| dc.description.abstract | In order to enhance efficiency and effectiveness in the healthcare sector an Electronic Health Record (EHR) system, is being used for patients' information management. The EHR system contains sensitive patient information used as reference for further treatment. This information attracts information security breaches from malicious people directed to patients exposing them to harm such as ostracism, financial loses, blackmail and individual embarrassment. The purpose of this study was to develop an EHR information security model that will enhance security of patients' information. The objectives of this study were to investigate the nature of information security threats that exist when using EHR, to identify and assess the existing information security measures used to control the information security threats, to evaluate the effectiveness of implemented security controls and finally to propose security controls that will be used to enhance EHR security. This study adopted a cross-sectional exploratory research design. The study was done at Jaramogi Oginga Odinga Teaching and Referral Hospital (JOOTRH) in Kisumu, a level five (5) hospital serving a population of more than 5.6 million patients across more than six counties. The target population of the study was 385 staff. Purposive sampling was used to select participants. A sample size of 196 participants was obtained from Israel (2003) table of sample size for small populations table which used Yamane (1967) formula and an alpha value of 0.05 was set. A Likert scale designed questionnaire was used to collect qualitative data. Data analysis was done using SPSS version 20 software. Percentages, correlations and a binary logistic regression analysis were obtained to present the findings. The study realized that hacking, lack of training, malware, misuse and computer sharing are some of the major threats that face the EHR system. It was also established that the security controls implemented at the facility were not adequate for the security of EHR. The study found out that implementation of a single security control has no effect on EHR security. The outcome of the research was a binary logistic regression equation model that will be used to predict the security of EHR system based on the implementation of the physical, technical and administrative information security controls. The EHR security model developed will assist JOOTRH hospital to effectively implement security measures in their EHR systems so as to protect patients' information depending on the budget they have. This security model will help in protecting patient information for use by research institutions. This model will also be used as a benchmark for information security implementation within Kenyan hospitals. Effective control of information threats and risks will enhance patients' confidence in disclosing their illnesses to doctors without fear of being exposed thereby improving patient-doctor relationship and reducing mortality rates. The study recommends all health facilities to adopt the suggested information security model to assist them meet the MoH standards outlined in the "EMR systems in Kenya" document. | en_US |