Healthcare professionals’ perceptions of electronic medical record privacy and its impact on work quality in Riyadh hospitals =============================================================================================================================== * Alaa A. Qashqari * Dunya S. Almutairi * Soukaina A. Ennaceur * Nesren S. Farhah * Mohammed A. Almohaithef ## Abstract **Objectives:** To investigate healthcare professionals’ perceptions of electronic medical records (EMRs) privacy and its impact on work quality in Riyadh, Saudi Arabia, hospitals. **Methods:** A total of 381 healthcare professionals were surveyed using a self-administered online questionnaire, which collected data on their familiarity with EMRs, perceptions of data protection, and experiences with privacy breaches. **Results:** The findings revealed that 79.3% of the respondents were familiar with EMRs. However, only 69.6% expressed confidence in safeguarding patient data from unauthorized access. Alarmingly, 25.5% admitted to accessing colleagues’ EMRs without permission, raising significant privacy concerns. Despite the presence of organizational privacy policies, 24.6% of the respondents were unaware or unsure of these policies. The study also highlighted the impact of privacy issues on healthcare staff, with 63.5% expressing concerns regarding the effects of EMR privacy on confidentiality and 39.4% reporting increased stress levels. Statistical analyses revealed significant associations between privacy concerns and stress (*p*=0.010) but no associations with avoiding medical care or behavior changes. **Conclusion:** This study underscores the urgent need for healthcare institutions to address privacy-related issues in EMRs and enhance data security measures and staff training to safeguard patient confidentiality and improve overall work quality. Keywords: * EMR privacy * health care professionals * work quality * privacy concerns * stress levels * patient data security **I**ntegrating electronic medical records (EMRs) into contemporary healthcare systems represents a significant advancement, promising to improve healthcare service quality while alleviating financial burdens on healthcare institutions. However, alongside these advancements, concerns regarding the security of EMRs have surfaced, particularly regarding the privacy of patients’ sensitive information. Privacy is paramount in healthcare settings, as it ensures the protection, confidentiality and security of patients’ personal and medical information. However, transitioning from paper-based medical records to EMRs has introduced new challenges in maintaining privacy. Electronic medical records, stored electronically, are accessible to multiple individuals within the healthcare system. While this facilitates information sharing, it also heightens the risk of unauthorized access and privacy breaches.1 Understanding the factors influencing compliance with EMR privacy policies among hospital information technology (IT) staff has become imperative for safeguarding patient confidentiality.2 Several studies have investigated the motivations of IT staff’s adherence to EMR privacy policies, employing theoretical frameworks such as protection motivation theory (PMT) and the theory of reasoned action (TRA). For example, a study carried out in Taiwan highlighted the significance of perceived vulnerability, perceived severity of threats, fear arousal, response efficacy, self-efficacy, and subjective norms in shaping IT staff’s behavioral intention to comply with privacy policies.2 Similarly, a study on the relationships among motivation, habits, and compliance with EMR privacy policies among hospital employees emphasized the pivotal role of self-efficacy, perceived usefulness, and facilitating conditions in predicting compliance habits.3 Studies such as that by Ceylan et al,4 shed light on nurses’ attitudes toward gossip and patient privacy practices. The study indicated that nurses with higher levels of education, those who received training in patient privacy, and those who were knowledgeable regarding patient rights regulations were more aware of patient privacy. A recent cross-national study carried out in Saudi Arabia highlighted acceptable attitudes and satisfaction levels among healthcare workers toward EMR systems, emphasizing the importance of addressing training needs and technical challenges to optimize EMR utilization in healthcare settings.5 Insufficient privacy within EMRs poses significant challenges for healthcare professionals, who are also patients within the same healthcare facilities. Such dual-role individuals may harbor concerns regarding the potential access of their medical data by coworkers or supervisors.6 The absence of privacy in EMRs contributes to heightened stress levels and reduced job satisfaction among healthcare staff. Persistent worries regarding the security and privacy of their own medical records stored in EMRs can lead to increased burnout and diminished job satisfaction. Consequently, this anxiety may hinder employees’ willingness to seek medical assistance or share pertinent health details with colleagues, further affecting their overall well-being and work effectiveness.7 Access to each other’s medical records can create power imbalances and undermine trust and mutual respect in the workplace. Consequently, teamwork, communication, and collaboration may suffer, impeding the delivery of high-quality patient care.8 Despite the extensive research on EMR privacy, there remains a notable gap in understanding how these privacy concerns directly affect the quality of work among healthcare employees. Current literature has primarily focused on compliance behaviors and attitudes toward privacy policies but lacks