appro priate behavior to avoid violating the patient’s rights and privacy. Medical records employees are the guardians of patient records; thus, they must behave appropriately, be qualified, and possess the necessary skills to manage patient records in order to prevent unauthorized access and preserve patient confidence in their profession. These results have a connection to the literature by [32] who explained that since physicians are the guardians of patients’ health information, they must possess the necessary training, expertise, and legal requirements to safeguard pa tient records against unauthorized access. This could serve as a pre caution against potential patient privacy and confidentiality violations [1,2]. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 8 The EHR system in safeguarding patient confidentiality The results of the data analysis were thoroughly detailed in this subsection. The conclusions reached would be applied to recommen dations for the healthcare organization’s potential future use of the EHR system. According to [33], an activity is anything that we do, no matter how tiny or significant, and is predicated on the idea that tools operate as a bridge between the subject and the object. Technology is viewed as a set of instruments that encourage social engagement and behavior in a given situation [34]. Information processing requires interaction be tween the user and tools like technology in order to safeguard and secure the safety of such information [27]. The interaction between people and instruments employed in the social system, such as technology used to process and store information that has been exposed to unauthorized users, is explained by the activity theory [27]. There were two major issues discussed under this section; (1) the Benefits of the EHR system, (2) the challenges of using EHR in La General Hospital. Patient information leakages and breach of confidentiality Data loss of records holding sensitive information of an institution or unintentional exposure of patient records are both examples of infor mation breaches. According to [31] study, while physical documents, portable electronic devices like laptops, and removable media were the main causes of breach incidents for covered entities and business asso ciates, data stored on desktop computers, removable media, and other electronic devices were the main causes of breaches for individuals’ records. Data breaches and security incidents involving patient infor mation can have a detrimental impact on patient health and safety as well as the organization and its members. For consumers, unauthorized disclosures and breaches of personal information can result in identity theft, financial loss, and medical fraud. Additionally, security events and breaches may have an impact on the standard of patient care and per sonal health safety. When systems are out for extended periods for maintenance or repair, security events can cause delays in inpatient treatment, lower staff productivity, and have financial repercussions for healthcare companies [35]. Findings from this study have demonstrated potential methods by which patient information at the La General Hospital might be compromised; (1) Nurses and Paramedics (2) Notes left unattended to and discussion among clinicians (3) The patient’s condition. A patient’s personal information could be exposed, along with a variety of documents and records. Individual personal health informa tion may be kept in both paper and electronic records and take many different formats [28]. Although sensitive and confidential personal information can take many different forms, it is a vital asset that orga nizations must safeguard [36]. Some participants argued that nurses and paramedics are probably the ones that leak patient information, despite the extensive training given to clinicians respecting patient confidenti ality. They added that many of these paramedics and inexperienced nurses disregard the moral obligations to protect patients’ rights and privacy, therefore they gossip about patients with their buddies. Other interviewees claimed that another potential source of patient informa tion leaking could be the majority of students who visit the institution for training. They said that these students had no training in the morals around patient confidentiality. Consequently, other co-workers might be exposed to sensitive personal information with ease. As other partici pants noted, since doctors occasionally discuss patients’ illnesses among themselves, they can also serve as a conduit for the disclosure of sensi tive patient information. This aspect of the decision concurred with [32], who explained that legally permitted activities including billing procedures carried out from remote locations as well as casual or thoughtless chats among medical personnel in hospital elevators constitute breaches of confidentiality [32]. Although it is not absolute, patient confidentiality is a fundamental ethical and legal obligation [37]. When any of the following situations apply: when the patient consents, either explicitly or implicitly, for the purpose of their care; when the disclosure is generally beneficial to a patient who cannot consent; or when the disclosure is in the public in terest, physicians may disclose patient personal information without violating confidentiality obligations [31,38]. Furthermore, consent may be expressed explicitly or impliedly under the common law obligation of confidentiality. Participants said that in order to get a good diagnosis and treatment if the patient is incapacitated or unconscious, they enlist the help of a third party. Nevertheless, the doctors asserted that these third parties might serve as a conduit for the exposure of patient per sonal data. Patients could be at danger if the medical professionals caring for them lack access to pertinent, accurate, and current infor mation about them. Some respondents stated that in this circumstance, when the patient is withholding crucial information that would aid in their diagnosis, the involvement of third parties may be necessary. Regulations and standards that govern patient