literature review on hospital management system project

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

• Publications
• Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

• Advanced Search
• Journal List
• J Med Internet Res
• v.19(11); 2017 Nov

Patient Health Record Systems Scope and Functionalities: Literature Review and Future Directions

Lina bouayad.

1 Department of Information Systems and Business Analytics, Florida International University, Miami, FL, United States

2 Health Services Research and Development Service, Center of Innovation on Disability and Rehabilitation Research, Tampa, FL, United States

Anna Ialynytchev

Balaji padmanabhan.

3 Department of Information Systems and Decision Sciences, University of South Florida, Tampa, FL, United States

Associated Data

Patient data elements reported in the literature.

A new generation of user-centric information systems is emerging in health care as patient health record (PHR) systems. These systems create a platform supporting the new vision of health services that empowers patients and enables patient-provider communication, with the goal of improving health outcomes and reducing costs. This evolution has generated new sets of data and capabilities, providing opportunities and challenges at the user, system, and industry levels.

The objective of our study was to assess PHR data types and functionalities through a review of the literature to inform the health care informatics community, and to provide recommendations for PHR design, research, and practice.

We conducted a review of the literature to assess PHR data types and functionalities. We searched PubMed, Embase, and MEDLINE databases from 1966 to 2015 for studies of PHRs, resulting in 1822 articles, from which we selected a total of 106 articles for a detailed review of PHR data content.

We present several key findings related to the scope and functionalities in PHR systems. We also present a functional taxonomy and chronological analysis of PHR data types and functionalities, to improve understanding and provide insights for future directions. Functional taxonomy analysis of the extracted data revealed the presence of new PHR data sources such as tracking devices and data types such as time-series data. Chronological data analysis showed an evolution of PHR system functionalities over time, from simple data access to data modification and, more recently, automated assessment, prediction, and recommendation.

Conclusions

Efforts are needed to improve (1) PHR data quality through patient-centered user interface design and standardized patient-generated data guidelines, (2) data integrity through consolidation of various types and sources, (3) PHR functionality through application of new data analytics methods, and (4) metrics to evaluate clinical outcomes associated with automated PHR system use, and costs associated with PHR data storage and analytics.

Introduction

The idea of patient health records (PHRs) emerged in the early 1970s [ 1 , 2 ] with the goal of increasing patient engagement and empowerment, which in turn was intended to enable continuity of care, error reduction [ 3 ], treatment choice, and patient-provider partnership building [ 1 , 2 ].

An extension of traditional electronic health records (EHRs), PHRs created a patient-centric platform supporting the new vision of health services that enables patient-provider information sharing and collaboration, with the goal of improving health outcomes and reducing costs. In recent decades, great strides have been made toward achieving these far-reaching goals in research and practice. Through the implementation in the United States of the Health Information Technology for Economic and Clinical Health (HITECH) Act passed in 2009, the use of PHR data is becoming more commonplace [ 4 ]. As defined by the program, the initial stage of meaningful use encourages providers to integrate technology into medical practice, making vast amounts of patient data available electronically. Later stages of the program focus on empowering patients by providing them with online access to their heath data.

The use of PHRs has grown since the rise of mobile computing and advancement of patients’ technical aptitude. As an extension of EHRs, PHRs have been developed to enable patients to manage their own health care. These records include (1) EHR-transmitted data such as laboratory results and summary of care, and (2) patient-generated data such as symptoms. The amount of overlap in terms of data and functionalities between the EHR and PHR depends on the type of implementation: tethered, interconnected, or stand-alone [ 5 ]. Functionalities available through the PHR are intended to be used by patients, rather than by providers, and include appointment scheduling, prescription refill, and secure messaging [ 6 ]. The newly developed PHRs created a complementary source of clinical data such as patient-reported outcomes [ 7 - 9 ], physician ratings [ 10 ], medication adherence [ 11 ], and social support [ 12 , 13 ], and they allow for new data analytics techniques to detect, measure, and predict health-related outcomes. The United States has been a leader in the field of PHR data analytics. One reason for the growth of health care analytics in the United States is the incentivization of such research through federal initiatives to deliver patient-centered care and quality-driven payment models [ 14 , 15 ]. The Partnership for the Future of Medicare [ 15 ] states that innovative methods, such as email consultations and self-monitoring, must be used to achieve individualized, effective care. Additionally, Medicare strives to make health care data more readily available and accessible, including quality and performance metrics. Taken together, these initiatives support health care data collection and utilization in the United States, making PHR analytics more feasible. However, the full potential of PHR cannot be realized until we have a better understanding of PHR data content, formats, and sources.

Tremendous amounts of patient data are now available through PHR systems. With patients’ permission, these data, along with the application of advanced data mining and machine learning, can provide significant new opportunities in research. For instance, models in areas such as disease prediction, patient risk assessment, and early symptom detection can now be improved, leading to major advances in health outcomes and cost optimization. However, along with new opportunities provided by PHR systems come data and user-related challenges. Data-related issues such as quality, privacy, and security pertain to collection, safe storage, and processing of large quantities of patient data from distributed information systems. Also, patients previously excluded from access to such systems may lack the expertise to understand the data [ 16 ].

This review assessed the scope of data and functionalities in PHR systems with the goal of understanding how these affect research on health information systems. The platforms today lack a global standard and vary widely in terms of functionalities, goals, privacy issues, and legal frameworks. Hence, looking at the evolution of PHR data elements through a literature review of US studies, we also investigated opportunities and challenges associated with this emerging platform. While our review and implications are US centric, many of the broader research ideas have emerged from global applications.

We conducted a review of US literature published from 1950 through 2015 to assess the scope and functionalities available through the PHR, along with associated data elements, formats, and sources. We summarized the results and classified the data content through functional categorization and chronological analysis, and identified gaps in the literature. Based on our findings, we present recommendations for health information systems research.

Eligibility Criteria

In this review, we defined PHR as an electronic record designed for patients to self-manage care [ 6 ]. Thus, we focused on data that were either entered by or transmitted to the patient to enable self-care management, regardless of PHR type or brand.

We considered US studies from 1950 through 2015. We limited our search to US-based studies because of variation in ontologies and legal and privacy frameworks across countries. Because we were interested in specific data content available in the PHR, rather than patients’ extent of system use, we excluded articles focusing on PHR adoption. Furthermore, we excluded articles containing data intended to be used only by health care providers, and that not to be viewed by patients. For example, articles reporting on physician use of patients’ hormone levels to assess risk factors and clinical outcomes were excluded from the analysis because this information was not intended to be used or viewed by patients. Finally, after reviewing the body of articles selected based on title and abstract, we excluded articles that focused on general concepts and did not mention specific data elements present in the PHR.

Data Sources and Search Strategy

To conduct our review, and using used PubMed’s Medical Subject Headings (MeSH) database as our starting point, we identified 5 search phrases referring to the PHR: (1) personal health record, (2) personal medical record, (3) patient health record, (4) computerized patient record, and (5) personal electronic health record. A search of eligible US studies on PubMed from 1950 to 2015 and on Embase and MEDLINE from 1966 to 2015 using the previously defined phrases resulted in 1822 articles ( Figure 1 ). The search results comprised articles containing any of the search phrases in all fields including titles and abstracts.

Literature review results. PHR: patient health record.

Title and abstract screening based on the inclusion and exclusion criteria by 2 reviewers (authors LB and AI) resulted in consideration of 334 articles. Data elements, associated data sources, and analytics techniques were described. The reviewers met after screening every 20 articles to compare results and adjudicate. Consensus was reached regarding (1) the final list of articles to be considered for full-text screening and (2) information extracted from the selected articles.

The full body screening resulted in a total of 106 articles used for data element extraction. Whenever available, reviewers LB and AI recorded the following information in an Excel 2010 (Microsoft Corporation) spreadsheet from each article reviewed in this study: (1) title, (2) author(s), (3) year of publication, (4) PHR data element(s) (ie, data collected by or shared via the PHR), (5) data type(s) (character, number, string, etc), (6) platform(s) (website, app, etc), (7) data storage (Excel database, Oracle, etc), (8) data entry (manual or electronic), (9) source, (10) receiver, (11) details regarding patient use, (12) barriers and issues, and (13) benefits.

Data Categorization

A list of all data elements extracted from the 106 selected articles was further grouped by the reviewers into major data categories. The data categories were based on a taxonomy created in a PHR systematic review published in 2011 by Archer et al [ 6 ], which served as a foundation for this work. Categories found in our review but not included in Archer et al’s review were identified and validated by a group of clinical informatics experts.

We categorized the PHR data and refined them after consultation with an informal focus group of clinicians. In cases where different terms referred to the same data element (eg, medications, pills, and drugs), we chose 1 of the terms and grouped all synonymous data elements together under this term. Metadata pertaining to PHR functionalities were extracted from the articles and categorized based on content. For instance, articles mentioning the PHR reminder functionality were listed as references for data elements such as appointment reminders and prescription reminders, and were categorized under scheduling and treatments, respectively, as opposed to grouping all reminders under an umbrella “reminders” category. Additionally, some of the PHR data elements could have been included in different categories, depending on the user’s perspective. For example, the data elements described as prevention adherence could be viewed by the patient as part of a prevention plan but perceived by the provider as compliance with recommended health procedures and activities. We refined and ordered data categories listed in the results table based on their typical sequence of patient health care delivery. For example, scheduling data were listed before treatment data, which were listed before outcomes.

Functional Taxonomy and Chronological Analysis

Following PHR data extraction and categorization, we performed a cross-categorical analysis of the data by percentage, source, and format. Additionally, we completed a longitudinal analysis of the time of first mention of the data element in the literature.

Extraction Results

The literature review identified 13 major categories of PHR ( Multimedia Appendix 1 [ 17 - 117 ]). At least one data element was included within each of the main categories, and details on the data elements and their corresponding references are provided. In addition to the data elements previously reported in Archer et al’s systematic review, this research identified 22 new data elements. Additionally, we distinguished 3 data elements from Archer et al’s review in the more recent PHR literature and separated them into more than one data element.

Patient data elements reported in the literature are available in Multimedia Appendix 1 .

The comparable data elements identified in both reviews were personal information, problem lists, surgical history (procedures, hospitalizations), medical history (family history), provider information (provider list), allergies, home monitoring data, medical history, psychographics (social history, lifestyle), immunizations, prescription medications, and notes.

The data elements not previously reported in Archer et al and that we identified in this research were (1) genetic data, (2) preferences, (3) PHR settings, (4) facility information, (5) personalized search results, (6) visit preparation information, (7) compliance, (8) medical equipment and supplies, (9) self-treatment, (10) treatment plan, (11) outcomes, (12) patient-provider message, (13) incentive programs data, (14) patient health education material, (15) trainings, (16) personalized health advice, (17) environmental information, (18) assessment information, (19) personal health goals, (20) health care cost management, (21) insurance data, and (22) health status.

In our research, we were also able to separate Archer et al’s preventive health recommendations into (1) preventive care and (2) prevention adherence. We broke examinations and diagnoses down into (1) vital signs and anthropometric data, (2) physiological information, and (3) diagnosis. We further distinguished laboratory tests and appointments as (1) results, (2) imaging, and (3) appointments.

Functional Taxonomy and Chronological Analysis Results

We grouped PHR data elements by source, format, and time of first mention. Analysis of data elements mentioned in the literature allowed for description of information available for analytics use. This analysis also revealed the capabilities available to patients through PHR systems.

Patient Health Record Systems Data—Scope

The bar graph in Figure 2 displays the frequency of data elements described in the articles we reviewed. To obtain the percentages, we divided the total number of citations for each of the major data categories by the total number of citations for all major data categories combined. Figure 2 shows a wide range in the frequency of data categories described in the literature, with health history being the most frequently occurring data category, accounting for 88 out of 450 (19.6%) total citations, and outcomes being the least frequently mentioned, accounting for 2 out of 450 (0.4%) citations.

Patient health record (PHR) data category by citation percentage.

The 4 most frequently occurring data elements (health history, treatments, patient general information, and diagnostics) accounted for 269 out of 450 (59.8%) total citations and were typically added to PHRs through extraction from the patients’ EHR.

