A data breach management system for evaluating breaches in health care data

Abstract

Background: On a global scale, a series of systems have been developed for cyber security and assessment of data breaches. However, in many Low and Middle-Income Countries, data breach systems around health technologies are undeveloped in handling hacking intrusions, insider threats, Data on the move, physical theft, human error, accidental, internet exposure and unauthorized access and little study has been done to come up with a system to specifically assess and address the data breaches in health Information systems. To address the gap, this study developed a data breach management system to evaluate data breaches in healthcare data at the Uganda Cancer Institute at Mulago National Referral Hospital, Central Uganda. Methods: This study used a cross-sectional qualitative study design, carried out at Uganda Cancer Institute, a public health facility in Uganda. The qualitative approach offered in-depth analysis offering insights and comprehension of the problem context. Scoping review methodology was applied for literature search, agile methodology using user centered design was used to design the System and TTAT theory evaluated the accuracy of the System deigned. Results: Drawing from TTAT model theory, the researcher found that the system for healthcare data breaches of health information systems generally feasible for assessment of data breaches for health care data at Uganda Cancer Institute at Mulago National Referral Hospital, Central Uganda. The accuracy of the system was deemed important by the Risk tolerance, social influence, users‘ perceived susceptibility and severity of malicious IT, a safeguarding measure's effectiveness, costs, and users' self-efficacy toward it. Study participants found the System useful, not costly and easy to use when assessing data breaches as visualized by graphs, a questionnaire and percentages. Study participants described that the System assessed the healthcare data against data breaches and gave them a percentage to ascertain data breach levels. Participants also stated that this enabled them to understand how risky data breaches are and how well to protect themselves. Conclusion: the study found that the system was important for data b