Examination of Data Protection Ethical Guidelines Adopted by Kenyatta National Hospital to Protect Its Healthcare System
DOI:
https://doi.org/10.70619/vol5iss10pp22-36Keywords:
Data Protection Ethical Guidelines, Kenyatta National Hospital, Healthcare SystemAbstract
The study examined data protection ethical guidelines adopted by Kenyatta National Hospital to protect its healthcare system. This study adopted a descriptive research design to examine cybersecurity threats and countermeasures within the healthcare sector, focusing specifically on Kenyatta National Hospital (KNH). The target population includes all staff categories involved in patient care, information management, and IT infrastructure. The accessible population consisted of 5,983 staff who were available and consented to participate in the study during the data collection period. A stratified random sampling technique was deemed the most appropriate. The sample size of 370 respondents was determined based on a population of 4,933 staff members relevant to the study (clinical staffs, ICT, and health records and admin staffs) out of an approximate total population of 5,983(total staffs at KNH). Across the five key items assessed, the overall mean is 3.94, with a standard deviation of 1.17 and a variance of 1.38. These results indicate a general agreement among respondents that KNH upholds ethical standards in managing patient information, with moderate variability suggesting some differences in perceptions regarding the consistency and effectiveness of these practices. The item "KNH has a documented code of ethics that defines how patient data should be accessed, stored, shared, and protected to ensure responsible use" recorded a mean score of 3.83 (SD 1.17, Var 1.36). This reflects agreement that a formal ethical framework exists to guide responsible data management, although the moderate variability points to some differences in how clearly this code is understood or implemented across the hospital. The conclusion drawn is that ethical norms play a foundational role in sustaining secure digital environments in healthcare. When these guidelines are well-communicated and embedded in practice, they promote responsible system use and help bridge gaps left by technological or legal limitations. Thus, a values-driven approach to cybersecurity is critical for institutional resilience. Ethical data protection guidelines were identified as the strongest predictor of an effective cybersecurity framework. However, inconsistencies in training and partial enforcement were noted. The study recommends that KNH should institutionalize ethical guidelines by embedding them into everyday workflows, onboarding protocols, and performance appraisals. Comprehensive, role-specific training should be offered consistently across all departments. Furthermore, the management should develop an e-learning module on healthcare data ethics, tailored to job functions (clinicians, IT staff, and administrative personnel), and make certification mandatory on an annual basis.
References
Abdullah, R., Hamid, N. A. A., & Jaber, M. M. (2020). Cybersecurity in healthcare: A systematic review of modern threats and solutions. Health Informatics Journal, 26(2), 981–1000.
Adebayo, A. M., Olamijulo, J. A., & Fapohunda, T. M. (2021). Ethical issues in health information management in Nigeria. Nigerian Journal of Health Sciences, 21(1), 34–41.
Alahmari, S., Alghamdi, A., & Khalid, A. (2023). Integrating ethical awareness and cybersecurity practices among healthcare employees: A training-based study. Journal of Medical Systems, 47(2), 25.
Almutairi, M., Sarfraz, M., & Siddiqui, M. (2020). Insider threat mitigation in healthcare environments: A review of practices and policy gaps. International Journal of Information Management, 50(1), 228–235.
Barcanescu, E. D. (2021). Informed consent in the digital age: Legal and ethical dimensions in medical data protection. Journal of Medical Ethics and History of Medicine, 14(1), 22–31.
Baxter, G., & Sommerville, I. (2011). Socio-technical systems: From design methods to systems engineering. Interacting with Computers, 23(1), 4–17.
Beauchamp, T. L., & Childress, J. F. (2019). Principles of Biomedical Ethics (8th Ed.). Oxford University Press.
Choi, Y., Park, J., & Kim, H. (2019). Ethical management of patient data in digital healthcare: Global practices and local implications. International Journal of Medical Informatics, 129(1), 132–138.
CIPIT. (2021). Healthcare data governance in Kenya: Challenges and Recommendations. Centre for IP and IT Law, Strathmore University.
Cohen, I. G., Amarasingham, R., Shah, A., Xie, B., & Lo, B. (2020). The legal and ethical concerns that arise from using complex predictive analytics in health care. Health Affairs, 39(5), 783–791.
Dzenowagis, J., Seedhouse, D., & Schicktanz, S. (2018). Patient consent in sub-Saharan healthcare systems: A literature review. Developing World Bioethics, 18(3), 189–200.
Elshenawy, N., Hasan, M., & Alharby, M. (2021). Legal and institutional determinants of cybersecurity policy implementation in healthcare organizations. Information & Computer Security, 29(2), 287–303.
Flahault, A. (2019). Transparency in health data governance: The Canadian perspective. Canadian Journal of Public Health, 110(2), 128–131.
Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2022). A retrospective impact analysis of cyberattacks on UK hospital IT systems. BMJ Health & Care Informatics, 29(1), e100501.
Johnson, D., & Becker, A. (2022). Ethics in health IT: The role of training in reducing privacy violations. Journal of Health Ethics, 18(1), 48–61.
Kenya Law. (2019). The Data Protection Act No. 24 of 2019. National Council for Law Reporting.
Kenyatta National Hospital (KNH) (2018). Strategic plan (2018-2023). https://knh.or.ke/wp-content/uploads/2022/01/KNH_Strategic_Plan-2018-2023_FINAL.pdf
Kim, S., & Park, J. (2023). Dynamic capabilities for cybersecurity resilience: A multi-level approach. Information Systems Research, 34(2), 453-471.