In addition to data elements extracted from the EHR, a significant amount of data, such as information about medication adherence and self-care, is entered by patients. However, we found PHR-entered data less frequently in our review, representing about 27% of the 450 total citations: 34 (7.6%) citations related to educational resources, 31 (6.9%) citations related to scheduling, 19 (4.2%) citations related to communication, 17 (3.8%) citations related to visits, 9 (2.0%) citations related to daily living patterns, 3 (0.7%) citations related to patient environment, and 2 (0.4%) citations related to outcomes. These likely reflect new functionalities provided to patients through their PHR during our review period. Administrative data accounted for 18 (4.0%) of total citations and consisted of information on health care cost management and insurance data. Health care cost management included information on admissions and discharges and on health spending. Insurance information, on the other hand, provided patients with information such as insurance claims, benefits, copays, and reimbursement.

Data available in the PHR were generated by a multitude of devices, and were entered by different parties (ie, patients and providers) through various platforms ( Table 1 ). We found that data elements related to the patient-provider encounter, such as patient general information, diagnostics, psychosocial status, treatments, visits, and outcomes data, were generally extracted from the EHR. More recent data elements were entered through patient portals (such as educational resources and patient environment data), or transmitted by sensors and tracking devices (such as daily living patterns).

Patient health record data: common formats and sources.

a GIS: geographic information system.

The variety of PHR platforms led to the generation of different data formats ( Table 1 ). Newly generated patient data were not limited to plain text and numbers in structured tables. Electronic messages, for example, were composed of text and metadata describing the time of transmission and the identity of sending and receiving parties. Templated documents and forms were used for standard reports such as legal documents, care plans, and insurance reports [ 46 ]. Images, also prevalent in PHRs today, were used by patients and providers to capture, store, and transmit health data, such as radiology results (2-dimensional x-rays, 3-dimensional computed tomography scans, positron emission tomography scans, magnetic resonance imaging scans, 4-dimensional beating heart) [ 84 ], signs and symptoms (wound images) [ 91 ], camera uploads [ 31 ], health trends (growth charts) [ 46 ], mood graphs [ 37 ], blood sugar graphs[ 99 ], laboratory flow sheets [ 31 ], and legal documentation (power of attorney for children and adolescents) [ 22 ]. Audio and video were used to capture phone call content [ 46 ] and record visits [ 46 ]. Newer data formats generated by patient tools and mobile apps included Google Maps for facility information and Google Calendar entries associated with appointment scheduling [ 31 ].

Patient Health Record Systems Data—Evolution Over Time

Next, we analyzed the data elements extracted by the year of first mention ( Figure 3 ). In the early 1990s, PHR data elements mentioned in the literature pertained to researchers’ and practitioners’ visions of potential future systems. These included general patient data, such as demographics, and medical encounter information, such as visit summary.

Patient health record (PHR) data elements by year of first mention.

After initial uses of PHR systems in the early 2000s, new data elements such as appointments, preferences, and system settings emerged. More recently, PHR data included reminders (eg, appointment reminders [ 51 , 99 , 101 ], medication reminders [ 93 , 110 , 114 ], screening and laboratory work reminders [ 42 , 46 , 110 ], immunization reminders [ 29 , 30 , 55 , 57 , 82 , 90 ], preventive care reminders [ 21 , 59 , 60 ], and health maintenance reminders [ 82 ]), in addition to alerts [ 22 , 76 , 77 , 99 ], identification of personal health goals [ 19 , 24 , 38 - 40 , 43 , 72 , 74 ], and disease prevention [ 76 , 77 , 99 , 110 , 115 ]. Tracking and monitoring data via e-journals [ 82 ] and diaries [ 50 ] also became available.

Today, PHR data are generated through different tools and devices. Tracking devices, now transmitting time-series PHR data, are used to monitor patients’ vital signs, such as blood pressure and glucose level (biomonitoring devices) [ 74 , 99 ], and to detect abnormal events, such as alerts from implantable cardioverter defibrillators [ 117 ].

Patient Health Record Systems Functionalities—Scope

PHR data were mainly used to provide added functionalities to patients. The provider search results [ 20 , 22 , 47 , 49 , 64 ], for example, helped patients locate health care providers and health-related services. Similar functionalities enabled patients to obtain health advice from support groups. Other functionalities assisted patients with preparing for medical encounters through visit preparation questionnaires [ 24 , 46 , 66 , 70 - 72 ]. Functionalities such as incentive programs [ 43 , 56 , 66 , 73 , 74 ] empowered patients through self-health monitoring. Finally, a unique PHR data category discovered in our review, environmental information [ 36 , 50 , 56 , 67 ], captured community health concerns and environmental domains, which can be linked to functionalities such as assessment of environment-related risk factors and recommendations for preventive care.

Patient Health Record Functionality Evolution Over Time

Description of the data extracted revealed which functionalities were available to the patient through the PHR and indicated an interesting evolution of PHR functionalities ( Figure 4 ).

Patient health record functionality evolution over time, showing the most common sources, data types, and functionalities found in the review. EHR: electronic health record.

The evolution of PHR data elements over time ( Figure 4 ) illustrates the general inclination in the early stages toward providing the patient with access to health information regarding their medical encounter.

Even though the giving patients access to their own health data was initiated in the 1970s, PHR systems were not widely used until the early 2000s. Because of the infancy of PHR systems, research in this domain has focused on system adoption and how it relates to patient satisfaction. Only limited research is available on how to leverage PHR data to improve health outcomes.

Starting in 2005, data elements reported in the literature indicate a shift toward a more interactive view of the PHR system and the introduction of several new attributes and functionalities. Patient PHR settings, including security and privacy preferences, became more prevalent. The most significant development of this time period of PHR evolution was the interaction and engagement of the patient with the system. Functionalities such as patient-provider secure messaging and appointment scheduling were becoming more common.

More recently, the PHR system has seen a greater inclusion of patient tracking and monitoring functionalities as daily reported data from patients and caregivers become more prevalent. Albeit rare, PHR systems also increasingly allow for cost measurement and management.

Implications and Future Directions—PHR Data

Overall, the results indicate an increasing focus in the literature on newer types and sources of data, as well as on providing patients with access to their health data. Yet some of these may be progressing so rapidly that important related issues are somewhat neglected. Few studies, for instance, have examined the impact of user interface design on patients’ understanding of data and system use. Issues associated with the use of PHRs are mainly related to patients’ understanding of the underlying information presented. Problems related to understanding of health data may lead to stress and anxiety [ 63 ], which could outweigh the potential benefits of data access. Hence, research is needed in the area of data visualization and representation models specifically targeted for patient use. Examples of such models available in the literature are the what-if analysis, [ 99 ] brief intervention [ 109 ], and traffic-light feedback system [ 74 ]. These methods indicate the risks associated with specific health activities, along with related outcomes and recommended interventions. The traffic-light feedback system, for example, provides patients with an effective visualization tool to track their progress toward attainment of blood pressure goals.

In addition, more research is needed to investigate and improve the quality of patient-entered data. Today, more than 35,000 mobile health apps are available for the iOS and Android operating systems, generating large amounts of data [ 118 ]. Data are also increasingly entered through patient forums and portals. While new platforms allow the generation and availability of large data volumes, the wide variety of levels of expertise could lead to reliability and validity issues. Patient-entered data have been shown to be reliable for simple measures such as demographics and symptoms, but less reliable when they pertain to reporting more complicated measures such as laboratory values [ 5 ]. One method for improving accuracy could be to provide patients with standardized measures and guidelines for entering their own data, but even that needs to be part of a broader strategy to verify accuracy of data through triangulation from multiple sources.

As the variety of PHR data sources increases, special care is needed for data curation [ 119 ] and harmonization [ 120 ]. Processes need to be established to produce usable patient-reported data that can be used for research [ 121 ]. Standards need to be developed to improve interoperability between different components of the new PHR systems [ 122 ]. Data integration methods, such as entity stream mining [ 123 ], might be required to cross-reference patient data generated by different tools and devices.

In the coming years, PHR systems will create many data-related challenges, such as quality, heterogeneity, openness, security, scalability, and transparency. Abundant patient data might also trigger information overload. While potentially beneficial for improving health outcomes, streaming patient data can amount to very large volumes, creating new data quality, storage, and analysis issues. All of these challenges open doors for valuable research in health information systems.

The large amounts of data generated by sensors and devices might also require storage and analysis on the cloud [ 118 ], potentially increasing storage and analysis costs. Sharing patient data between networks may also create a risk of personal health information disclosure [ 124 ], generating additional costs for preserving patient privacy and security. This could also necessitate stronger methods for patient data protection beyond today’s practice, which opens up yet another important avenue for health informatics research.

Implications and Future Directions—PHR Functionalities

Overall, PHR data evolution indicates a general trend toward greater patient engagement and health tracking. Moving forward, a continuation of these trends will lead to accumulation of vast amounts of rich data. If patients provide permission, research on PHR data can pave the way for patient-centered care.

The design of patient-centered decision support systems that use a combination of comprehensive individual patient information and aggregate data (collections of patient records) to provide personalized patient recommendations will be a significant area of research.

While past literature has listed patient-provider messaging as an important communication tool for patients and providers, secure message content may potentially provide a valuable patient data source for analysis. Based on their reported intended use, patient secure messages may contain information regarding health-related concerns such as new symptoms and adverse events. Among other possibilities, information retrieved from secure messages could, therefore, be used in research to identify treatment side effects and build patient risk models. However, it is important to keep in mind that terminology used by patients is likely to differ from terminology used by providers. Hence, natural language processing models traditionally used to extract patient information from provider notes may need to be adapted to fit the patient context.

Recently developed and highly effective deep learning algorithms could also be used to extract, search, sort, and analyze information from the tremendous amounts of image, voice, and video data [ 125 ] available in the PHR. Other new techniques might be needed to analyze relational data, such as from Google Maps and Google Calendars.

Also, current methods used to store, extract, and analyze EHR data are not adequate for analysis of large volumes of time-series data. Nonrelational databases might be needed to store tracking information. Stream learning algorithms [ 126 ] would also need to be applied to extract meaningful information from the terabytes of streaming data analyzed.

As patient-centered decision support systems are being implemented, it is important to ensure the validity of the generated output. Misclassification errors can be dangerous in this domain. Patient systems, which are embedded in mobile devices, need to be evaluated and approved by medical experts. Data transmitted from different sources can potentially be leveraged by providers to improve patient and population health outcomes. However, accurate measures are still needed to assess and improve the performance of such systems. In addition, these metrics need to account for biases present in patient-generated data. Prior research indicated that PHR systems are mostly used by patients who are typically more sick. Those are patients with comorbidities, such as cancer survivors [ 127 ]. Therefore, findings and models generated from analyzing these data might not be generalizable to other patient populations.

The new health care vision in the United States is characterized by automation and collaboration, creating the need for adaptation by all actors in the industry. Empowered patients today have the opportunity to leverage PHR systems data and functionalities. This, however, requires some level of technical expertise for system access and interaction, and medical knowledge in order to understand and interpret the medical information presented. Similarly, medical providers now have to learn and adopt new technologies in order to report medical data and communicate with patients. As a major actor in the health care industry, insurance companies also need to adapt to the new industry environment. Insurance firms today need to assess the value of virtual medical encounters and automated care, and process new types of patient data such as secure messages. Adaptation methods by all health industry players are yet to be assessed and optimized.

Limitations

A limitation of this study is its focus on PHR data reported in the literature. The evolution of PHRs as described in this study might not necessarily reflect the state of the practice. More research is therefore needed to extract and evaluate PHR scope and the functionalities of the various PHR systems available in practice. Also, as mentioned above, this study focused on US studies, thereby limiting the scope of our analysis. Research comparing PHR systems in the United States with those used in other countries would help improve future data uses.