records Protecting private and sensitive health information may be an issue of increasing importance for some hospital leaders today for a number of reasons, including privacy concerns, potential legal challenges, impli cations, and other costs. [38] have demonstrated that strong legislative rules and regulations seem to lower the number of privacy breach in cidents involving the leakage or exposure of patients’ sensitive or per sonal information [38]. [30] claimed in additional studies on security investments that for developed or advanced hospitals, investments in technological security resources and putting preventative practices in place had a coincidental effect on patient information leakages, leading to fewer confidentiality breaches [30]. Data security breach occurrences are increasing across all industries, according to [30], and the healthcare industry is not exempt from information security concerns due to the sensitive nature of medical data [30]. Therefore, organizations like GHS adopted a number of rules of practice that govern and safeguard pa tients’ rights and privacy in an effort to lessen the possible impact of information security threats. The study identified two potential systems that would control physician behavior and safeguard patient informa tion. These cover the GHS code of conduct and ethical principles as well as how the health record system is run. GHS code of practice and ethical guidance The adoption of suitable security systems to safeguard, secure, and protect their organizational data is ultimately up to healthcare leaders and the government [11,39]. The research by Tu, et al. (2015) explained that healthcare organizations need efficient solutions to lessen the ef fects of security threats or patient information leaks, and the findings corroborated this explanation [40]. They said that as medical practice is subject to ethical scrutiny on a global scale, doctors have a moral and legal obligation to keep patients’ private information private. However, according to [40], appropriate patient information ex change is a crucial component of providing safe and effective healthcare delivery. As a result, healthcare executives and employees have a duty under the law and a responsibility under the law to preserve patient information [29,41]. Participants claimed that they always adhere to ethical standards when interacting with patients in response to these explanations. Additionally, they claimed that since maintaining patient confidentiality is crucial to the doctor-patient relationship, which is built on trust, they are committed to upholding the moral standards in order to earn their patients’ trust. Participants indicated they adhere to stringent guidelines that allow them to release a patient’s information, despite the fact that a patient may decide not to seek medical attention if they believe their personal information will be disclosed. Additionally, they asserted that disclosure of that critical information was made possible by the significant usage of patient information for purposes like medical research, which allowed health services to run effectively and safely. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 9 Conclusions This study aimed to assess the effectiveness of La General Hospital in protecting the confidentiality of patient health information. The findings indicate that patients generally have trust in physicians to maintain their privacy and rights. The study evaluated patient trust in medical confi dentiality, identified factors contributing to patient information leaks and breaches of confidentiality, and examined the relevant laws, pol icies, regulations, and standards governing patient records at the hos pital. Additionally, the study investigated the utilization of the Electronic Health Record (EHR) system at La General Hospital in safe guarding patient confidentiality. The overall assessment of patient health information confidentiality protection at La General Hospital was positive, as the study’s objectives were achieved. The participants demonstrated a broad consensus regarding the effectiveness of current practice guidelines in protecting patient privacy across Ghana’s healthcare services. The study also explored the varying implementation of EHR systems worldwide, highlighting differences in interpersonal interactions, patient data management, and storage practices. Furthermore, the research focused on the development of confidentiality in Ghana’s health record system and the measures employed by healthcare organizations to protect pa tient information. To inform the development of a patient confidenti ality systems emulation model, the study examined the evolution of patient confidentiality in medical practice through relevant sources and materials. The research recognized that patient confidentiality is pro tected by both national and international legal instruments, which can be invoked in cases of ambiguity or conflict. These legal instruments complement medical ethics, which are largely convergent globally, as outlined by the World Medical Association. Recommendations for management, stakeholders and government Government funding for health institutions should be increased in order to raise security standards for the protection of patient privacy and medical data. The protection of patients’ rights and privacy depends on this facilitation. The EHR system needs to be evaluated on a regular basis so that any flaws can be identified and fixed. Additionally, in order to enhance capacity development efforts, the hospital’s ICT unit and the EHR system’s providers must regularly retrain medical staff members on the system’s updates and operational guidelines. This guarantees that the vast majority of workers can work efficiently. Users of the Health Electronic Records should be fully involved in the implementation process and the system must be designed to meet their needs. Policies regarding the use of the EHR system should be made very clear to help prevent users from using the computers for non-work purposes without a need. Once more, technical assistance should be accessible when required. To guarantee the correct