| Computer-based Patient Records, CPR, are needed to assist healthcare providers in providing clinical care as effectively and efficiently as possible. Data security is the one aspect that could retard the use of the CPR as both healthcare providers and patients have expressed concerns regarding security of sensitive patient information. The purpose of this study is to compare the CPR system with the Paper-based Patient Records (PPR) in terms of confidentiality, integrity, and availability of information. There are six groups that participated in the study: physicians, nurses, technicians, administrative staff, clerks, and medical records staff. All of these groups have access to both CPR and PPR patient records in three major hospitals in Saudi Arabia: King Faisal Specialist Hospital, King Fahad National Guard Hospital, and King Khalid University Hospital.; The results of the study indicated that employees in the hospitals tend to believe that patient information in the paper patient record, PPR, is more confidential than patient information in the computer-based patient records, CPR. On the other hand, they tend to believe that CPR provides more data integrity for patient information than PPR. They also tend to believe that patient information in the CPR is more available than patient information in the PPR. Confidentiality of patient information was the major concern of the participants.; The main recommendations of the study are: firstly to implement more efficient data access control to ensure that only authorized users have the necessary access to systems. Secondly, hospitals should have a full-time data security officer who is responsible for developing, implementing, and monitoring a consistent data security program. Thirdly, all hospitals must have a written and operationally tested contingency plan in order to protect the integrity and ensure the availability of patient information in a CPR system. Fourthly, data security and confidentiality policies are important to be created, implemented, and enforced. |