Kimani, D., & Wanjiru, R. (2023). Cybersecurity investment gaps in Kenyan public hospitals: A call for strategic alignment. African Journal of Health Systems, 18(2), 76–89.
Kluge, E. H., Gøeg, K. R., & Moen, A. (2021). Ethical dimensions of digital health systems in Europe: A review of the literature. International Journal of Medical Informatics, 150, 104451.
Kumar, N., & Singh, A. (2023). Ethical data governance in public healthcare: Enhancing patient trust through transparency. BMC Medical Ethics, 24(1), 11.
Lee, Y., & Smith, K. (2023). Socio-technical approaches to digital health resilience: Ethics, usability, and interoperability. International Journal of Medical Informatics, 170(1) 104981.
Maher, B., & Kruger, H. A. (2022). Ethical risks in digital health: A review of emerging threats. Health Technology and Society, 15(2), 91–106.
Makulilo, A. B., & Boshe, P. (2016). The efficacy of data protection laws in East Africa: Comparative insights. African Human Rights Law Journal, 16(2), 353–375.
Malatji, E., Flowerday, S., & Sibiya, G. (2019). A socio-technical approach to information security management. South African Journal of Information Management, 21(1), 1–10.
Martin, L. J., & Williams, T. A. (2022). The effects of ethical enforcement on healthcare staff behavior: Evidence from disciplinary records. Journal of Health Administration, 56(3), 211–224.
Ministry of Health, Kenya. (2021). Kenya National eHealth Policy 2021–2030. Government of Kenya. https://www.health.go.ke
Mittelstadt, B. D., & Floridi, L. (2016). The ethics of big data in health. Philosophy & Technology, 29(4), 331–341.
Mugo, D. M., & Nzuki, D. M. (2014). Determinants of electronic health record adoption among hospitals in Kenya. International Journal of Information and Communication Technology Research, 4(4), 116–123.
Muthoni, M. G., & Waweru, M. K. (2020). Patient access to health records and institutional compliance in Nairobi public hospitals. East African Medical Journal, 97(8), 412–418.
Mutinda, K., & Ongus, R. (2020). An assessment of cybersecurity frameworks in public hospitals in Kenya. International Journal of Scientific and Research Publications, 10(8), 476–482.
Ngwira, A. (2018). Raising patient awareness of health data rights in Malawi: A qualitative study. Malawi Medical Journal, 30(3), 220–224.
Nyaga, R., Ondego, J., & Joel, K. (2023). Data protection and healthcare privacy in Kenya: Evaluating the Data Protection Act. African Journal of ICT Policy and Practice, 11(1), 55–72.
Office of the Data Protection Commissioner. (2022). Annual report on data protection in Kenya. Nairobi: ODPC.
Omondi, C. (2023). Ethical considerations in handling patient health data in Kenya. Bioethics & Health Law Review, 2(1), 45–60.
Ouma, C. (2021). KE-CIRT/CC’s role in national cybersecurity resilience. Kenya Cybersecurity Journal, 3(2), 19–29.
Perakslis, E. D. (2014). Cybersecurity in health care: A story of data integrity, patient safety, and regulatory compliance. Therapeutic Innovation & Regulatory Science, 48(5), 589–595.
Reeves, S. L., Calic, D., & Delfabbro, P. (2021). Cybersecurity training effectiveness: A meta-analysis of SETA programs. Journal of Cybersecurity Education, Research and Practice, 5(1), 4.
Sewanyana, J., & Okello, D. (2021). Cybersecurity policy implementation and institutional preparedness in East Africa: A healthcare sector perspective. East African Journal of Information and Communication, 2(1), 43–58.
Shachar, C., Engel, J., & Elwyn, G. (2020). Digital health and the ethics of data use. JAMA, 323(5), 507–508.
Singh, S., Sharma, P., & Agarwal, S. (2018). Data governance and cybersecurity resilience in healthcare organizations. Health Services Management Research, 31(2), 70–79.
Tan, T. B., Wong, J. Y., & Koh, G. C. H. (2020). Integrating data ethics into digital health training: Lessons from Singapore. Asia Pacific Journal of Public Health, 32(6–7), 301–307.
Tikk, E., & Kaska, K. (2020). The Estonian model for data security and transparency in e-health systems. Journal of Cyber Policy, 5(1), 92–109.
Tolossa, B. (2023). Phishing in healthcare: Emerging trends and prevention in African hospitals. Journal of African Health Informatics, 9(1), 44-55.
Vayena, E., & Blasimme, A. (2018). Health data ethics in the age of big data. Nature Medicine, 24(5), 462–464.
Weerasinghe, I. M. S., Sivarajah, U., & Irani, Z. (2020). Improving healthcare outcomes through information security: Patient trust as a critical factor. Health Informatics Journal, 26(1), 434–448.
Willis, J. (2015). The politics of hospital care in Kenya: Case of Kenyatta National Hospital. African Affairs, 114(456), 578–600.
Yamane, T. (1967) Statistics: An introductory analysis (2nd Ed.). Harper and Row, New York.
Zhou, X., & Tang, L. (2021). Technical ethics in hospital data governance: Automation, risk, and accountability. Journal of Information Ethics, 30(2), 49–66.
Zimba, R., Banda, R., & Kayuni, H. (2021). Educating patients on data rights in rural Tanzania: An intervention study. African Journal of Public Health, 15(2), 112–120.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Stephen Okongo Ario, Dr. Jecton Tocho, PhD, Mrs. Jenu John
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