Digital health platforms have changed drastically in recent years. The introduction of distributed PHR systems enabled a shift toward more personalized and increasingly automated health care. The multiuser nature of PHR systems also facilitated patient-to-provider and patient-to-patient information sharing. Yet these changes generated opportunities and challenges at the user, system, and industry levels. Our assessment here of the state of the patient digital infrastructure serves as a valuable foundation for future research. Research implications identified also offer ways to significantly advance health information systems research. Identifying available PHR data also facilitates the development of intelligent health systems. Although primarily aimed at health information systems researchers, implications listed in this study can be further extended to health practitioners, insurance providers, and policy makers.

Abbreviations

Multimedia Appendix 1

Conflicts of Interest: None declared.

• Sales CRM Software
• Application Portals
• Call Center CRM
• Mobile CRM App
• Omnichannel Communication CONVERSE
• Reporting Dashboard SIERA
• Lead Management System
• Opportunity Management
• Sales Process Automation
• Sales Tracking
• Door-to-Door Sales
• Remote Team Management
• Field Sales CRM
• Merchant Onboarding App
• App UI/UX Customizer CASA
• Outside Sales CRM
• Field Force Automation
• Collections Management
• Field Force Tracking
• Event Campaign Management
• Bancassurance Management
• Marketing Automation
• Chatbot - Website
• Chatbot - WhatsApp
• Landing Pages
• Email Campaigns
• Lead Capture Automation
• Lead Engagement
• BTL Marketing Automation
• Advanced Marketing Analytics
• Hospitals and Clinics
• Hospice and Palliative Care
• Fertility Clinics
• Dental Care
• Diagnostics Labs
• ACQUISITION
• Patient Intake Automation
• Patient Appointment Scheduling
• Healthcare Call Center Solution
• Patient Experience Management
• Self-serve Patient Portals
• EHR Integration
• Physician Empanelment
• Security and Compliance
• Patient Engagement
• Higher Education
• Pre-schools and K12
• Training Institutions
• Overseas Education
• Student Recruitment Software
• Admission Portal
• Teacher Onboarding
• Publisher Portal
• Admission Software
• Credit Unions
• Securities and Trading
• Lending CRM
• Loan Origination System
• WhatsApp Lending Bot
• Debt Recovery Automation
• Bancassurance Solution
• PAPERLESS ONBOARDING
• e-KYC Solution
• Video KYC Solution
• Merchant Onboarding
• Merchant Lifecycle Management
• Travel and Hospitality
• Agriculture
• Home Improvement
• View by Industries
• 11 Modules of Hospital Management System and their Benefits

Ever wondered what it is like to manage an entire hospital?  

It definitely sounds difficult.  

Well, if you’ve landed on this article, you know that efficiently running an entire hospital isn’t a walk in the park. Although it is essential, it gets overwhelming at times.  

Time is of the utmost importance when it comes to healthcare. Imagine the severity if there is even a minor delay or fault while sharing the results and diagnosis.  To simplify operations and efficiently manage patient records, leading hospitals use a hospital management system.  Employing hospital management software helps you reap the maximum benefits from your work.  

Before discussing in detail how you can leverage an HMS to the fullest, let us understand what an HMS is and why it is needed. 

What is a Hospital Management System?

A study showed that healthcare providers spend 35% of their time on documenting patient data. While paperwork is unavoidable in a hospital, you can automate the process and reduce the burden on the staff and doctors. Not just this, hundreds of other processes run parallel in a hospital. An HMS is a one-stop solution to manage all hospital processes and data transfer. You can use it to digitize and simplify activities like: 

• Patient record management 
• Tracking and managing appointments 
• Maintaining staff records 
• Billing and insurance claims 

Overall, an HMS helps you improve patient experience and the quality of service provided in the hospital.  At the same time it is also used to minimize operating expenses and improve the revenue cycle.  

In a nutshell, Hospital Management System (HMS) creates a frictionless approach to managing the entire hospital and solving operational complexities.  

However, HMS can be a complex system. For ease of understanding and implementation, it is divided into different modules. These modules are built depending on the needs of a department or a particular process. Let’s look at the 11 HMS modules that are essential for any hospital to improve end-to-end productivity. 

11 Essential Hospital Management System Modules

Below we have discussed the 11 hospital management system modules in the same order that a hospital would need them, according to a patient’s journey. 

1. Appointment Management   

Managing appointments manually is not only tedious but also increases the chances of human errors. Even patients are inclined to choose a hospital with an option to book appointments online. In a recent study, 68% of patient s said they would prefer to schedule, modify, or cancel appointments online.  

This hospital management system module enables you to add a scheduling option to your hospital’s website so that patients can easily schedule an appointment.  

Once your patient has booked an appointment, the HMS software for hospitals will match the patient’s illness to the doctor’s area of expertise. It will then assign them to the next available specialist or the one they prefer. It also updates the available slots in real-time to avoid any confusion at the hospital.    The next step in appointment booking is to collect medical documents. An HMS with a patient portal is used to collect documents and share the patient history with the doctors well in advance. If the patient requires assistance at his/her house, the system will check the doctors’ availability for the remote visit and allocate accordingly. In this way, you can create a smooth and error-free process by digitizing the appointment booking process.

2. Patient Management   

After the patient onboarding is completed, the patient is moved to an IPD or OPD. The patient management module of HMS caters to the needs of the inpatient and outpatient departments. It captures and stores the medical history, treatment required, details of their previous visits, upcoming appointments, reports, insurance details, and more.   

Patient management software also generates unique admissions numbers for each patient to easily manage admissions, discharges, and transfers. It also builds a comprehensive discharge summary to ensure smooth discharge. At the same time, it records and generates related documents, e.g., consent forms for electronic signature. 

When you start collecting and storing details on hospital software systems, by default you also eliminate the need to get these details on every visit. HMS enables doctors and staff to focus more on treatment than administrative work.  

Now, if you wish to automate other activities like patient communication, consider integrating your HMS with marketing automation software such as LeadSquared . It will enable you to automate communication with patients and doctors. You can send appointments and lab test reminders, or follow-ups, and build meaningful long-lasting relationships.  

3. Facility Management    

To provide a smooth experience for your patients, it is essential for your staff to have easy access to necessary hospital records. The facility management module of a healthcare management system helps you to maintain records of bed availability, occupancy status of rooms with specialized care, and more.  

Healthcare management systems collect all such information and make it readily available to your receptionist. 

If you have multiple facilities, then an HMS connects them to provide an overall picture. For example, doctors can access patient data from any hospital using an online hospital management system. Patients can visit any hospital according to their convenience, as all the records are available online. 

4. Staff Management    

The staff management module provides a concrete solution for the HR department. It contains records of your staff, job description, service domain, and other vital details.  

It helps you to know your staff without going through a heavy bundle of files. Additionally, it enables you to plan the hiring process based on the requirements of the hospital.   

5. Supply Management    

A hospital cannot afford to be short of medical supplies. Not having the medicine at the right time or a minor delay in refill can lead to severe results. The supply management component of the HMS tracks the availability of medical stocks. It helps you calibrate the minimum quantity of supplies required without any hassle. It records the purchase date, quantity consumed, and supplier details. This way, you can calculate or predict the next purchase and reorder before the stock falls short.  It also provides the details of the medicine available so that doctors can prescribe the ones in stock.   

6. Financial Management   

The financial management component of an HMS deals with the financial affairs of your hospital. It calculates, stores, and presents the billing information to the patients.   

Additionally, it also records the expenses incurred by the hospital, revenue data, and other financial details of the hospital.   

This consolidation saves you the trouble of analyzing a colossal pile of record books.

7. Insurance Management   

An HMS’ insurance management component records and stores patients’ insurance details. On requirement, it presents the policy number, insurance company, and other associated information.   

The hospital management software makes it easy to fetch these details, making insurance validation easier. 

8. Laboratory Management    

The laboratory management feature of hospital management software shows the details of various lab tests patients take. It furnishes reports when needed and maintains all records collectively.  The doctors can easily access it. It also notifies the doctor and the patients when the results are ready.

9. Report Management    

Report Management module, records and stores all the reports generated by the hospital.   

In the case of financial reports, it analyzes performance metrics to check the business profitability. It also provides a comparison between performance reports for different years. An authorized person can access these hospital management system reports whenever required. 

Furthermore, you can use healthcare dashboards to present these reports in an easy-to-read format. 

10. Vaccination Management  

A vaccination model of hospital management software keeps track of all the completed or upcoming vaccinations. It updates you about upcoming vaccinations and books a slot with the doctor. It also sends timely reminders to parents to ensure they don’t miss the slot. 

11. Support Management

Patient satisfaction is of utmost importance for any hospital. This segment records data like inquiries, complaints, requests, and feedback from patients. It also ensures that you handle these requests and problems appropriately and at the soonest. You can automate the feedback collection process to reduce the staff’s workload, and everyone could fill out the feedback form. 

If you are still thinking of whether or not to implement an HSM. To answer this let’s discuss the benefits you will observe after implementing an HMS. 

Benefits of a Hospital Management System

1. enhanced communication between the patient and the hospital.

59% of millennials are willing to switch doctors for better online access. An HMS will improve communication between patients and hospitals by allowing patients to access their medical records, book appointments, receive reminders, and communicate online with their doctors and nurses. You will have improved patient engagement, a reduction in waiting times, and increased patient satisfaction.   

2. Secured hospital data

Hospital management software must help you keep hospital data safe and secure. You can limit the access to authorized personnel only. Make sure to look for HIPAA Compliant software for PHI security.   

3. Improved access to patient data

You can have easy entry to all patient-related data on a system using an HMS. You can also access data such as patient history, doctors engaged, test results, billing information, and many more with just a few clicks.   

4. Reduced turnaround time

Streamline your hospital workflows by automating routine tasks like appointment or inventory management . This reduces the time and effort required to perform these tasks and the turnaround time. It also allows hospital staff to focus on more critical patient care areas.   

5. Cost-effectiveness

Implementing hospital management software can lead to significant cost savings for hospitals. It helps by reducing administrative overheads, improving resource allocation, and minimizing the wastage of medical supplies. An HMS can also optimize revenue streams by ensuring timely billing and reducing claim denials.    

6. Intelligent analytics with automatically generated reports  

An HMS can provide valuable insights regarding operations by generating real-time reports on various metrics, such as patient flow, occupancy rates, and revenue generation. This enables you to make data-driven decisions, improve processes, and optimize resources.    

7. Centralized administrative control

An HMS helps build a centralized platform for managing operations, allowing hospitals to streamline their administrative processes. It ensures consistency across departments. This can improve efficiency, reduce errors, and better overall patient care.   

8. Reduced medical errors

An HMS can help reduce medical errors by providing doctors and nurses with up-to-date patient information. It minimizes the risk of misdiagnosis, incorrect treatment, or adverse drug interactions.   

9. Reduced readmissions and rehospitalization rates  

An HMS can also reduce readmissions and rehospitalization rates by ensuring timely follow-ups. This improves patient outcomes and reduces the risk of complications.   

To get to know how effective a Hospital Management System can be for hospitals, let us have a look at the example of how Manipal Hospital benefited from it. 

How LeadSquared Helped Manipal Hospitals to Improve Reporting and Lead Management  

Manipal Hospitals is one of India’s largest healthcare providers, with over 27 multispecialty hospitals. They have multiple teams working together to enable a smooth patient experience.  

With a high patient volume and each team working on a different platform, keeping track of each patient’s journey and managing appointments became increasingly hard for Manipal Hospitals. They needed to centralize leads across India while securely managing patient information. LeadSquared provided an all-in-one solution integrated with their existing HIS. 

Key Results: 

• Zero Lead Leakage 
• 360° View Across Teams 
• Better Patient Management 

LeadSquared’s APIs and connectors help us collect detailed patient data and integrate it with our core HIS system. The dashboards and reports enable us to work with this data and derive great insights from it. Both these features help streamline processes, save time, and in turn boost team productivity. Kiran Ramakrishna, Assistant Manager, Manipal Hospitals

[Also read: Manipal Hospital Improves Reporting and Lead Management to know the complete story.]

Conclusion  

Hospital Management System (HMS) is essential to the delivery of modern healthcare. It can boost patient outcomes, lower medical errors, and improve the overall quality of care. It enables hospitals with a centralized platform to manage their operations, automate mundane processes, and enhance communication.   