medical or diagnostic terminology are used to increase efficiency, trained medical staff must be included in the construction of the health electronic record system. Study contributions Despite ongoing discussions on the importance of protecting patient health information, research on Ghana’s current laws governing patient data confidentiality is limited. Although some studies have investigated healthcare records in Ghana, there is a notable gap in literature specif ically addressing patient record confidentiality. This study aims to bridge this gap by examining the extent of patient confidentiality in Ghana, particularly in the context of Electronic Health Record (EHR) systems, which are increasingly being adopted in hospitals across the country. The study’s objectives include identifying the legislation, guidelines, regulations, and rules governing patient records manage ment, as well as investigating patient trust in doctor-patient confiden tiality, risk factors for patient information leaks and breaches of confidentiality, and the impact of these factors on patient trust. While previous studies have demonstrated widespread support for EHR sys tems, this research extends beyond usage to explore the regulatory and behavioral factors that may compromise or ensure the protection of health records. Unlike previous studies (e.g., Essuman et al., 2020; Alsahafi & Gay; Qiao et al., 2014), which focused solely on patient trust in EHRs, this study examines a broader range of characteristics related to the safety and protection of patient health records Implications for policy and practice With regards to the policy implications for this study, the findings from this study suggest that the current practice guidelines in Ghana’s healthcare services are effective in protecting patient privacy. However, regular review and updates may be necessary to address emerging challenges and ensure alignment with international standards. Again, the varying implementation of EHR systems worldwide highlights the need for standardization in Ghana’s healthcare services. To be effective, a national EHR system with robust security features can ensure consis tent protection of patient confidentiality. Further, the study’s recogni tion of national and international legal instruments protecting patient confidentiality highlights the need for legislative support to ensure enforcement and compliance. Furthermore, this study also has some practical implications. First, given that the study’s findings emphasize the importance of patient trust in medical confidentiality, continuous patient education and awareness initiatives can empower patients to take an active role in protecting their health information. Again, regular training for healthcare providers on confidentiality protection, EHR system security, and ethical practices can ensure that they are equipped to maintain patient trust and protect patient information. Finally, generally, the study’s examination of the evolution of patient confi dentiality in medical practice can inform the development of a patient confidentiality systems emulation model, providing a framework for healthcare organizations to protect patient information. Suggestions for further studies Since the results of this study were based solely on the opinions of health professionals, it is advised that future research include other non- medical staff, patients, and the government, who are the key players in the General Hospital network, to obtain their perspectives, which may differ from those of the clinicians. It is advised that future research adopt both quantitative and qualitative research approaches in studies that are similar to this one in order to objectively measure some of the responses provided by the study participants. This is because the approach used in this study has limitations that have been identified. Funding None. Ethical approval Not required. Patient consent Not required. Data statement Data for this study remain confidential and would only be shared upon reasonable request to the corresponding author. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 10 Declaration of competing interest None declared. References [1] Bayer R, Santelli J, Klitzman R. New challenges for electronic health records: confidentiality and access to sensitive health information about parents and adolescents. JAMA 2015;313(1):29–30. Jan 6. [2] Maslyanskaya S, Alderman EM. Confidentiality and consent in the care of the adolescent patient. Pediatr Rev 2019;40(10):508–16. Oct 1. [3] Atasoy H, Greenwood BN, McCullough JS. The digitization of patient care: a review of the effects of electronic health records on health care quality and utilization. Annu Rev Public Health 2019;40:487–500. Apr 1. [4] Kamoun F, Nicho M. Human and organizational factors of healthcare data breaches: the swiss cheese model of data breach causation and prevention. Int J Healthc Inf Syst Inform (IJHISI) 2014;9(1):42–60. Jan 1. [5] Xie J, McPherson T, Powell A, Fong P, Hogan A, Ip W, Morse K, Carlson JL, Lee T, Pageler N. Ensuring adolescent patient portal confidentiality in the age of the cures act final rule. J Adolesc Health 2021;69(6):933–9. Dec 1. [6] Reegu FA, Mohd S, Hakami Z, Reegu KK, Alam S. Towards trustworthiness of electronic health record system using blockchain. Ann Rom Soc Cell Biol 2021;25 (6):2425–34. May 20. [7] Chadly A. Medical confidentiality from the clay tablet to the optic fiber. Tunis Med 2001;79(12):706–9. Dec 1. [8] Moskop JC, Marco CA, Larkin GL, Geiderman JM, Derse AR. From Hippocrates to HIPAA: privacy and confidentiality in emergency medicine—Part I: conceptual, moral, and legal foundations. Ann Emerg Med 2005;45(1):53–9. Jan 1. [9] Abdulai AF, Adam F. Health providers’ readiness for electronic health records adoption: a cross-sectional study of two hospitals in northern Ghana. PLoS ONE 2020;15(6):e0231569. Jun 4. [10] Huang LC, Chu HC, Lien CY, Hsiao CH, Kao T. Privacy preservation and information security protection for patients’ portable electronic health records. Comput Biol Med 2009;39(9):743–50. [11] Li LJ, Lu GX. How medical ethical principles are applied in treatment with artificial