Assurance of Information Confidentiality to Ensure Patient Trust in Tshwane Healthcare Centres, South Africa
N/A
DOI:
https://doi.org/10.25159/2663-659X/19352Keywords:
information assurance, patient confidentiality, trust, records management, South African healthcareAbstract
Healthcare facilities in South Africa, including the Tshwane healthcare centres, face persistent challenges in protecting patient information confidentiality, a factor crucial to building and maintaining patient trust. Increasing concerns have emerged regarding the inadequate implementation of information assurance practices, which has led patients to question whether their data are handled securely. This study investigated the assurance of confidentiality as a mechanism for patient trust in selected Tshwane healthcare facilities. A quantitative, multimethod research approach was adopted, supported by qualitative methods, to enhance the credibility of the data. Data collection involved a questionnaire, interviews with unit managers, observation, and content analysis. The participants included 95 selected employees working in information and records management units. The findings show that patients were not fully assured of the safety and confidentiality of their information. Contributing factors include limited time during consultation, rushed administrative processes, and patients’ lack of awareness or interest in data confidentiality practices. Furthermore, institutions struggle to meet the key pillars of information assurance: confidentiality, integrity, and availability. Patients were found to be present but primarily driven by the urgency of receiving medical attention rather than confidence in data protection measures. The study concludes that strengthening confidentiality protocols is essential to re-establish patient trust in Tshwane healthcare centres. Institutions are encouraged to implement well-structured processes through a proposed framework. This will allow them to allocate sufficient time for patient engagement and promote awareness of information confidentiality practices.
References
Abbasi, N., and D. A. Smith, D. A. 2024. “Cybersecurity in Healthcare: Securing Patient Health Information (PHI), HIPPA Compliance Framework and the Responsibilities of Healthcare Providers.” Journal of Knowledge Learning and Science Technology 3 (3). https://doi.org/10.60087/jklst.vol3.n3.p.278-287 DOI: https://doi.org/10.60087/jklst.vol3.n3.p.278-287
Anthony, D. L., and C. A. Campos-Castillo. 2015. “Looming Digital Divide? Group Differences in the Perceived Importance of Electronic Health Records.” Information, Communication and Society 18: 832–846. https://doi.org/10.1080/1369118X.2015.1006657 DOI: https://doi.org/10.1080/1369118X.2015.1006657
Atele-Williams, T., and S. Marsh. 2023. “Information Trust Model.” Cognitive Systems Research 80: 50–70. https://doi.org/10.1016/j.cogsys.2023.02.004 DOI: https://doi.org/10.1016/j.cogsys.2023.02.004
Belfrage, S., G. Helgesson, and N. Lynoe. 2022. “Trust and Digital Privacy in Healthcare: A Cross-Sectional Descriptive Study of Trust and Attitudes Towards Uses of Electronic Health Data among the General Public in Sweden.” BMC Medical Ethics 23 (19). https://doi.org/10.1186/s12910-022-00758-z DOI: https://doi.org/10.1186/s12910-022-00758-z
Blumenthal, D. 2010. “Launching Hitech.” New England. Journal of Medicine 362: 382–385. https://doi.org/10.1056/NEJMp0912825 DOI: https://doi.org/10.1056/NEJMp0912825
Bonderud, D. 2023. “Top Healthcare Data Breach Statistics of 2023.” Accessed 25 January 2023. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Boyes, T. 2024. “How to Achieve POPIA Compliance: Competent Checklist.” scytale, 12 August 2024. https://scytale.ai/resources/how-to-achieve-popia-compliance-complete-checklist/
Brudner, E. G., D. S. Fareri, S. G. Shehata, and M. R. Delgado. 2022. “Social Feedback Promotes Positive Social Sharing, Trust, and Closeness.” Emotion 23 (6): 1536–1548. https://doi.org/10.1037/emo0001182 DOI: https://doi.org/10.1037/emo0001182
Campos-Castillo, C., and D. L. Anthony. 2015. “Double-Edged Sword of Electronic Health Records: Implications for Patient Disclosure.” Journal of the American Medical Informatics Association 22: 130–140. https://doi.org/10.1136/amiajnl-2014-002804 DOI: https://doi.org/10.1136/amiajnl-2014-002804
Cherdantseva, Y., and J. Hilton. 2015a. “Information Security and Information Assurance: The Discussion about the Meaning, Scope, and Goals.” PhD diss., Cardi University. https://doi.org/10.4018/978-1-4666-8111-8.ch058 DOI: https://doi.org/10.4018/978-1-4666-8111-8.ch058
Cherdantseva, Y., and J. Hilton. 2015b. “Understanding Information Assurance and Security.” In Organizational, Legal, and Technological Dimensions of IS Administrator, edited by F. Almeida, and I. Portela. IGI Global Publishing.