comprehensive analysis of how privacy deficits impact professional performance and patient outcomes. The present study aims to investigate the impact of EMR privacy concerns on the quality of work among healthcare employees in Riyadh hospitals, utilizing a cross-sectional approach to elucidate the interplay between privacy deficits and healthcare professionals’ performance and patient outcomes. Through an in-depth analysis, this study seeks to provide actionable insights for healthcare institutions to address privacy-related challenges and optimize EMR utilization to enhance patient care delivery in Riyadh hospitals. ## Methods This cross-sectional study is designed to evaluate healthcare employees’ attitudes, perceptions, and experiences related to EMRs and the impact of EMR privacy concerns on the quality of work in Riyadh hospitals. Ethical approval for the study was obtained from the research ethics committee of the Saudi Electronic University, Riyadh, Saudi Arabia (No.: SEUREC-4515). The study was carried out in compliance with the principles of the Declaration of Helsinki. Written informed consent was obtained from all participants before their involvement in the study. A mixed-method survey approach was utilized to gather data from healthcare employees in Riyadh hospitals, including allied health professionals, doctors, nurses, pharmacists, technicians, and administrative staff. To qualify, individuals needed to have at least 6 months of experience working with EMRs and be aged 18 years or older, with the ability to provide informed consent. Exclusion criteria ruled out healthcare employees without direct or indirect access to EMRs, temporary or contract staff with less than 6 months of experience in their current role, those unable to provide informed consent, and individuals working outside Riyadh hospitals or in non-healthcare roles. Data were collected from January to March 2024 via a self-administered online questionnaire. The recruitment method involved distributing the questionnaire through email and social media platforms. Participation was voluntary, and respondents had the option to remain anonymous. The respondents were informed on the purpose of the study, and electronic consent was obtained before they proceeded with the survey. Measures were taken to ensure the confidentiality and anonymity of respondents’ responses. The data were stored securely and were accessible only to the research team. The questionnaire was designed to collect comprehensive data regarding the demographic characteristics of the respondents, attitudes toward the use of EMRs, perceptions of the privacy level of EMRs, understanding of the security features of EMRs, the impact of EMRs on workload and job satisfaction and the relationship between the lack of privacy in EMRs and the quality of work. An open-ended question was used to identify which sections of EMRs patients find most sensitive, to enhance privacy and data protection measures. The validity of the survey was assessed via a pilot version, which was completed by 10 healthcare providers from the target population (Riyadh hospitals). These respondents provided feedback on the comprehensibility of the questions and the time required to complete the questionnaire. Importantly, these 10 respondents were not included in the actual survey. Moreover, scale reliability was determined via Cronbach’s alpha, which was satisfactory at 0.78 for the entire scale. The survey tool was made available in both Arabic and English to accommodate the language preferences of the respondents. ### Statistical analysis Statistical analysis was carried out using the Statistical Package for the Social Sciences, version 25.0 (IBM Corp., Armonk, NY, USA) for Windows. Descriptive statistics, including frequencies, percentages, means, and standard deviations, were reported for demographic characteristics and responses to survey questions. Inferential statistics included an independent t-test to determine differences in opinions on privacy and EMRs based on the type of organization; a one-way ANOVA to identify differences in opinions according to age, years of experience, and education level; and a Pearson correlation to examine relationships between privacy concerns in EMRs and their effects on healthcare staff. All results with a *p*-value of <0.05 were considered statistically significant. ## Results Table 1 provides a comprehensive snapshot of the healthcare workforce included in the present study. Most respondents were Saudi nationals (83.7%). The age distribution was concentrated in the 23-34 and 35-44 years age groups. The gender representation was balanced, with 58.3% female and 41.7% male participants. The study included a variety of occupational roles, with higher participation from allied health professionals (29.4%) and nurses (22.8%). Most respondents were employed in public organizations (87.4%). Additionally, a substantial proportion of the respondents (48.3%) had more than 10 years of experience, and the majority held a bachelor’s degree (60.1%). View this table: [Table 1](http://smj.org.sa/content/46/3/299/T1) Table 1 - General characteristics of the study population (N=381). Table 2 provides a detailed examination of healthcare professionals’ perceptions and behaviors concerning the privacy of EMRs, offering insights into their level of familiarity with EMRs, the protection of patient records, organizational privacy policies, and incidents of unauthorized access to EMRs. View this table: [Table 2](http://smj.org.sa/content/46/3/299/T2) Table 2 - Privacy in the electronic medical records within the studied healthcare settings. The results revealed that 79.3% of the respondents expressed familiarity with using EMRs in their hospital (*p*=0.00), suggesting a high degree of integration and usage within the healthcare setting. However, a small percentage (6.3%) indicated a lack of familiarity, highlighting potential disparities in digital literacy among healthcare professionals. With respect to the protection of patient records, 69.6% of respondents believe that records are safeguarded against unauthorized access in their hospital (*p*=0.00). However, the notable percentage (18.9%) who are unsure or disagree (11.5%) underscores the need for continued efforts to reinforce data security practices. Similarly, 75.3% of the respondents reported the presence of organizational policies related to EMR privacy (*p*=0.00), 6.8% of the participants were unaware of these policies, and 17.8% of them were not sure regarding the presence of such policies. Finally, 25.5% of the respondents admitted to accessing a colleague’s EMR without permission out of curiosity (p=0.00), which raises significant concerns regarding potential breaches of privacy within the healthcare environment. However, 75.5% of the respondents either did not engage in this behavior or were unsure on it. Respondents provided varied insights in response to the question, ‘which section in your EMRs do you not like to be exposed to others the most?’. Concerns primarily revolved around exposing personal information, including phone numbers, addresses, social security numbers, and government ID numbers, indicating a heightened sensitivity toward identity protection. Additionally, the respondents expressed unease regarding disclosing medical history and records, particularly medical record numbers, medication and medical procedures, psychological health assessments, laboratory analysis results, past medical and surgical histories, health diagnoses, and medications. These findings underscore the importance of safeguarding both personal and medical data within EMRs systems. Furthermore, some participants cited general discomfort with the idea of their medical records being used for personal purposes, reflecting broader apprehensions regarding data privacy and ethical use. Interestingly, a minority of respondents indicated an aversion to the exposure of ‘everything,’ emphasizing a comprehensive concern for the entirety of their EMRs. Table 3 provides the results regarding the perceived effects of the lack of privacy in EMRs on healthcare staff and the healthcare environment. The results illustrate the concerns regarding patient and staff confidentiality, the avoidance of seeking medical care, increased personal stress levels, the perceived need for additional efforts to increase privacy and security, and the influence of EMR privacy on staff behavior. View this table: [Table 3](http://smj.org.sa/content/46/3/299/T3) Table 3 - Effects of lack of privacy in electronic medical records on healthcare staff. The results showed that a substantial portion of participants (63.5%) expressed agreement (30.7%) or strong agreement (32.8%) regarding their apprehension on the impact of EMR privacy on both themselves and staff confidentiality. Moreover, a statistically significant association was found between concerns on EMR privacy and its impact on healthcare staff confidentiality (*p*=0.041). Similarly, the impact of a lack of privacy on staff stress levels was evident, with 39.4% agreeing or strongly agreeing that their stress levels increased. The statistical analysis revealed a significant association between concerns on EMR privacy and increased staff stress levels (*p*=0.010). This suggests that the lack of privacy in EMRs contributes to heightened stress levels among healthcare staff, highlighting the importance of addressing privacy concerns to mitigate such effects. Additionally, most respondents recognized the need for additional efforts to increase the privacy and security of EMRs, with 80.6% expressing agreement or strong agreement. A significant statistical association was registered (*p*=0.038), which underscores the importance of prioritizing efforts to bolster the privacy and security measures surrounding EMRs to address the concerns voiced by healthcare staff. In terms of seeking medical care within their organization, 35.2% of the respondents reported some degree of avoidance, with 22.8% disagreeing and 18.9% strongly disagreeing. No statistically significant association (*p*=0.62) was detected between concerns on EMR privacy and avoidance of seeking medical care within the organization. With respect to the influence of EMR privacy on staff behavior, 23.1% of the participants perceived a negative impact. The statistical analysis yielded a p-value of 0.75, indicating no significant association between concerns on EMR privacy and perceived negative influence on staff behavior. Table 4 presents a comparative analysis of the responses based on the type of organization, age, years of experience and educational level of the respondents, which helps understand the perceptions of privacy in EMRs and the perceived effects of the lack of privacy on healthcare staff. View this table: [Table 4](http://smj.org.sa/content/46/3/299/T4) Table 4 - Perceptions of privacy and lack of privacy across participants’ characteristics. The analysis of the perception of privacy in EMRs across respondent characteristics revealed that the perception of privacy varied significantly across years of experience (*p*=0.024). The participants with 1-5 years of experience had a mean perception score of 2.50±0.362, whereas those with 6-10 years of experience had mean score of 2.47±0.328 and those with more than 10 years of experience had mean score of 2.58±0.284. This finding indicates that more experienced participants perceive privacy differently, with slight variations across