A privacy management framework for personal electronic health records

Abstract

Personal electronic health records (PEHRs) can be used by patients to manage their health and lifestyle better. PEHRs can provide a more efficient communication channel between the patient and healthcare provider; reduce medical errors and enhance the monitoring of patients. South Africa is considered to be inexperienced with the implementation and management of PEHRs, and has not introduced any specific privacy acts for protecting a patient’s privacy on mobile devices. The purpose of the study is to develop a privacy management framework (PMF) to alleviate the privacy concerns encountered by patients that use mobile devices to access PEHRs. The study used a qualitative approach to develop the PMF. The PMF consists of three tiers. The first tier manages the integration of the PMF through laws, privacy policies and procedures. The second tier comprises two main support pillars, which consist of operational privacy and to audit and review. The last tier functions as the foundations of the PMF, which manages awareness and training, communications and support for healthcare organizations and patients. The recommendation of the study is the implementation of a PMF within health organizations to reduce the privacy concerns of citizens and healthcare workers.