Chamoli, A., A. Kirsali, and S. Sharma. 2024. “Cyber Attack Prevention Method for Enhanced Privacy of Patients Digital Healthcare Data in Smart Hospitals.” 2024 7th International Conference on Circuit Power and Computing Technologies (ICCPCT), Kollam, India, 2024. https://doi.org/10.1109/ICCPCT61902.2024.10672954 DOI: https://doi.org/10.1109/ICCPCT61902.2024.10672954
Committee on National Security Systems. 2010. “National Information Assurance (IA).” Glossary, CNSS Instruction No. 4009.
Computer Security Resource Center (CSRC). 2024. “Information Assurance.” Accessed 7 May 2025. https://csrc.nist.gov/glossary/term/information_assurance
Creswell, J. W., and J. D. Creswell. 2018. Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. 5th ed. SAGE Publications.
Duggirala, N. V. 2024. “The Future of Patient Data Security: Exploring Emerging Technologies and Collaborative Approaches.” International Journal for Research in Applied Science and Engineering Technology 12 (V): 3231–3239. https://doi.org/10.22214/ijraset.2024.62199 DOI: https://doi.org/10.22214/ijraset.2024.62199
Els, F., and L. Cilliers. 2018. “Privacy Management Framework for Personal Electronic Health Records.” African Journal of Science, Technology, Innovation and Development 10 (6): 725–734. https://doi.org/10.1080/20421338.2018.1509489 DOI: https://doi.org/10.1080/20421338.2018.1509489
Esmalipour, R., P. Salary, and A. Shojaei. 2021. “Trust-Building in the Pharmacist-Patient Relationship: A Qualitative Study.” Iranian Journal of Pharmaceutical Research 20 (3): 20–30.
Glen, S. 2018. “Total Population Sampling.” Statistics How To. Accessed 25 August 2022. https://www.statisticshowto.com/total-population-sampling/
Juta Medical Brief. 2025. “Hackers Target Mediclinic Staff Data.” Accessed 7 June 2025. https://www.medicalbrief.co.za/hackers-target-mediclinic-staff-data/
Lainhart, J. W. 2002. “Information Assurance/Information Security.” Presentation for the Computer System Security and Privacy Advisory Meeting June 13, 2002. Accessed 10June 2022. https://csrc.nist.gov/CSRC/media/Events/CSSPAB-JUNE-2002-MEETING/documents/Lainhart-06-2002.pdf
LexisNexis. 2025. “Trust Definition.” Accessed 7 June 2025, https://www.lexisnexis.co.uk/legal/glossary/trust
Liu, P., M. Yu, and J. Jing. n.d. “Information Assurance.” Accessed 10 June 2022. https://s2.ist.psu.edu/paper/82-info-assurance-v6.pdf
Lott, B. E., C. Campos-Castillo, and D. L. Anthony. 2020. “Trust and Privacy: How Patient Trust in Providers is Related to Privacy Behaviours and Attitudes.” AMIA Annual Symposium Proceedings, March 2020: 487–493.