Moreover, Healthcare CRM , when integrated with the Hospital Management System, helps you combine professional medical care with quality patient service.    

To experience the benefits of an integrated HMS and Healthcare CRM system, get in touch with our team today!  

Also read:   

• What is Healthcare CRM?    
• EHR integration with healthcare CRM software    
• Patient satisfaction survey questions   
• Healthcare CRM – A 61-question checklist to help you make the right decision  

There are generally two types of HMS, cloud-based and on-premises. A cloud-based or web-based hospital management software is hosted on the provider’s server. In contrast, on-premises hospital management software is hosted on the hospital’s private server and data centers.  A cloud-based hospital management system is more popular as it is cost-effective, and the provider can handle it remotely.

While implementing an HMS, you may face the following challenges:  1. Cybersecurity  2. Lack of technical team support  3. Complex interface  4. Higher initial implementation cost  To overcome these challenges, you need the right provider. They will ensure data security and support the implementation and staff training.  

An off-the-shelf CRM is popular as it is cost-effective and quick to implement. It is a great option for small to medium sized organizations looking for basic and essential features. Whereas a custom-built HMS provides more control over the usage and features.  

Awantika is a healthcare marketer with LeadSquared. She has been a part of the content and product marketing game for almost 3 years. You can connect with her on LinkedIn or write to her at [email protected].

Table of Contents

• Share on Facebook
• Share on WhatsApp
• Share on LinkedIn

Want to see LeadSquared in action?

• Customer Portal
• Performance Management
• Dev Platform LAPPS
• Help Portal
• Pricing SALES
• Pricing MARKETING
• Education CRM
• Healthcare CRM
• Insurance CRM
• Banking CRM
• Real Estate
• Marketplace CRM
• Manufacturing CRM
• What is CRM
• What is lead management
• What is vendor management
• What is sales management
• Case Studies
• Guides & Blogs
• Compare CRM
• CRM Glossary
• Sales Glossary
• Media & News

GET IN TOUCH

(+1) 732-385-3546 (US)

080-46971075 (India Sales)

080-46801265 (India Support)

62-87750-350-446 (ID)

• Legal & Compliance

Attain 100% lead capture, 75% increase in sales efficiency and 2x engagement.

• Open access
• Published: 15 August 2024

Balancing confidentiality and care coordination: challenges in patient privacy

• Ateya Megahed Ibrahim 1 , 2 ,
• Hassanat Ramadan Abdel-Aziz 1 , 3 ,
• Heba Ali Hamed Mohamed 4 ,
• Donia Elsaid Fathi Zaghamir 1 , 5 ,
• Nadia Mohamed Ibrahim Wahba 1 , 6 ,
• Ghada. A. Hassan 7 ,
• Mostafa Shaban 8 ,
• Mohammad EL-Nablaway 9 ,
• Ohoud Naif Aldughmi 10 &
• Taghreed Hussien Aboelola 11  

BMC Nursing volume  23 , Article number:  564 ( 2024 ) Cite this article

114 Accesses

Metrics details

In the digital age, maintaining patient confidentiality while ensuring effective care coordination poses significant challenges for healthcare providers, particularly nurses.

To investigate the challenges and strategies associated with balancing patient confidentiality and effective care coordination in the digital age.

A cross-sectional study was conducted in a general hospital in Egypt to collect data from 150 nurses across various departments with at least six months of experience in patient care. Data were collected using six tools: Demographic Form, HIPAA Compliance Checklist, Privacy Impact Assessment (PIA) Tool, Data Sharing Agreement (DSA) Framework, EHR Privacy and Security Assessment Tool, and NIST Cybersecurity Framework. Validity and Reliability were ensured through pilot testing and factor analysis.

Participants were primarily aged 31–40 years (45%), with 75% female and 60% staff nurses. High compliance was observed in the HIPAA Compliance Checklist, especially in Administrative Safeguards (3.8 ± 0.5), indicating strong management and training processes, with an overall score of 85 ± 10. The PIA Tool showed robust privacy management, with Project Descriptions scoring 4.5 ± 0.3 and a total score of 30 ± 3. The DSA Framework had a mean total score of 20 ± 2, with Data Protection Measures scoring highest at 4.0 ± 0.4. The EHR assessments revealed high scores in Access Controls (4.4 ± 0.3) and Data Integrity Measures (4.3 ± 0.3), with an overall score of 22 ± 1.5. The NIST Cybersecurity Framework had a total score of 18 ± 2, with the highest scores in Protect (3.8) and lower in Detect (3.6). Strong positive correlations were found between HIPAA Compliance and EHR Privacy ( r  = 0.70, p  < 0.05) and NIST Cybersecurity ( r  = 0.55, p  < 0.05), reflecting effective data protection practices.

The study suggests that continuous improvement in privacy practices among healthcare providers, through ongoing training and comprehensive privacy frameworks, is vital for enhancing patient confidentiality and supporting effective care coordination.

Peer Review reports

Digital technology has significantly transformed healthcare, enhancing care coordination and improving patient outcomes. However, this transformation brings forth critical challenges, particularly in balancing the imperatives of confidentiality and efficient care coordination [ 1 ]. The intersection of these essential elements, patient privacy and the seamless sharing of information among healthcare providers requires a nuanced approach to ensure ethical and legal compliance while optimising patient care [ 2 ].

Confidentiality in healthcare is foundational, rooted in bioethics principles and protected by laws such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States [ 3 ]. HIPAA establishes national standards to safeguard individuals' medical records and other personal health information, emphasising the importance of privacy in the digital age [ 4 ]. As digital technologies become more embedded in healthcare practices, ensuring compliance with these standards while facilitating the necessary flow of information for care coordination becomes increasingly complex [ 5 ]. Care coordination, defined as the deliberate organisation of patient care activities to facilitate the appropriate delivery of health services, is essential for achieving high-quality healthcare [ 6 ]. Effective care coordination requires timely and accurate sharing of patient information among various healthcare providers, which can be challenging when strict confidentiality rules are in place [ 7 , 8 ].

Nurses are responsible for ensuring patient information is shared accurately and promptly with other healthcare team members to facilitate effective care coordination [ 9 ]. However, they must also strictly adhere to confidentiality protocols to protect patient privacy. This dual responsibility can create significant tension and complexity in their daily practice. Nurses must navigate varying levels of digital literacy, differing institutional policies on information sharing, and the ever-present risk of data breaches or inadvertent disclosures [ 10 ]. Furthermore, the pressure to use electronic health records (EHRs) efficiently while maintaining patient trust and confidentiality adds to the complexity of their role [ 11 ]. These challenges highlight the need for robust training, clear guidelines, and support systems to help nurses effectively manage the delicate balance between confidentiality and care coordination.

Introduction

Electronic Health Records (EHRs) are central to enhancing care coordination by providing comprehensive, real-time access to patient health information, facilitating more informed decision-making and continuity of care [ 12 ]. However, digitising health records also raises significant privacy concerns, increasing the risk of unauthorised access and data breaches [ 13 ]. Thus, healthcare providers must implement robust security measures to protect patient data while ensuring it is accessible to authorised personnel when needed [ 14 ].

Although telehealth offers significant benefits in terms of accessibility and convenience, particularly for patients in remote or underserved areas, it further complicates the balance between confidentiality and care coordination [ 15 , 16 ]. It introduces challenges in maintaining patient privacy, preventing breaches, and safeguarding patient data [ 17 ]. Additionally, there is a critical issue concerning who has access to this information, which raises justice concerns about equitable access and safeguarding patient data. Addressing these concerns involves implementing robust access controls and consistently applying privacy measures across all telehealth platforms [ 18 ]. Patient consent is another critical factor for maintaining patient trust and ensuring that individuals know how their information will be used and shared [ 19 ]. However, the complexity of digital health systems can make it difficult for patients to fully understand the implications of consent, particularly regarding sharing their data across multiple platforms and providers [ 20 , 21 , 22 ].

Nurses play a pivotal role in balancing confidentiality and care coordination in the digital age, acting as guardians of patient privacy and key facilitators of information sharing. Their unique position on the front lines of patient care requires them to navigate complex ethical and practical challenges. Nurses are often responsible for inputting and accessing data within EHRs, making their adherence to privacy protocols crucial for protecting patient information [ 23 ]. Additionally, they serve as critical links in the care coordination chain, ensuring that relevant health information is accurately communicated among various healthcare providers to support comprehensive patient care [ 24 ]. As the healthcare landscape becomes increasingly digital, ongoing education and training for nurses in the technological aspects of EHRs and the ethical implications of data handling are essential [ 25 ].

Healthcare institutions must adopt comprehensive policies and technological solutions to manage the dual imperatives of confidentiality and care coordination [ 26 ] to help mitigate the risks associated with data breaches and unauthorised access [ 27 ]. Interoperability between different healthcare systems is another significant challenge, and efforts to develop and implement interoperable systems are essential for balancing the need for information sharing with protecting patient privacy [ 28 , 29 ] ensuring that patient welfare remains the primary focus [ 30 ]. In addition, empowering patients to take an active role is crucial, and education and communication strategies are essential for helping patients understand their rights and measures to protect their privacy [ 31 ].

Healthcare institutions must adopt comprehensive policies and frameworks to manage the dual imperatives of confidentiality and care coordination. These policies should include guidelines for data security, patient consent, and the ethical use of health information [ 26 ]. Technological solutions such as encryption, anonymisation, and secure access controls are crucial for protecting patient data in digital systems. These technologies help mitigate the risks associated with data breaches and unauthorised access, ensuring that sensitive information remains secure while being accessible to those who need it for patient care [ 27 ].

Interoperability between different healthcare systems is another significant challenge. The lack of standardised protocols for data exchange can hinder effective care coordination and increase the risk of privacy breaches [ 28 ]. Efforts to develop and implement interoperable systems are essential for balancing the need for information sharing with the protection of patient privacy [ 29 ]. Ethical frameworks must account for the potential benefits and harms of information sharing, ensuring that patient welfare remains the primary focus [ 30 ].

Patient engagement is also crucial in this context. Empowering patients to take an active role in their healthcare, including decisions about their information, can enhance trust and improve outcomes. Education and communication strategies are essential for helping patients understand their rights and the measures in place to protect their privacy [ 31 ].

In conclusion, balancing confidentiality and care coordination in the digital age is a complex but essential task for modern healthcare. Ensuring patient privacy while facilitating the necessary flow of information for care coordination requires a multifaceted approach that includes robust technological solutions, comprehensive policies, ongoing education and training, and active patient engagement. By addressing these challenges, healthcare providers can improve patient outcomes and maintain public trust in the healthcare system.

Significance of the study

This study is significant as it addresses the critical intersection of confidentiality and care coordination in the rapidly evolving digital healthcare landscape. By examining the practices and perceptions of healthcare professionals, particularly nurses, the research sheds light on how effectively these individuals face challenges posed by digital technologies while ensuring patient privacy. Understanding the dynamics of confidentiality and care coordination informs best practices and enhances the development of training programs and institutional policies to improve patient outcomes.

The findings of this study have several practical applications. Institutions can design targeted training programs focusing on both technical skills and ethical considerations to educate nurses on safeguarding patient information while ensuring efficient care coordination. Insights can inform the creation or revision of data security and patient consent guidelines, ensuring staff understand the importance of maintaining patient privacy and secure data sharing. Additionally, the study promotes integrating advanced security features in Electronic Health Record (EHR) systems, balancing data protection with necessary access for care coordination. This research can build patient trust by highlighting best practices and effective strategies for balancing confidentiality and care coordination, leading to better cooperation and health outcomes. Furthermore, these findings can support the development of standardised protocols for telehealth services, ensuring consistent privacy measures across platforms and improving equitable access to care.

Aim of the study:

Research questions:.

What are healthcare providers' primary challenges in maintaining patient confidentiality while utilising digital health technologies for care coordination?

How do different privacy assessment tools and frameworks impact the balance between patient confidentiality and the efficiency of care coordination in digital healthcare environments?

What best practices can be implemented to maintain patient privacy without compromising care coordination in the digital age?

Theoretical framework

The theoretical framework for this study incorporates several key theories to understand the balance between confidentiality and care coordination in the context of digital health technologies.

