Assessing Data Security of Patient Health Information in EHMS at Kenyan Public Hospitals

8 Nov
Posted on Author Neha Rai

Assessing Data Security of Patient Health Information in EHMS at Kenyan Public Hospitals

Authors- Margaret Afwande, Jane Kabo, Samuel Barasa

Abstract-This study explores the cybersecurity vulnerabilities of Electronic Health Management Systems (EHMS) in Kenya’s public hospitals, revealing significant shortcomings in the protection of sensitive patient health information. Despite the widespread implementation of EHMS, findings indicate that existing security measures are insufficient to address the escalating cyber threats faced by healthcare institutions. Notably, 78% of hospitals rely solely on username and password authentication, while only 34% have adopted multi-factor authentication (MFA), leaving systems exposed to unauthorized access. Furthermore, just 41% of hospitals encrypt data at rest, highlighting a critical gap in data security. The research identifies alarming trends in unauthorized access incidents, with 60% of respondents reporting such breaches primarily due to weak password practices and a lack of staff training in cybersecurity. Additionally, 80% of respondents cite chronic underfunding as a significant barrier to improving EHMS security. The shortage of skilled IT personnel (68%) and inadequate cybersecurity training for healthcare staff (72%) further exacerbate these vulnerabilities, increasing the risk of data breaches and ransomware attacks. To mitigate these challenges, the study recommends adopting a proactive cybersecurity strategy focused on implementing MFA, comprehensive data encryption, and regular system audits. Furthermore, investment in capacity-building initiatives for IT professionals is essential to strengthen the cybersecurity framework within public hospitals. Establishing a national framework for data security is also crucial for standardizing practices and enhancing patient data protection across Kenya’s healthcare sector. Overall, these measures aim to address vulnerabilities and ensure the integrity of sensitive health information in an increasingly digital landscape.

DOI: /10.61463/ijset.vol.12.issue5.290