insemination by donors (AID) in Hunan, China: effective practice at the reproductive and genetic hospital of CITIC-Xiangya. J Med Ethics 2005;31(6): 333–7. Jun 1. [12] Bhardwaj A, Kumar V. Electronic healthcare records: Indian vs. international perspective on standards and privacy. Int J Serv Sci Manag Eng Technol (IJSSMET) 2021;12(2):44–58. Mar 1. [13] Nøhr C. Evaluation of electronic health record systems. Yearb Med Inform 2006;15 (01):107–13. [14] Mubashar A, Asghar K, Javed AR, Rizwan M, Srivastava G, Gadekallu TR, Wang D, Shabbir M. Storage and proximity management for centralized personal health records using an ipfs-based optimization algorithm. J Circuits Syst Comput 2022; 31(01):2250010. Jan 15. [15] Achampong EK. Electronic health records use in the training of medical students in Ghana. Appl Med Inform 2022;44(2):31–6. Jun 30. [16] Moses A. Implementing electronic health records management systems in mission hospitals in the Bono Region of Ghana: analysis of key factors. 2022 (Master’s thesis, NTNU). [17] Hansbrough W, Dunker KS, Ross JG, Ostendorf M. Restrictions on nursing students’ electronic health information access. Nurse Educator. 2020;45(5):243–7. Sep 1. [18] Haas S, Wohlgemuth S, Echizen I, Sonehara N, Müller G. Aspects of privacy for electronic health records. Int J Med Inform 2011;80(2):e26–31. Feb 1. [19] Miles J. Standing under the Human Rights Act 1998: theories of rights enforcement & the nature of public law adjudication. Camb Law J 2000;59(1):133–67. Mar. [20] Bamousa MS, Al-Fehaid S, Al-Madani O, Al Moghannam S, Galeb S, Youssef M, Kharoshah MA. The Islamic approach to modern forensic and legal medicine issues. Am J Forensic Med Pathol 2016;37(2):127–31. Jun 1. [21] Crossley M. Introducing narrative psychology. McGraw-Hill Education (UK); 2000 Feb 1. [22] Kankam PK. The use of paradigms in information research. Libr Inf Sci Res 2019;41 (2):85–92. Apr 1. [23] Murray M. Narrative psychology and narrative analysis. In: Camic PM, Rhodes JE, Yardley L, editors. QUALITATIVE RESEARCH IN PSYCHOLOGY: EXPANDING PERSPECTIVE IN METHODOLOGY AND DESIGN. Washington: American Psychological Association; 2003. p. 95–111. [24] Owusu C, Kankam PK. Information seeking behaviour of beggars in Accra. GLOB KNOWL MEM COMMUN 2019;69(4/5):205–20. https://doi.org/10.1108/GKMC-07- 2019-0080. [25] Gayed BN, Zyromski NJ. Protecting patient information in the information age: Mission impossible? Surgery 2013;153(2):145–9. [26] Mohammed A, Sheikh TL, Gidado S, Poggensee G, Nguku P, Olayinka A, Ohuabunwo C, Waziri N, Shuaib F, Adeyemi J, Uzoma O. An evaluation of psychological distress and social support of survivors and contacts of Ebola virus disease infection and their relatives in Lagos, Nigeria: a cross sectional study− 2014. BMC Public Health 2015;15(1):1–8. Dec. [27] Waitoller FR, Kozleski EB. Understanding and dismantling barriers for partnerships for inclusive education: a cultural historical activity theory perspective. Int J Whole Sch 2013;9(1):23–42. [28] Jorge Rey CI, CISM C, Douglass K. Keys to securing data as a practitioner. J Med Pract Manage: MPM 2012;27(4):203. [29] Wager KA, Lee FW, Glaser JP. MANAGING HEALTH CARE INFORMATION SYSTEMS: A PRACTICAL APPROACH FOR HEALTH CARE EXECUTIVES. John Wiley & Sons; 2005. Jul 8. [30] Kwon J, Johnson ME. Health-care security strategies for data protection and regulatory compliance. J Manag Inf Syst 2013;30(2):41–66. Oct 1. [31] Wikina SB. What caused the breach? An examination of use of information technology and health data breaches. Perspect Health Inf Manag 2014;11(Fall). [32] Weiss MJ. Health information privacy: a disappearing concept. Bull Sci Technol Soc 2000;20(2):115–22. Apr. [33] Karanasios S, Allen D. ICT for development in the context of the closure of Chernobyl nuclear power plant: an activity theory perspective. Inf Syst J 2013;23 (4):287–306. Jul. [34] Hashim N.H., Jones M.L. Activity theory: a framework for qualitative analysis. 2007. [35] Vockley M. Safe and secure? Healthcare in the Cyberworld. Biomed Instrum Technol 2012;46(3):164–73. [36] Taylor RG, Robinson SL. An information system security breach at first freedom credit union 1: what goes in must come out. J Int Acad for Case Studies 2015;21(1): 131. [37] Cucoranu IC, Parwani AV, West AJ, Romero-Lauro G, Nauman K, Carter AB, Balis UJ, Tuthill MJ, Pantanowitz L. Privacy and security of patient data in the pathology laboratory. J Pathol Inform 2013;4(1):4. Jan 1. [38] Sen R, Borle S. Estimating the contextual risk of data breach: an empirical approach. J Manag Inf Syst 2015;32(2):314–41. Apr 3. [39] Angst CM, Agarwal R. Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion. MIS Q 2009:339–70. Jun 1. [40] Tu M, Spoa-Harty K, Xiao L. Data loss prevention management and control: inside activity incident monitoring, identification, and tracking in healthcare enterprise environments. J Digit Forensics Secur Law 2015;10(1):3. [41] Romanosky S, Hoffman D, Acquisti A. Empirical analysis of data breach litigation. J Empir Leg Stud 2014;11(1):74–104. Mar. E. Gotah et al. Health Policy and Technology 13 (2024) 100933 11 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0001 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0001 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0001 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0002 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0002 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0003 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0003 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0003 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0004 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0004 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0004 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0005 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0005 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0005 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0006 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0006 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0006 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0009 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0009 