Privacy Regulation Theory, proposed by Westin32, emphasises that privacy is a fundamental human right involving control over the extent, timing, and circumstances of sharing oneself with others. This theory is crucial for understanding the importance of maintaining patient confidentiality in healthcare settings. It underscores the need for stringent privacy measures to build and maintain trust between patients and healthcare providers. Using this theory, the study addresses the first research question concerning healthcare providers' challenges in maintaining patient confidentiality. It offers a conceptual foundation for exploring the importance of privacy in patient-provider relationships and the implications of privacy breaches in digital health environments.

Health Information Technology (HIT) Adoption Framework, as described by Venkatesh et al.33, examines factors influencing the adoption of health information systems, such as perceived usefulness, ease of use, and institutional support. This framework is relevant for understanding how healthcare professionals, particularly nurses, adopt and utilise digital technologies while managing patient privacy. It addresses the second research question about how privacy assessment tools and frameworks impact the balance between patient confidentiality and care coordination. The framework provides insights into the factors that facilitate or hinder the adoption of digital health technologies, which is essential for effective care coordination.

The Technology Acceptance Model (TAM), proposed by Davis 34, explains how users accept and use technology, emphasising perceived ease of use as primary determinants. TAM is pertinent for understanding healthcare professionals' attitudes toward digital health technologies and how these attitudes influence their adoption and usage. This model supports the exploration of the third research question regarding best practices for ensuring patient privacy without compromising care coordination. It provides a basis for developing strategies to enhance the acceptance and effective use of digital health technologies among healthcare providers.

Ethical Decision-Making Framework, based on Beauchamp and Childress's principles of biomedical ethics—autonomy, beneficence, non-maleficence, and justice—guides ethical considerations in healthcare [ 35 ]. This framework is integral for evaluating the ethical implications of maintaining confidentiality while promoting care coordination. It helps address the ethical challenges identified in the first research question. It supports the development of best practices outlined in the third research question. This framework ensures that ethical principles guide decisions about information sharing and patient privacy in digital health environments. Additionally, Grady's Ethical Framework for Health Informatics emphasises integrating ethical considerations into the design and use of health information technologies, ensuring that privacy and care coordination are complementary goals [ 36 ].

Diffusion of Innovations Theory, proposed by Rogers [ 37 ], explains how new ideas and technologies spread within a social system, focusing on communication channels, social systems, and the attributes of innovations. This theory is relevant for understanding how digital health innovations are adopted in healthcare settings and their impact on confidentiality and care coordination. It helps explore the challenges of adopting digital health technologies addressed in the first research question. It supports identifying best practices for integrating new technologies into healthcare practice, as addressed in the third research question. The theory provides insights into the adoption process and the factors influencing the successful integration of innovations into healthcare practice.

Conceptual framework

The conceptual framework for this study explores the dynamic interaction between confidentiality, care coordination, and the utilisation of digital health technologies, with insights drawn from several theoretical perspectives. Confidentiality protects patient information from unauthorised access, which is critical for maintaining trust in healthcare settings [ 38 ]. Privacy Regulation Theory emphasises that privacy is a fundamental human right, focusing on controlling the extent, timing, and circumstances of sharing personal information. This theory underlines the necessity of robust privacy measures to ensure patient data security and build trust between patients and healthcare providers [ 32 ].

Care coordination refers to effectively managing and integrating patient care across different healthcare providers and settings. It involves ensuring that care is seamless and that information is shared appropriately among various stakeholders to provide comprehensive and continuous care [ 39 ]. The Health Information Technology (HIT) Adoption Framework sheds light on how factors such as perceived usefulness, ease of use, and institutional support influence the adoption of health information systems. This framework helps us understand how healthcare professionals integrate digital technologies into their workflows while managing patient privacy and enhancing care coordination [ 33 ].

Using digital health technologies includes tools such as electronic health records (EHRs) and telehealth platforms that facilitate communication, information sharing, and care coordination. These technologies are critical for modern healthcare delivery but also raise challenges related to confidentiality [ 1 , 2 ]. The Technology Acceptance Model (TAM) provides a lens through which to examine how perceived ease of use and perceived usefulness affect the acceptance and effective use of these technologies. Understanding healthcare professionals' attitudes towards these tools is crucial for improving their integration and addressing potential barriers to technology adoption, which impacts confidentiality and care coordination [ 34 ].

The Ethical Decision-Making Framework, guided by Beauchamp and Childress's principles—autonomy, beneficence, non-maleficence, and justice—offers a foundation for evaluating the ethical implications of maintaining confidentiality while promoting care coordination. This framework helps ensure that information-sharing decisions respect patient autonomy and adhere to ethical standards, balancing privacy with the need for effective care [ 35 , 36 ].

The Code of Ethics for Nurses further reinforces the importance of privacy by setting ethical guidelines for protecting patient information. This code ensures that nurses' practices align with ethical and legal standards, providing a practical framework for maintaining confidentiality while coordinating care effectively [ 14 , 17 ].

Lastly, Diffusion of Innovations Theory explains how new technologies spread within healthcare systems, emphasising the roles of communication channels, social systems, and the attributes of innovations. This theory helps us understand how digital health innovations are adopted and how they impact the balance between confidentiality and care coordination. It provides insights into the factors influencing the successful integration of new technologies [ 37 ].

The conceptual framework integrates these theories to comprehensively understand how confidentiality, care coordination, and digital health technologies interact. Each theory provides unique insights into the challenges and solutions of maintaining patient privacy while improving care coordination in a digital healthcare environment (Fig.  1 ).

Balancing confidentiality and care coordination in digital health

This cross-sectional study was conducted at General Hospital in Egypt to evaluate the balance between patient confidentiality and care coordination in the digital age. Data was collected from a sample of nurses working in various departments in the hospital. The recruitment process entailed inviting all eligible nurses through internal communication channels, such as email and notice boards, with detailed information about the study and the importance of their participation. A total of 150 nurses were needed to achieve a representative sample, calculated using the formula for sample size estimation for a finite population: n  = z2 * p * (1—p)/e2 [ 40 ], where Z was the Z-value (1.96 for a 95% confidence level), p was the expected prevalence (assumed at 0.5 for maximum sample size), and e was the margin of error (0.05). The inclusion criteria for the study included nurses working at Damietta General Hospital for at least six months, directly involved in patient care, and consented to participate. Nurses on extended leave, such as maternity or sick leave, or those involved in administrative roles without direct patient care responsibilities were excluded from the study.

Data collection tools

Six tools were used for data collection.

Demographic form

The demographic questionnaire for this study was designed following a comprehensive review of relevant literature and studies and included variables such as age, gender, marital status, current job title/position at General Hospital, years of nursing experience, highest nursing qualification attained, training received on patient confidentiality and digital health technologies, and primary language of communication in the workplace. These variables were chosen to provide a comprehensive profile of the participating nurses, enabling a deeper analysis of their perceptions and practices concerning patient confidentiality and care coordination in the digital healthcare environment.

Health insurance portability and cccountability act (HIPAA) compliance checklist

The Health Insurance Portability and Accountability Act (HIPAA) is a regulatory framework enforced by the U.S. Department of Health and Human Services (HHS) to safeguard patient privacy and secure health information [ 41 ]. Healthcare providers use the HIPAA Compliance Checklist to ensure adherence to regulations, protecting patient information from unauthorised access and breaches. The HIPAA Compliance Checklist was chosen for its comprehensive approach to ensuring regulatory compliance and its ability to provide quantifiable data on privacy practices to identify best practices for maintaining patient confidentiality and enhancing care coordination by evaluating how well healthcare facilities implement privacy measures in the context of digital technologies. Components include administrative safeguards, such as security management processes and workforce training; physical safeguards, like facility access controls and workstation security, and technical safeguards including access control and audit controls. The checklist also covers organisational requirements such as business associate contracts and documentation of policies and procedures. The checklist evaluates adherence using a scoring system that rates each component from 0 (non-compliant) to 4 (fully compliant), with a total score ranging from 0 to 100.

Privacy impact assessment (PIA) tool

The Privacy Impact Assessment (PIA) tool, as detailed by Wright and De Hert [ 42 ], is used to identify and mitigate risks and ensure compliance with data protection regulations by thoroughly evaluating how information is collected, used, shared, and stored. The PIA tool typically includes sections on project descriptions, methods of data collection, practices for data usage and sharing practices, data storage and security strategies, identification of potential privacy risks, and methods for mitigating these risks. Each section is scored on a scale from 0 (non-compliant) to 5 (fully compliant), resulting in a total score range from 0 to 35. The PIA tool is chosen to identify and manage privacy risks, which aligns with the study's aim to balance confidentiality and care coordination. It helps evaluate how effectively privacy measures are integrated into new systems, thus ensuring that privacy concerns are proactively addressed and managed.

Data sharing agreement (DSA) framework

The Data Sharing Agreement (DSA) framework [ 43 ] establishes clear protocols to ensure data privacy and security while facilitating effective care coordination to enhance patient care and comply with legal requirements. Key components of the DSA framework include defining the purpose of data sharing, specifying the types of data to be shared, outlining the roles and responsibilities of involved parties, implementing robust data protection measures, managing consent appropriately, and establishing terms for data use and retention. Regarding compliance evaluation, each section of the DSA framework was assessed on a scale from 0 (indicating non-compliance) to 4 (indicating full compliance), resulting in a total score range from 0 to 24. The DSA framework is chosen for its structured approach to managing data sharing while ensuring privacy and security. It supports the study's aim of balancing confidentiality with effective care coordination by providing a comprehensive system for managing data-sharing agreements.

Electronic health record (EHR) privacy and security assessment tool

The Electronic Health Record (EHR) Privacy and Security Assessment Tool [ 44 ] is critical for evaluating EHR systems' privacy and security features. This tool ensures that EHR systems adhere to regulations and best practices, protecting patient information against unauthorised access and breaches. Key components evaluated by the assessment tool include access controls, encryption methods, audit trail functionalities, measures for maintaining data integrity, and protocols for incident response. In terms of scoring, each component was typically rated on a scale from 0 (indicating non-compliance) to 5 (indicating full compliance), resulting in a total score range from 0 to 25. This assessment tool is chosen for its comprehensive approach to evaluating EHR systems' security and privacy features, aligning with the study's aim of ensuring effective privacy protection while facilitating care coordination.

National institute of standards and technology (NIST) cybersecurity framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework [ 45 ] is a foundational tool healthcare organisations, including nursing staff, use to enhance and assess their cybersecurity measures. Key components of the NIST Cybersecurity Framework include five core functions: Identify, Protect, Detect, Respond, and Recover. Each function incorporates specific categories and subcategories detailing activities and best practices for cybersecurity. Each core function can be assessed on a scale from 0 (indicating not implemented) to 4 (indicating fully implemented), resulting in a total score range from 0 to 20. This framework is selected for managing cybersecurity risks, aligning with the study's aim of safeguarding patient information while ensuring effective care coordination.

Validation and reliability

In the preliminary phase of this study, a pilot test was conducted involving 10% of the total nurses, equivalent to 10 individuals, using the newly introduced data sharing agreement (DSA) framework, the electronic health record (EHR) privacy and security assessment tool, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. These participants were excluded from the final sample size to mitigate any potential bias from their prior exposure to the research instruments, ensuring the integrity of the results. During the pilot phase, a crucial step involved implementing factor analysis. This statistical technique was employed to rigorously examine the relevance and accuracy of each component within the research instruments. Following the pilot study, the insights gained from factor analysis informed the decision-making process for the final study. The same factor analysis methodology was applied to the remaining nurses who were not part of the pilot study.

Additionally, content validity was rigorously employed as a methodological approach to validate the measurement instruments used in this study. Specifically, for the data sharing agreement (DSA) framework, electronic health record (EHR) privacy and security assessment tool, and National Institute of Standards and Technology (NIST) Cybersecurity Framework, content validity procedures were implemented to ensure that the items within these instruments accurately and comprehensively captured the intended constructs. Experts possessing considerable knowledge and experience in healthcare data sharing, cybersecurity, and relevant research methodologies critically evaluated the items to ensure that they effectively measured the key dimensions of data sharing protocols, EHR privacy and security features, and cybersecurity practices.

