Abstract
Background: The Picture Archiving and Communication System (PACS) has led to an increase
in breached health records and violation of patient confidentiality. The South African
constitution makes provision for human dignity and privacy, virtues which
confidentiality seeks to preserve. Confidentiality thus constitutes a human right which is
challenged by the use of technology.
Humans, as managers of information technology, constitute the weakest link in safeguarding
confidentiality. Nonetheless, it is argued that most security breaches are nonintentionally
committed by well-meaning employees during routine activities.
Objective: The purpose of this article is to explore the nature of and reasons for confidentiality
breaches by PACS users in a South African context.
Methods: A closed-ended questionnaire was used to collect quantitative data from 115
health professionals employed in a private hospital setting, including its radiology
department and a second independent radiology department. The questionnaire sought to
explore the attitudes of participants towards confidentiality breeches and reasons for such
behaviour.
Results: Breach incidences were expressed as percentage compliance and classified according
to the nature and reasons provided by Sarkar's breach classification. Cross tabulations
indicated a statistical significance (p < 0.00) between the expected and observed
confidentiality practices of participants and also the adequacy of training, system knowledge
and policy awareness.
Conclusion: Our study supports previous findings that, in the absence of guidelines, most
security breaches were non-intentional acts committed due to ignorance. Of concern are
incidents in which sensitive information was intentionally shared via social media.