Kim, M. O., E. Coiera, and F. Magrabi. 2017. “Problems with Health Information Technology and Their Effects on Care Delivery and Patient Outcomes: A Systematic Review.” Journal of the American Medical Informatics Association 24 (2): 246–250. https://doi.org/10.1093/jamia/ocw154 DOI: https://doi.org/10.1093/jamia/ocw154
Mani, T., M. Sakthimohan, E. G. Rani, S. Janani, K. Karthigadevi, and S. Kumar. 2024. “Elliptic Curve Cryptography: Protecting Healthcare Data in the Digital Age.” In 2024 5th International Conference on Electronics and Sustainable Communication Systems (ICESC), Coimbatore, India, 2024, 830–836. https://doi.org/10.1109/icesc60852.2024.10689809 DOI: https://doi.org/10.1109/ICESC60852.2024.10689809
Mathope, V. 2024. “Adoption of Artificial Intelligence to Manage Records in Support of the Claims Management System at the Road Accident Fund in South Africa.” PhD diss., University of South Africa. https://doi.org/10.14293/SBLUNISA.2023a002.vnm DOI: https://doi.org/10.14293/SBLUNISA.2023a002.vnm
Modiba, M. 2023. “Policy Framework to Apply Artificial Intelligence for the Management of Records at the Council for Scientific and Industrial Research.” Collection and Curation 42 (2): 53–60. https://doi.org/10.1108/CC-11-2021-0034 DOI: https://doi.org/10.1108/CC-11-2021-0034
Mothiba, I. M. 2023. “Identifiable Information Management System to Protect Patients’ Confidentiality in Tshwane Healthcare Centres, South Africa”. MA diss., University of South Africa.
Nieles, M., K. Dempsey, and V. Yan Pillitteri. 2017. “Introduction to Information Security.” Accessed 10 June 2022. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf DOI: https://doi.org/10.6028/NIST.SP.800-12r1
Norwich University. 2018. “The 5 Pillars of Information Assurance.”
Accessed 12 June 2022.
https://online.norwich.edu/5-pillars-information-assurance
Paul, P. K, and S. Althal2019. “Information Assurance and Allied Aspects Emphasizing IT Risk Management.” International Journal of Advanced Trends in Engineering and Technology 3 (1): 59–62.
Payne, S. 2013. “Building Trust Between Cloud Providers and Consumers.” Accessed 9 June 2022. http://www.networkworld.com/article/2164050/tech-primers/
Peek, M. E., R. Gorawara-Bhat, and M. T. Quinn. 2013. “Patient Trust in Physicians and Shared Decision-Making among African Americans with Diabetes.” Health Communication 28: 616–623. https://doi.org/10.1080/10410236.2012.710873 DOI: https://doi.org/10.1080/10410236.2012.710873
Pool, J., S. Akhlaghpour, F. Fatehi, and A. Burton-Jones. 2024. “A Systematic Analysis of Failures in Protecting Personal Health Data: A Scoping Review.” International Journal of Information Management 74: 102719. https://doi.org/10.1016/j.ijinfomgt.2023.102719 DOI: https://doi.org/10.1016/j.ijinfomgt.2023.102719
Prasanna, G. L. 2025. “Privacy Preserving Data Sharing Cloud-Based Healthcare Systems.” Indian Scientific Journal of Research in Engineering and Management 09 (01): 1–9. https://doi.org/10.55041/IJSREM40474 DOI: https://doi.org/10.55041/IJSREM40474
Pujihastuti, A., and R. I. Sudra. 2014. “Influence of Diagnostic Writing and Knowledge of Medical Records Officers About Medical Terminology on the Accuracy of Diagnostic Codes.” Indonesian Journal of Health Information Management 4 (1): 60–64.
Ramgovind, S., M. M. Eloff, and E. Smith. 2010. “Management of Security in Cloud Computing.” In Information Security for South Africa (ISSA 2010). IEEE. https://doi.org/10.1109/ISSA.2010.5588290 DOI: https://doi.org/10.1109/ISSA.2010.5588290
Schou, C., and S. Hernandez. 2014. Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. McGraw Hill.
