How to Prevent Hospital Staff from Violating Privacy Policy of Electronic Medical Records

指導教授 : 郭光明


背景與目的:目前國內外皆有多項法律規範保護民眾個人隱私資料,醫院對病人病歷資料亦制訂相關隱私保護政策,病歷資訊外洩可能藉由醫院外部人員入侵及醫院內部員工蓄意或不經意洩漏,病歷資訊保護作為仍有極大精進空間。本研究目的為探討如何能遏止護理人員違反電子病歷資訊隱私保護政策之影響因素。 材料與方法:本研究以威攝理論與保護動機理論為基礎,以問卷調查法,採便利抽樣,針對高雄市某一區域醫院具電子病歷系統使用權限之護理人員進行問卷調查。 結果與結論:本研究共發放350份問卷,回收有效問卷315份,經結構方程模式分析,結果顯示偵測確定性、認知脆弱性、認知嚴重性與主觀規範負向顯著影響護理人員違反電子病歷隱私保護政策之行為意圖。就研究結果而言,建議利用資訊系統及人工稽核加強電子病歷隱私保護工作,使護理人員瞭解一旦發生違反電子病歷隱私行為時是很迅速且容易被偵測到的,另透過海報、院內網站公告、各類集會宣導及在職教育訓練等方式,加強護理人員認知,使其知道違反電子病歷隱私是容易被發現且會對於醫院造成嚴重影響的,最後,各項政策仍需要主管的支持及要求,以降低其違反電子病歷隱私保護政策行為意圖。


Background and Purpose: Despite many regulations have been enacted to protect personal information and hospitals have also established many policies to protect patients’ privacy, patients’ medical records could, however, be breached intentionally by hospital staff or outsiders. This study aims to investigate the factors that can prevent nurses from violating privacy policy of electronic medical records (EMR). Materials and Methods: The research framework of this study, based on Deterrence Theory and Protection Motivation Theory, incorporated six inhibitors of violating privacy policy for hospital staff. Survey methodology was used to collect data from a regional hospital in Kaohsiung City. Subjects were nurses who are authorized to access EMR in the subject hosptial. Results and Conclusions: The response rate of the study was 90% (315/350). Structural equation modeling was utilized to analyze the collected data. The results showed that four factors including detection certainty, perceived vulnerability, perceived severity, and subjective norm were found to significantly lower nurses’ violating behaviors toward the privacy policy of EMR. Based on the findings, this study suggested that the managers of hospitals can first audit nurses’ usage behavior of EMR via manual or autonomous (such as information systems) means. Moreover, it is suggested that hospitals can improve nurses’ perception of severity of privacy violating behaviors through posters, Internet websites, meetings, and ethical training. Finally, privacy protection related policies and edeavors still require the full support of the managers of hospitals.