different experience levels. In contrast, the perception of privacy did not significantly vary when the type of organization (*p*=0.829), age (*p*=0.392), or education level (*p*=0.900) was considered. These findings suggest that these factors do not notably influence how participants perceive privacy in EMRs, indicating a general uniformity in privacy perception across these demographic categories. Regarding the effect of lack of privacy on healthcare staff, significant differences were observed across age groups (*p*=0.005), years of experience (*p*=0.011), and education levels (*p*=0.006). Compared with older participants, younger participants (23-34 years old) reported a greater mean effect score of 3.41±0.844, with the score notably decreasing in participants aged 55-64 years (2.85±0.687) and those aged 65 years or older (1.66). Similarly, participants with 1-5 years of experience reported a greater impact (3.46±0.810) than did those with more experience. In terms of education, those with a master’s degree reported the highest mean effect score (3.51±0.706), whereas those with a PhD reported a significantly lower score (2.84±0.713). These findings suggest that younger, less experienced, and less formally educated staff perceive a greater impact from the lack of privacy. Conversely, the effect of lack of privacy on staff did not significantly differ between private organizations (3.12±0.817) and public organizations (3.30±0.820, *p*=0.160), indicating that organizational type does not notably affect how staff feel impacted by EMR privacy issues. Our research findings revealed a statistically significant negative correlation between respondents’ perceptions of privacy in EMRs and the perceived effects of the lack of privacy on healthcare staff (r= -0.169, *p*=0.001). This negative correlation suggests that as perceptions of privacy in EMRs increase, the perceived negative effects on healthcare staff decrease, and vice versa. While the correlation coefficient (-0.169) denotes a weak-strength relationship, its statistical significance at the 0.001 level underscores its robustness. These results underscore the critical importance of addressing privacy issues in EMRs to mitigate perceived adverse effects on healthcare staff and maintain both patient confidentiality and staff well-being. ## Discussion The findings of this study provide significant insights into healthcare professionals’ perceptions of the privacy of EMRs and the associated impacts on healthcare staff. The results revealed a high familiarity with EMRs among respondents (79.3%), which is consistent with the global trend of increasing EMR adoption in healthcare institutions. Similarly, a study carried out by Kruse et al9 reported widespread familiarity with EMRs, emphasizing their integration into routine healthcare practices. However, the 6.3% of respondents who expressed unfamiliarity with EMRs underscore the need for enhanced digital literacy training among the healthcare workforce, especially as EMR utilization continues to expand globally.10 Regarding patient data protection, a high number of respondents (69.6%) expressed confidence in safeguarding records from unauthorized access. However, this finding is somewhat lower than other studies, such as research by Ghafur et al,11 which indicates that healthcare professionals are generally more confident in the security of patient records, with over 80% expressing trust in their hospital’s data protection practices. On the other hand, our results align with those of recent studies where healthcare professionals have expressed ongoing concerns regarding data privacy and security despite the presence of EMRs.12,13 The notable percentage of respondents in this study who are unsure (18.9%) or disagree (11.5%) with this notion reflects a gap in communication and the effective implementation of data security protocols. This finding reinforces the importance of transparent, organization-wide policies to ensure that all healthcare professionals are aware of the safeguards in place to protect patient privacy. Additionally, while most acknowledged the existence of organizational privacy policies, the lack of awareness among 24.6% of respondents was a critical issue. This suggests a gap between policy development and effective communication or implementation within healthcare organizations.14 This finding aligns with research by Appari et al,15 who suggest that despite the prevalence of formal policies on EMR privacy, their implementation and communication may not be consistent across all staff members. This highlights the need for continuous education and awareness programs focused on privacy policies to ensure comprehensive staff engagement and compliance. One of the most concerning findings from this study is that 25.5% of respondents admitted to accessing a colleague’s EMR without permission out of curiosity. This raises significant ethical and privacy concerns, echoing findings from other studies on similar behaviors and emphasizing the potential risks of unauthorized access.16 The result points to the ethical and legal challenges of such behavior and the systemic weaknesses in monitoring and enforcing compliance with EMR access rules. This calls for stricter enforcement of privacy protocols, cultivating a culture that prioritizes patient confidentiality and promoting ethical standards in healthcare. Regarding specific privacy concerns, respondents expressed the greatest unease on exposing personal information, such as phone numbers, addresses, and government ID numbers. These concerns align with studies by Fernández-Alemán et al,17 highlighting that identity protection remains a critical issue in EMR systems. The respondents also voiced concerns on the exposure