Abstract
A concern in the South African healthcare sector has been how to better secure medical
information from unauthorised access, which may be through intentional or unintentional
behaviour of users. The lack of user awareness and user acceptance of user access on medical
information systems, particularly in the healthcare sector of South Africa, is a challenging issue
in the area of the security of information. The challenge results in breaches to information
stored in medical information systems, fraud, and medical identity theft. This study focuses on
awareness and acceptance of secure access control using fingerprint and smart-card
authentication to access medical systems by raising user awareness and improving acceptance
of the technology. The security of patient health records stored in the medical information
systems plays a substantial role in the hospital organisation of South Africa. Patients’ medical
records are classified as sensitive by the National Department of Health in South Africa, and
such information needs a high level of confidentiality and security from access by unauthorised
individuals, be it internal or external access. Since the use of electronic medical records is
progressing quickly, the need to train and educate users increases as a result. This training is
necessitated to ensure that users are aware of the risks and vulnerabilities to information, and
that they accept the responsibility to securely access information and protect the confidentiality
and privacy of this information. Controlling access in environments, such as the healthcare
sector of South Africa, where a large amount of confidential medical information is kept, is
important for all citizens. A better solution is required to protect the privacy of electronic
medical records in the healthcare sector, since the lack of proper access-control mechanisms
increases the risk of vulnerabilities to patient health information saved in medical information
systems, such as fraud, corruption, and theft. The use of a fingerprint biometric system provides
an advantage over password-based authenticators due to the unique characteristics which a user
presents, thereby restricting unauthorised access. Smart cards are useful and effective for the
protection against attacks due to their encryption technologies, flexibility in authenticating a
user, and its requirement for a user to possess it. Smart cards, combined with biometrics for
authentication to medical systems, are created by storing the biometric template on the smart
card. The study followed a qualitative and interpretive research design to collect data using
survey questions, and observation of participants. The participants include the Records
Management Unit, Information Management Unit, Records Manager, and ICT Manager at the
hospital. This study proposes a hospital access control-based framework for user awareness...
M.Sc. (Informatics)