Reliability, a fundamental aspect of measurement accuracy in research, was meticulously assessed for each tool employed in this study. The data sharing agreement (DSA) framework underwent thorough scrutiny, with the calculation of Cronbach's alpha as a robust indicator of its internal consistency. The results revealed an impressive Cronbach's alpha value of 0.87, signifying a high level of Reliability. Similarly, the electronic health record (EHR) privacy and security assessment tool comprehensively evaluated its internal consistency using Cronbach's alpha. The findings were notably robust, with a calculated alpha value of 0.88. This high degree of internal consistency underscores the tool's Reliability in assessing EHR privacy and security features, indicating that it consistently measures these aspects stably and dependably. The Cronbach's alpha value of 0.88 signifies a strong level of agreement among the tool's items, further enhancing the credibility of the data generated from this instrument.

Ethical approval and consideration

This study adhered to stringent ethical standards and received approval from the Research Ethics Committee (REC) at the Faculty of Nursing, Zagazig University, Egypt under the code ID/Zu.Nur.REC#:0067. Nurses were described the study's objectives, methodologies, potential risks, and benefits and provided written, informed consent before participation, signifying their understanding of the study's purpose and their voluntary decision to contribute. Strict confidentiality measures were implemented, ensuring all collected data was anonymised and securely stored to protect participant privacy.

Statistical analysis

Statistical analysis was conducted using SPSS 26. Descriptive statistics, including counts, percentages, mean scores and standard deviations (mean ± SD), were systematically employed to offer a detailed overview of demographic characteristics and the usage status of the Privacy Impact Assessment (PIA) Tool, Data Sharing Agreement (DSA) Framework, Electronic Health Record (EHR) Privacy and Security Assessment Tool, and National Institute of Standards and Technology (NIST) Cybersecurity Framework. These statistical measures provided a nuanced understanding of the respondents' backgrounds, contributing valuable insights into the diverse composition of the sample and the distribution of tools' utilisation among participants. Spearman's rank correlation coefficient (r) was utilised to unveil significant associations among the tools, highlighting the interconnected nature of these critical constructs within the nursing context.

Furthermore, the study integrated inferential statistics, including ANOVA and t-tests, to add depth to the analysis of the tools. These statistical methods uncovered associations and significant differences related to demographic variables, contributing to a holistic understanding of the factors influencing nurses' attitudes and behaviours towards privacy, security, and data-sharing practices. This multifaceted statistical approach, executed with the aid of SPSS 26, captured the distribution of key attributes and explored relationships and patterns across variables pertinent to the tools' implementation and impact.

Table 1 shows the demographic profile of study participants. Most participants were between 31 and 40 (45%), followed by those aged 20–30 (35%). Female participants comprised 75% of the sample, while males comprised 25%. Most participants were married (55%), with 40% being single and 5% divorced or in other categories. Regarding job titles, 60% were staff nurses, 20% were nurse managers, 10% were nurse educators, and 10% were nurse practitioners. Experience-wise, 30% had 0–5 years, 25% had 6–10 years, 20% had 11–15 years, and 25% had over 16 years of nursing experience. Regarding qualifications, 40% held a diploma, 35% a bachelor's degree, 20% a master's degree, and 5% a doctorate. A significant majority had received training on confidentiality (70%), while half had training on digital health technologies. The primary language of communication was Arabic (80%), with English used by 20% of the participants.

Table 2 presents the mean scores and standard deviations for the components of the HIPAA Compliance Checklist. The results indicate that the highest compliance was observed in Administrative Safeguards, with a mean score of 3.8 ± 0.5. Technical Safeguards follow this with a mean score of 3.7 ± 0.6. Physical Safeguards had a mean score of 3.5 ± 0.7. In contrast, Organisational Requirements had a mean score of 3.6 ± 0.8. The overall total score was 85 with a standard deviation of 10, suggesting generally high compliance with some variability among the components.

Table 3 displays the mean scores and standard deviations for each Privacy Impact Assessment (PIA) Tool section. Across all sections, high scores were observed, indicating robust compliance with privacy standards. Project Descriptions received the highest mean score of 4.5 ± 0.3, reflecting clear and comprehensive project documentation. Data Storage and Security Strategies also scored a mean of 4.4 ± 0.4, highlighting strong measures for protecting data integrity and security. The total score of 30 ± 3 underscores overall high adherence to privacy protocols, albeit with some variability across specific assessment criteria.

Table 4 presents the mean scores and standard deviations (mean ± SD) for each Data Sharing Agreement (DSA) Framework component. The assessment reveals solid compliance across all components, with Data Protection Measures achieving the highest mean score of 4.0 and a standard deviation of 0.4, indicating robust safeguards for data security. Purpose of Data Sharing and Roles and Responsibilities both received a mean score of 3.8, demonstrating clarity in defining the objectives and delineating roles in data-sharing activities. Consent Management and Data Use and Retention Terms also scored well, reflecting comprehensive practices in managing consent and outlining data use and retention terms. The total score of 20 with a standard deviation of 2 indicates strong adherence to data-sharing protocols, with minor variability in assessment outcomes.

Table 5 presents the mean scores and standard deviations for each Electronic Health Record (EHR) Privacy and Security Assessment Tool component. Access Controls received the highest mean score of 4.4, indicating strong implementation of measures to control access to patient information. Encryption Methods and Data Integrity Measures scored 4.3, highlighting robust practices in securing and maintaining the integrity of EHR data. Audit Trail Functionalities and Incident Response Protocols scored 4.2, indicating effective mechanisms for tracking access to records and responding to security incidents. The total score of 22 ± 1.5 suggests high overall compliance with EHR privacy and security requirements, with minimal variability in assessment outcomes.

Table 6 displays the mean scores and standard deviations for each function of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The framework is designed to enhance cybersecurity practices across healthcare settings, focusing on five core functions: Identify, Protect, Detect, Respond, and Recover. Protect achieved the highest mean score of 3.8, indicating strong implementation of measures to protect against cybersecurity threats. Identify, Respond, and Recover scored similarly at 3.7, highlighting robust capabilities in identifying assets, responding to incidents, and recovering from cybersecurity events. Detect scored slightly lower at 3.6, suggesting areas for potential improvement in detecting and mitigating threats. The total score of 18 ± 2 reflects generally effective cybersecurity practices with moderate variability in implementation across functions.

The correlation matrix (Table  7 ) reveals significant relationships among key frameworks for assessing healthcare data security and privacy measures. These tools include the Health Insurance Portability and Accountability Act (HIPAA) Compliance Checklist, Privacy Impact Assessment (PIA) Tool, Data Sharing Agreement (DSA) Framework, Electronic Health Record (EHR) Privacy and Security Assessment Tool, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Strong positive correlations were found between HIPAA Compliance and both EHR Privacy and Security ( r  = 0.70, p  < 0.05) and NIST Cybersecurity Framework ( r  = 0.55, p  < 0.05), indicating that adherence to HIPAA regulations often coincides with robust electronic health record protections and cybersecurity practices. The PIA Tool demonstrated moderate positive correlations with the DSA Framework ( r  = 0.55, p  < 0.05) and EHR Privacy and Security ( r  = 0.60, p  < 0.05), underscoring the alignment between thorough privacy impact assessments and effective data sharing agreements and EHR security measures. These findings highlight the interconnectedness of regulatory compliance and proactive privacy measures in ensuring comprehensive healthcare data protection across organisational settings.

Nurses are pivotal in the healthcare system, and their expertise spans various domains, from clinical practice to administrative roles, influencing the quality and delivery of healthcare services. In recent years, the evolving healthcare landscape has underscored the need for nurses to navigate complex challenges such as patient privacy, data security, and regulatory compliance, are crucial for safeguarding patient information and maintaining trust and integrity within healthcare settings. This study explored the efficacy of several frameworks and tools designed to enhance data privacy and security measures, aiming to empower nurses with comprehensive strategies that align with regulatory standards and promote optimal patient care outcomes [ 46 , 47 ].

The high mean scores in administrative safeguards (mean = 3.8, SD = 0.5) and technical safeguards (mean = 3.7, SD = 0.6) reflected a strong commitment to data privacy and security within the healthcare sector. These findings indicated that some healthcare organisations are implementing measures to secure electronic protected health information (ePHI) and manage access controls effectively. However, there remains variability that needs addressing. The lower scores in physical safeguards (mean = 3.5, SD = 0.7) and organisational requirements (mean = 3.6, SD = 0.8) highlight areas where further attention is needed. The variability in these scores suggests potential challenges in implementing physical security measures and ensuring consistent policy documentation and workforce training. Previous studies highlighted the importance of comprehensive physical security measures and consistent organisational policies in maintaining overall compliance [ 48 , 49 , 50 , 51 , 52 , 53 , 54 , 55 , 56 ].

Regarding the Privacy impact assessment, high scores in project descriptions (mean = 4.5, SD = 0.3) and data storage and security strategies (mean = 4.4, SD = 0.4) suggested thorough documentation and robust security measures are in place, effectively identifying and mitigating privacy risks associated with new projects and data handling practices. However, the variability in scores across different sections of the PIA Tool indicated a need for continuous improvement in data usage, sharing practices, and risk mitigation methods, where consistent implementation may vary. These findings are consistent with previous studies that emphasised the need for comprehensive project documentation and secure data handling practices [ 57 , 58 , 59 , 60 , 61 , 62 , 63 , 64 , 65 ].

Concerning the data sharing agreement, the high scores in Data Protection Measures (mean = 4.0, SD = 0.4) indicated robust safeguards for data security. The purpose of data sharing and roles and responsibilities also performed well, reflecting clear definitions of data sharing objectives and roles. However, the moderate score variability indicated challenges in uniformly implementing consent management practices and data use terms. Prior studies also support the critical role of well-defined data-sharing agreements in balancing data utility and privacy protection [ 66 , 67 , 68 , 69 ].

In terms of electronic health record privacy and security assessment, high scores in access controls (mean = 4.4, SD = 0.3), encryption methods, and data integrity measures (mean = 4.3) reflected advancements in technology and policies aimed at enhancing data protection in healthcare settings, highlighting effective implementation of access management protocols. However, the minor variability in scores suggested room for improvement in incident response protocols. These findings were consistent with literature advocating for robust access controls and encryption methods to mitigate risks associated with EHR breaches [ 70 , 71 , 72 , 73 , 74 , 75 ].

With respect to the NIST Cybersecurity Framework , the high scores in the Protect function (mean = 3.8) indicated strong measures to protect healthcare information systems from cybersecurity threats. The identify, respond, and recover functions also scored well (mean = 3.7), highlighting robust capabilities in identifying assets, responding to incidents, and recovering from cyber-attacks. However, the slightly lower score in the detect function (mean = 3.6) suggested areas for improvement in detecting and mitigating cybersecurity threats. These results were supported by research emphasising the effectiveness of the NIST framework in enhancing cybersecurity resilience across various sectors, including healthcare [ 76 , 77 , 78 , 79 , 80 , 81 , 82 ].

Moreover, the current study revealed significant relationships among key frameworks used to assess healthcare data security and privacy measures, underscoring the interconnectedness of regulatory compliance efforts and proactive privacy measures. For instance, strong positive correlations were found between HIPAA Compliance and both EHR Privacy and Security ( r  = 0.70, p  < 0.05) and the NIST Cybersecurity Framework ( r  = 0.55, p  < 0.05), indicating that adherence to HIPAA regulations often coincides with robust electronic health record protections and cybersecurity practices. The PIA Tool demonstrated moderate positive correlations with the DSA Framework ( r  = 0.55, p  < 0.05) and EHR Privacy and Security ( r  = 0.60, p  < 0.05), highlighting the alignment between thorough privacy impact assessments and effective data sharing agreements and EHR security measures. These findings suggested that while certain frameworks complement each other well, there may be specific areas where improvements could enhance overall data security posture [ 83 , 84 , 85 ].