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0010 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0010 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0010 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0007 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0007 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0007 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0021 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0021 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0021 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0037 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0037 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0037 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0037 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0011 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0011 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0011 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0012 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0012 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0013 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0013 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0013 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0013 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0008 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0008 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0014 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0014 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0014 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0015 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0015 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0016 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0016 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0017 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0017 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0018 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0018 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0018 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0023 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0023 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0024 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0024 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0024 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0024 https://doi.org/10.1108/GKMC-07-2019-0080 https://doi.org/10.1108/GKMC-07-2019-0080 http://refhub.elsevier.com/S2211-8837(24)00096-0/optbBZk5EcyaU http://refhub.elsevier.com/S2211-8837(24)00096-0/optbBZk5EcyaU http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0026 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0026 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0026 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0026 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0026 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0028 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0028 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0028 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0027 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0027 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0040 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0040 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0035 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0035 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0033 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0033 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0031 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0031 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0019 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0019 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0019 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0029 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0029 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0030 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0030 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0030 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0032 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0032 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0032 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0034 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0034 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0036 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0036 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0036 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0038 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0038 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0038 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0039 http://refhub.elsevier.com/S2211-8837(24)00096-0/sbref0039 Practices and systems employed by health professionals toward protection and confidentiality of patient health records in Ghana Introduction Literature review Patients confidentiality in healthcare delivery and protection of health records Methodology Research approach Study setting Study population Data collection instrument/pre-testing Data collection procedure Data analysis Ethical considerations Findings Response rate Respondents’ demographics Patient confidence in doctor confidentiality in the provision of healthcare Elements that affect patient information leaks and confidentiality violations Regulations and standards that govern patient records at La general hospital Discussion of findings Patient trust in doctor’s confidentiality Ethical and legal duty Professionalism The EHR system in safeguarding patient confidentiality Patient information leakages and breach of confidentiality Regulations and standards that govern patient records GHS code of practice and ethical guidance Conclusions Recommendations for management, stakeholders and government Study contributions Implications for policy and practice Suggestions for further studies Funding Ethical approval Patient consent Data statement Declaration of competing interest References