Sewell, A. A. 2015. “Disaggregating Ethnoracial Disparities in Physician Trust.” Social Science Research 54: 1–20. https://doi.org/10.1016/j.ssresearch.2015.06.020 DOI: https://doi.org/10.1016/j.ssresearch.2015.06.020
Shen, N., T. Bernier, L. Sequeira, J. Strauss, M. P. Silver, and A. Carter-Langford. 2019. “Understanding the Patient Privacy Perspective on Health Information Exchange: A Systematic Review.” International Journal of Medical Informatics 125:1–12. https://doi.org/10.1016/j.ijmedinf.2019.01.014 DOI: https://doi.org/10.1016/j.ijmedinf.2019.01.014
Singhal, S. 2024. “Data Privacy, Compliance, and Security Including AI ML: Healthcare.” In Practical Applications of Data Processing, Algorithms, and Modeling, edited by Pawan Whig, Sachinn Sharma, Seema Sharma, Anupriya Jain, and Nikhitha Yathiraju. IGI Global. https://doi.org/10.4018/979-8-3693-2909-2.ch009 DOI: https://doi.org/10.4018/979-8-3693-2909-2.ch009
Skolmen, D. and M. Gerber. 2015. “Protection of Personal Information in the South African Cloud Computing Environment: A Framework for Cloud Computing Adoption.” Paper presented at Information Security for South Africa (ISSA) Conference at Johannesburg. https://doi.org/10.1109/ISSA.2015.7335049 DOI: https://doi.org/10.1109/ISSA.2015.7335049
Republic of South Africa. 2013. Republic of South Africa, No. 4 of 2013: Protection of Personal Information Act 2013. Government Printer.
Souvatzi, E., M. Katsikidou, A. Arvaniti, S. Plakias, A. Tsiakiri, and M. Samakouri. 2024. “Trust in Healthcare, Medical Mistrust, and Health Outcomes in Times of Health Crisis: A Narrative Review.” Societies 14 (12): 269. https://doi.org/10.3390/soc14120269 DOI: https://doi.org/10.3390/soc14120269
Stewart, T. J. 2016. “Central Sponsor for Information Assurance: A National Information Assurance Strategy.” Accessed 11 June 2022. https://silo.tips/download/central-sponsor-for-information-assurance-a-national-information-assurance-strat
Thulare, T., M. Herselman, and A. Botha. 2021. “Data Integrity: Challenges in Health Information Systems in South Africa. Conference: Engineering and Technology.” Paper presented at International Journal of Computer and Information Engineering: Paris, France, Dec 28–29, 2020.
Tredger, C. 2025. “Cyber Criminals Close In On SA’s Healthcare Sector – Check Point.” IT Web 8 April 2025. https://www.itweb.co.za/article/cyber-criminals-close-in-on-sas-healthcare-sector-check-point/VgZey7JlXGwqdjX9
Uriawan, W., S. Adriansyah, S. J. Maulidiyah, S. Julianto, and W. Jamil. 2024. “Challenges and Opportunities: Improve Patient Data Security and Privacy in Distributed Systems.” Preprints.org. Posted 2 July 2024. https://doi.org/10.20944/preprints202407.0163.v1 DOI: https://doi.org/10.20944/preprints202407.0163.v1
Young, B. 2015. “Information Assurance and Security: Introduction to IA.” Accessed 09 June 2022, https://www.cs.utexas.edu/~byoung/cs361c/slides1-intro.pdf/
Zimmerman, T., and J. Allen. 2024. “Determining Trust in Information: Initial Literature Review.” Proceedings of the Association for Information Science and Technology 61 (1): 1186–1188. https://doi.org/10.1002/pra2.1226 DOI: https://doi.org/10.1002/pra2.1226