Study Limitations

This study has several notable limitations. Firstly, the cross-sectional design captures data at a single point in time, which may not fully reflect the dynamic nature of digital healthcare environments and evolving privacy challenges. Future research could address this by employing a longitudinal design to track how privacy and care coordination evolve with changes in technology and regulations. Secondly, the study was conducted at a single hospital, which may limit the generalizability of the findings to other healthcare settings with different digital infrastructures and privacy practices. Including multiple healthcare settings with diverse digital systems and privacy practices in future studies could enhance the applicability of the findings.

Additionally, the reliance on self-reported data from nurses introduces potential response bias, as participants may overstate their adherence to privacy and security protocols, resulting in inflated compliance rates. The exclusion of nurses on extended leave or those in administrative roles also limits the study's comprehensiveness. These groups might have unique insights or experiences related to confidentiality and care coordination that are not captured in the current study. Finally, while the study used validated tools, the rapid evolution of digital health technologies means that these tools may quickly become outdated. The changing landscape of technology and privacy standards can affect the relevance and accuracy of the assessment instruments. Addressing these limitations in future studies will provide more comprehensive understanding of privacy and care coordination in digital healthcare environments and improve the relevance and applicability of the findings across different contexts and periods.

Conclusion and recommendations

In conclusion, this study underscores the crucial role of nurses in ensuring robust data privacy and security within healthcare settings. The findings reveal high compliance with HIPAA regulations, particularly in administrative and technical safeguards, and strong performance in project descriptions and data storage strategies. The adherence to data privacy and sharing protocols, effective EHR security measures, and alignment with the NIST Cybersecurity Framework reflect a comprehensive approach to data protection. However, the variability in certain areas, such as physical safeguards, organisational requirements, and detection measures, highlights the need to continuously enhance data security practices to maintain the integrity and trust essential in healthcare. Investing in continuous training programs for nurses is crucial. Healthcare organisations should provide regular, specialised training addressing emerging privacy regulations, cybersecurity threats, and best practices. Upgrading physical security measures, such as access controls and surveillance, and ensuring that all organisational policies and procedures are up-to-date with current regulations will help achieve comprehensive HIPAA compliance.

Another key recommendation is to standardise and enhance consent management practices and data use terms. Organisations should develop clear, standardised consent forms and data use agreements, implement automated systems for tracking and managing consent, and regularly review and update these policies to reflect regulation changes. Additionally, conducting regular audits and updating detection measures is vital for improving overall cybersecurity posture. Lastly, fostering a culture of continuous improvement and proactive privacy management within healthcare organisations is essential. Encouraging open communication about privacy and security concerns, rewarding compliance and proactive measures, and engaging staff in regular discussions about privacy and security initiatives will contribute to a robust privacy management culture.

Study Implications

The findings of this study offer several actionable insights for healthcare practice, policy, and future research.

Healthcare Practice: The study highlights the critical need for continuous and comprehensive training for nurses on digital health privacy and security protocols. Specific recommendations include developing targeted training programs that address emerging privacy threats and technologies. Additionally, integrating privacy and security training into onboarding processes for new staff can ensure that all personnel are up-to-date with best practices from the start.

Policy: Policymakers should prioritise the development of detailed guidelines that address the specific challenges posed by these technologies, such as data sharing and electronic health records. Recommendations include establishing clear standards for data encryption, access controls, and consent management. Regular policy reviews and updates are necessary to keep pace with technological advancements and ensure ongoing protection of patient confidentiality.

Future Research: Longitudinal studies are needed to assess how implementing digital health technologies impacts patient privacy and care coordination over time. Future studies could also focus on developing and validating new assessment tools that reflect the latest technological advancements and privacy challenges. Investigating the role of interdisciplinary approaches, combining insights from cybersecurity experts and healthcare practitioners, could further enhance privacy and security measures in digital health environments.

Availability of data and materials

Data sharing is not applicable to this article as no datasets were generated or analysed during the current study.

Data availability

No datasets were generated or analysed during the current study.

Stoumpos AI, Kitsios F, Talias MA. Digital Transformation in Healthcare: Technology Acceptance and Its Applications. Int J Environ Res Public Health. 2023;20(4):1–44. https://doi.org/10.3390/ijerph20043407 .

Article   PubMed   PubMed Central   Google Scholar  

Yigzaw, K. Y., Olabarriaga, S. D., Michalas, A., Marco-Ruiz, L., Hillen, C., Verginadis, Y., ... & Chomutare, T. (2022). Health data security and privacy: Challenges and solutions for the future. Roadmap to Successful Digital Health Ecosystems, 335–362.‏

Varkey B. Principles of Clinical Ethics and Their Application to Practice. Medical principles and practice : international journal of the Kuwait University, Health Science Centre. 2021;30(1):17–28. https://doi.org/10.1159/000509119 .

Article   PubMed   Google Scholar  

McGraw D, Mandl KD. Privacy protections to encourage use of health-relevant digital data in a learning health system. NPJ digital medicine. 2021;4(1):2.

Mumtaz H, Riaz MH, Wajid H, Saqib M, Zeeshan MH, Khan SE, Chauhan YR, Sohail H, Vohra LI. Current challenges and potential solutions to the use of digital health technologies in evidence generation: a narrative review. Frontiers in digital health. 2023;5:1203945. https://doi.org/10.3389/fdgth.2023.1203945 .

Karam M, Chouinard MC, Poitras ME, Couturier Y, Vedel I, Grgurevic N, Hudon C. Nursing Care Coordination for Patients with Complex Needs in Primary Healthcare: A Scoping Review. Int J Integr Care. 2021;21(1):16. https://doi.org/10.5334/ijic.5518 .

Albertson EM, Chuang E, O’Masta B, Miake-Lye I, Haley LA, Pourat N. Systematic Review of Care Coordination Interventions Linking Health and Social Services for High-Utilizing Patient Populations. Popul Health Manag. 2022;25(1):73–85. https://doi.org/10.1089/pop.2021.0057 .

Househ M, Grainger R, Petersen C, Bamidis P, Merolli M. Balancing Between Privacy and Patient Needs for Health Information in the Age of Participatory Health and Social Media: A Scoping Review. Yearb Med Inform. 2018;27(1):29–36. https://doi.org/10.1055/s-0038-1641197 .

Abuhammad S, Alzoubi KH, Al-Azzam SI, Karasneh RA. Knowledge and Practice of Patients’ Data Sharing and Confidentiality Among Nurses in Jordan. J Multidiscip Healthc. 2020;13:935–42. https://doi.org/10.2147/JMDH.S269511 .

Shah SM, Khan RA. Secondary use of electronic health record: Opportunities and challenges. IEEE access. 2020;8:136947–65.

Article   Google Scholar  

Butler JM, Gibson B, Lewis L, Reiber G, Kramer H, Rupper R, Herout J, Long B, Massaro D, Nebeker J. Patient-centered care and the electronic health record: exploring functionality and gaps. JAMIA open. 2020;3(3):360–8. https://doi.org/10.1093/jamiaopen/ooaa044 .

Paul M, Maglaras L, Ferrag MA, Almomani I. Digitisation of healthcare sector: A study on privacy and security concerns. ICT Express. 2023;9(4):571–88.

Jawad LA. Security and Privacy in Digital Healthcare Systems: Challenges and Mitigation Strategies. Abhigyan. 2024;42(1):23–31.

Google Scholar  

Haleem A, Javaid M, Singh RP, Suman R. Telemedicine for healthcare: Capabilities, features, barriers, and applications. Sensors international. 2021;2: 100117. https://doi.org/10.1016/j.sintl.2021.100117 .

Anawade PA, Sharma D, Gahane S. A Comprehensive Review on Exploring the Impact of Telemedicine on Healthcare Accessibility. Cureus. 2024;16(3): e55996. https://doi.org/10.7759/cureus.55996 .

Houser SH, Flite CA, Foster SL. Privacy and Security Risk Factors Related to Telehealth Services - A Systematic Review. Perspect Health Inf Manag. 2023;20(1):1f.

PubMed   PubMed Central   Google Scholar  

Sherman KA, Kilby CJ, Pehlivan M, Smith B. Adequacy of measures of informed consent in medical practice: A systematic review. PLoS ONE. 2021;16(5): e0251485.

Article   CAS   PubMed   PubMed Central   Google Scholar  

Madanian S, Nakarada-Kordic I, Reay S. Patients’ perspectives on digital health tools. PEC innovation. 2023;2: 100171.

Ewuoso, C., Hall, S., & Dierickx, K. (2021). How do healthcare professionals respond to ethical challenges regarding information management? A review of empirical studies.  Global bioethics = Problemi di bioetica ,  32 (1), 67–84. https://doi.org/10.1080/11287462.2021.1909820

Bhati D, Deogade MS, Kanyal D. Improving Patient Outcomes Through Effective Hospital Administration: A Comprehensive Review. Cureus. 2023;15(10): e47731. https://doi.org/10.7759/cureus.47731 .

Wang C, Chen X, Yu T, Liu Y, Jing Y. Education reform and change driven by digital technology: a bibliometric study from a global perspective. Humanities and Social Sciences Communications. 2024;11(1):1–17.

Ryan T. Facilitators of person and relationship-centred care in nursing. Nurs Open. 2022;9(2):892–9. https://doi.org/10.1002/nop2.1083 .

Habibi-Koolaee M, Safdari R, Bouraghi H. Nurses readiness and electronic health records. Acta informatica medica : AIM : journal of the Society for Medical Informatics of Bosnia & Herzegovina : casopis Drustva za medicinsku informatiku BiH. 2015;23(2):105–7. https://doi.org/10.5455/aim.2015.23.105-107 .

Khatri R, Endalamaw A, Erku D, Wolka E, Nigatu F, Zewdie A, Assefa Y. Continuity and care coordination of primary health care: a scoping review. BMC Health Serv Res. 2023;23(1):750.

Alderwick H, Hutchings A, Briggs A, Mays N. The impacts of collaboration between local health care and non-health care organisations and factors shaping how they work: a systematic review of reviews. BMC Public Health. 2021;21:1–16.

Awais M, Ali A, Khattak MS, Arfeen MI, Chaudhary MAI, Syed A. Strategic Flexibility and Organisational Performance: Mediating Role of Innovation. SAGE Open. 2023;13(2):21582440231181430.

Oh SR, Seo YD, Lee E, Kim YG. A Comprehensive Survey on Security and Privacy for Electronic Health Data. Int J Environ Res Public Health. 2021;18(18):9668. https://doi.org/10.3390/ijerph18189668 .

Martin LT, Nelson C, Yeung D, Acosta JD, Qureshi N, Blagg T, Chandra A. The Issues of Interoperability and Data Connectedness for Public Health. Big data. 2022;10(S1):S19–24. https://doi.org/10.1089/big.2022.0207 .

Torab-Miandoab A, Samad-Soltani T, Jodati A, Rezaei-Hachesu P. Interoperability of heterogeneous health information systems: a systematic literature review. BMC Med Inform Decis Mak. 2023;23(1):18. https://doi.org/10.1186/s12911-023-02115-5 .

Raab CD. Information privacy, impact assessment, and the place of ethics. Comput Law Secur Rev. 2020;37: 105404.

Westin AF. Privacy and Freedom. Atheneum; 1967.

Venkatesh V, Morris MG, Davis GB, Davis FD. User acceptance of information technology: Toward a unified view. MIS Q. 2010;27(3):425–78.

Davis FD. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 1989;13(3):319–40.

Beauchamp, T. L., & Childress, J. F. (2013). Principles of biomedical ethics (7th ed.). Oxford University Press.

Grady C. Ethical issues in health informatics. Health Information Science and Systems. 2015;3(1):1–7.

Rogers, E. M. (2003). Diffusion of innovations (5th ed.). Free Press.

Conlon D, Raeburn T, Wand T. Nurses’ understanding of their duty of confidentiality to patients in mental health care: A qualitative exploratory study. Collegian. 2024;31(3):144–53.

Karam, M., Chouinard, M. C., Poitras, M. E., Couturier, Y., Vedel, I., Grgurevic, N., & Hudon, C. (2021). Nursing care coordination for patients with complex needs in primary healthcare: a scoping review. International Journal of Integrated Care, 21(1):16. https://ijic.org/articles/10.5334/ijic.5518 .‏

Daniel WW. Biostatistics: a foundation for analysis in the health sciences. þWiley, 1978.

U.S. Department of Health and Human Services. (2022). Health Insurance Portability and Accountability Act (HIPAA). Retrieved from https://www.hhs.gov/hipaa/index.html

Wright D, De Hert P. Privacy Impact Assessment. Springer. 2012. https://doi.org/10.1007/978-94-007-2543-0 .

Article   PubMed Central   Google Scholar  

European Union Agency for Cybersecurity. (2018). Data Sharing Agreements: A Practical Guide. Retrieved from https://www.enisa.europa.eu/publications/data-sharing-agreements

Centers for Medicare & Medicaid Services. (2023). EHR Privacy and Security Requirements. Retrieved from https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/PrivacyandSecurity

National Institute of Standards and Technology. (2018). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from https://www.nist.gov/cyberframework

Swanson M, Wong ST, Martin-Misener R, Browne AJ. The role of registered nurses in primary care and public health collaboration: A scoping review. Nurs Open. 2020;7(4):1197–207. https://doi.org/10.1002/nop2.496 .

Ten Ham-Baloyi W. (2022). Nurses’ roles in changing practice through implementing best practices: A systematic review. Health SA = SA Gesondheid, 27, 1776. https://doi.org/10.4102/hsag.v27i0.1776

Parks R, Xu H, Chu CH, Lowry PB. Examining the intended and unintended consequences of organisational privacy safeguards. Eur J Inf Syst. 2017;26(1):37–65.

Mehraeen E, Ayatollahi H, Ahmadi M. Health Information Security in Hospitals: the Application of Security Safeguards. Acta informatica medica : AIM : journal of the Society for Medical Informatics of Bosnia & Herzegovina : casopis Drustva za medicinsku informatiku BiH. 2016;24(1):47–50. https://doi.org/10.5455/aim.2016.24.47-50 .

Sharma, P., Bir, J., & Prakash, S. (2023, December). Navigating Privacy and Security Challenges in Electronic Medical Record (EMR) Systems: Strategies for Safeguarding Patient Data in Developing Countries–A Case Study of the Pacific. In International Conference on Medical Imaging and Computer-Aided Diagnosis (pp. 375–386). Singapore: Springer Nature Singapore.‏ Peikari, H. R., Shah, M. H., & Lo, M. C. (2018). Patients' perception of the information security management in health centers: The role of organisational and human factors. BMC medical informatics and decision making, 18, 1–13.‏

Choudhury A. Toward an ecologically valid conceptual framework for the use of artificial intelligence in clinical settings: need for systems thinking, accountability, decision-making, trust, and patient safety considerations in safeguarding the technology and clinicians. JMIR Hum Factors. 2022;9(2): e35421.

Okolo CA, Ijeh S, Arowoogun JO, Adeniyi AO, Omotayo O. Reviewing the impact of health information technology on healthcare management efficiency. International Medical Science Research Journal. 2024;4(4):420–40.

Solbakken R, Bondas T, Kasén A. Safeguarding the patient in municipal healthcare—A hermeneutic focus group study of Nordic nursing leadership. J Nurs Manag. 2019;27(6):1242–50.

Hoffman S, Podgurski A. Balancing Privacy, Autonomy, and Scientific Needs In Electronic Health Records Research. SMU law review : a publication of Southern Methodist University School of Law. 2012;65(1):85–144.

PubMed   Google Scholar  

Landoll, D. (2021).  The security risk assessment handbook: A complete guide for performing security risk assessments . CRC press.‏

Kessler SR, Pindek S, Kleinman G, Andel SA, Spector PE. Information security climate and the assessment of information security risk among healthcare employees. Health Informatics J. 2020;26(1):461–73.

Brotherston, L., Berlin, A., & Reyor III, W. F. (2024).  Defensive security handbook . "O'Reilly Media, Inc.".‏

Bennett, C. J., & Raab, C. D. (2017).  The governance of privacy: Policy instruments in global perspective . Routledge.‏

Fawzy, A., Tahir, A., Galster, M., & Liang, P. (2024). Data Management Challenges in Agile Software Projects: A Systematic Literature Review. arXiv preprint arXiv:2402.00462 .‏

Humayun M, Niazi M, Almufareh MF, Jhanjhi NZ, Mahmood S, Alshayeb M. Software-as-a-service security challenges and best practices: A multivocal literature review. Appl Sci. 2022;12(8):3953.

Article   CAS   Google Scholar  

Li ZS, Werner C, Ernst N, Damian D. Towards privacy compliance: A design science study in a small organisation. Inf Softw Technol. 2022;146: 106868.

Stanciu, A. (2023). Data Management Plan for Healthcare: Following FAIR Principles and Addressing Cybersecurity Aspects. A Systematic Review using InstructGPT. medRxiv, 2023–04.‏

European Commission. (2018). General Data Protection Regulation (GDPR). https://ec.europa.eu/info/law/law-topic/data-protection_en

Duckert, M., & Barkhuus, L. (2022). Protecting Personal Health Data through Privacy Awareness: A study of perceived data privacy among people with chronic or long-term illness. Proceedings of the ACM on Human-Computer Interaction, 6(GROUP), 1–22.‏

Khalid N, Qayyum A, Bilal M, Al-Fuqaha A, Qadir J. Privacy-preserving artificial intelligence in healthcare: Techniques and applications. Comput Biol Med. 2023;158: 106848.

Ducato R. Data protection, scientific research, and the role of information. Comput Law Secur Rev. 2020;37: 105412.

Xiang D, Cai W. Privacy Protection and Secondary Use of Health Data: Strategies and Methods. Biomed Res Int. 2021;2021:6967166. https://doi.org/10.1155/2021/6967166 .

Keshta I, Odeh A. Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal. 2021;22(2):177–83.

Fernández-Alemán JL, Señor IC, Lozoya PÁO, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform. 2013;46(3):541–62.

Banerjee, S., Barik, S., Das, D., & Ghosh, U. (2023, October). EHR Security and Privacy Aspects: A Systematic Review. In  IFIP International Internet of Things Conference  (pp. 243–260). Cham: Springer Nature Switzerland.‏

Negro-Calduch E, Azzopardi-Muscat N, Krishnamurthy RS, Novillo-Ortiz D. Technological progress in electronic health record system optimisation: Systematic review of systematic literature reviews. Int J Med Informatics. 2021;152: 104507. https://doi.org/10.1016/j.ijmedinf.2021.104507 .

Negro-Calduch E, Azzopardi-Muscat N, Krishnamurthy RS, Novillo-Ortiz D. Technological progress in electronic health record system optimisation: Systematic review of systematic literature reviews. Int J Med Informatics. 2021;152: 104507.

He Y, Aliyu A, Evans M, Luo C. Health Care Cybersecurity Challenges and Solutions Under the Climate of COVID-19: Scoping Review. J Med Internet Res. 2021;23(4): e21747. https://doi.org/10.2196/21747 .

Coventry L, Branley D. Cybersecurity in healthcare: A narrative review of trends, threats and ways forward. Maturitas. 2018;113:48–52.

Javaid M, Haleem A, Singh RP, Suman R. Towards insighting cybersecurity for healthcare domains: A comprehensive review of recent practices and trends. Cyber Security and Applications. 2023;1: 100016.

Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., ... & Flahault, A. (2020). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks.  BMC medical informatics and decision making ,  20 , 1–10.‏

Alanazi AT. Clinicians’ Perspectives on Healthcare Cybersecurity and Cyber Threats. Cureus. 2023;15(10): e47026. https://doi.org/10.7759/cureus.47026 .

Kruse CS, Frederick B, Jacobson T, Monticone DK. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and health care : official journal of the European Society for Engineering and Medicine. 2017;25(1):1–10. https://doi.org/10.3233/THC-161263 .

Roland D, Spurr J, Cabrera D. Preliminary evidence for the emergence of a health care online community of practice: using a netnographic framework for Twitter hashtag analytics. J Med Internet Res. 2017;19(7): e252.

Tse J, Schrader DE, Ghosh D, Liao T, Lundie D. A bibliometric analysis of privacy and ethics in IEEE Security and Privacy. Ethics Inf Technol. 2015;17:153–63.

Tawalbeh LA, Muheidat F, Tawalbeh M, Quwaider M. IoT Privacy and security: Challenges and solutions. Appl Sci. 2020;10(12):4102.

Download references

Acknowledgements

The authors thank all the nurses who participated in our study. This study is supported via funding from Prince Sattam bin Abdulaziz University project number (PSAU/2024/R/1445). Also; The authors would like to thank Al-Maarefa University, Riydah, Saudi Arabia for supporting this research.

This study is supported via funding from Prince Sattam bin Abdulaziz University project number (PSAU/2024/R/1445).

Author information

Authors and affiliations.

College of Nursing, Prince Sattam Bin Abdulaziz University, Alkarj, Saudi Arabia

Ateya Megahed Ibrahim, Hassanat Ramadan Abdel-Aziz, Donia Elsaid Fathi Zaghamir & Nadia Mohamed Ibrahim Wahba

Family and Community Health Nursing Department, Faculty of Nursing, Port Said University, Port Said City, Port Said, 42526, Egypt

Ateya Megahed Ibrahim

Gerontological Nursing Department, Faculty of Nursing, Zagazig University, Zagazig, Egypt

Hassanat Ramadan Abdel-Aziz

Community Health Nursing Department, Faculty of Nursing, Mansoura University, Mansoura City, Dakahlia, Egypt

Heba Ali Hamed Mohamed

Pediatric Nursing Department, Faculty of Nursing, Port Said University, Port Said City, 42526, Egypt

Donia Elsaid Fathi Zaghamir

Psychiatric Nursing and Mental Health Department, Faculty of Nursing, Port Said University, Port Said, 42526, Egypt

Nadia Mohamed Ibrahim Wahba

Pediatric Nursing Department, Faculty of Nursing, Menoufia University, Shibin el Kom, Egypt

Ghada. A. Hassan

Community Health Nursing Department, College of Nursing, Jouf University, Sakaka, Al Jouf, 72388, Saudi Arabia

Mostafa Shaban

Department of Basic Medical Sciences, College of Medicine, AlMaarefa University, P.O.Box 71666, 11597, Riyadh, Saudi Arabia

Mohammad EL-Nablaway

Department of Medical and Surgical Nursing, Northern Border University, Arar, Saudi Arabia

Ohoud Naif Aldughmi

Nursing Leadership Department, Nursing College, Northern Border University, Arar, Saudi Arabia

Taghreed Hussien Aboelola

You can also search for this author in PubMed   Google Scholar

Contributions

A.I. made the conception and design of the study; acquisition of data; or analysis and interpretation of data. H.A. made the conception and design of the study; acquisition of data; or analysis and interpretation of data. H.M.D.Z. and N.W. G.H. M.S. M.E. drafted the article, revising it critically for important intellectual content. A.I. O.A. and T.A. Wrote the paper and edition. All the authors revised and agreed on publication.

Corresponding author

Correspondence to Ateya Megahed Ibrahim .

Ethics declarations

Ethics approval and consent to participate.

Ethical approval was obtained from the Research Ethics Committee (REC) at the Faculty of Nursing, Zagazig University, Egypt. The study protocol was reviewed and granted ethical clearance under code ID/Zu.Nur.REC#:0067.

Consent for publication

Not applicable.

Competing interests

The authors declare no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Ibrahim, A.M., Abdel-Aziz, H.R., Mohamed, H.A.H. et al. Balancing confidentiality and care coordination: challenges in patient privacy. BMC Nurs 23 , 564 (2024). https://doi.org/10.1186/s12912-024-02231-1

Download citation

Received : 17 July 2024

Accepted : 06 August 2024

Published : 15 August 2024

DOI : https://doi.org/10.1186/s12912-024-02231-1

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

• Care coordination
• Digital health
• HIPAA compliance
• Patient confidentiality
• Privacy frameworks

BMC Nursing

ISSN: 1472-6955

• General enquiries: [email protected]