of medical history and sensitive medical data, including psychological assessments and medication histories. This finding reinforces the importance of protecting both personal and medical data in EMRs to maintain trust in healthcare systems. The study also examined the impact of EMR privacy concerns on healthcare staff. A substantial portion of respondents expressed concerns on the impact of EMR privacy on both patient and staff confidentiality, and a statistically significant association (*p*=0.041) was found between EMR privacy concerns and healthcare staff confidentiality. These results align with previous research by Bansal et al,18 which shows that privacy concerns often lead to apprehensions on the confidentiality of personal health information for patients and healthcare providers. Additionally, the findings demonstrate that privacy concerns contribute to increased stress among healthcare professionals, with 39.4% of respondents reporting heightened stress. This finding is consistent with a study on the mental burden imposed on healthcare professionals by inadequate data privacy and security measures.19 Another important finding of the present study is recognizing the need for enhanced EMR privacy and security measures. The study revealed that a significant number of respondents agreed with the need for additional efforts to improve privacy protection, a sentiment supported by other research arguing that the rapid digitization of health records has outpaced the development of robust security frameworks.20 This finding reinforces the necessity for ongoing investments in privacy infrastructure and policy updates to ensure that EMR systems remain secure and trustworthy. While concerns on EMR privacy had a notable impact on healthcare staff, the study did not find a significant association between these concerns and the avoidance of seeking medical care within the organization. Similarly, the influence of EMR privacy on staff behavior did not reach statistical significance (*p*=0.75). These findings differ from research by Angst et al,21 which suggested that privacy concerns could lead to avoiding care and altered behavior among healthcare staff. The lack of significant findings in this study suggests that while privacy concerns are prevalent, they may not be severe enough to directly influence healthcare behaviors in the studied population. The comparative analysis based on respondent characteristics revealed that perceptions of privacy in EMRs vary significantly by years of experience, with more experienced professionals perceiving privacy differently than less experienced staff. This finding aligns with the work of Bishop et al,22 who reported that more experienced staff often develop a more nuanced understanding of privacy concerns owing to their prolonged exposure to EMR systems. In contrast, the study revealed no significant variation in privacy perceptions based on the type of organization, age, or education level, suggesting general uniformity across these demographic categories. The study also revealed a statistically significant negative correlation between perceptions of privacy in EMRs and the perceived effects of the lack of privacy on healthcare staff. As healthcare professionals’ confidence in the privacy of EMRs increases, their concerns on the adverse effects of insufficient privacy decrease. This finding, although weak, highlights the importance of addressing privacy concerns to improve healthcare staff’s overall well-being. Similarly, a previous study suggested that increasing privacy protection can reduce the perceived negative impacts on healthcare professionals, leading to a more supportive and ethical healthcare environment.23 To address the concerns raised, healthcare institutions must implement enhanced privacy training, advanced security measures such as multifactor authentication and real-time access monitoring, and transparent communication of privacy policies. Encouraging feedback mechanisms and fostering a culture that prioritizes confidentiality can bridge the gap between policy and practice. These steps will improve staff confidence, reduce stress, and align EMR systems with both technological advancements and ethical standards, ultimately enhancing patient care and professional satisfaction. ### Study limitations First, the cross-sectional design limits the ability to infer causality between EMR privacy concerns and their impact on work quality. Second, the study is confined to healthcare professionals in Riyadh hospitals, which may limit the generalizability of the findings to other regions or healthcare settings. Additionally, the specific healthcare context in Riyadh may not fully reflect practices or challenges in other regions of the country. Third, self-reported data may be subject to response biases, including social desirability bias, where respondents might have provided answers they believe to be more socially acceptable or favorable. Finally, the study’s reliance on voluntary participation might introduce selection bias, as those with stronger opinions or concerns may have been more likely to respond. In conclusion, the findings from this study underscore the urgent need for healthcare institutions to address EMR privacy concerns to maintain staff well-being and ensure high-quality patient care. Key recommendations include implementing comprehensive training programs focusing on EMR privacy policies and safeguarding patient information, such as mandatory quarterly training sessions for all staff to ensure ongoing awareness and compliance. Additionally, healthcare institutions should invest in advanced security technologies and protocols, such as multifactor authentication and data encryption, to protect EMR systems from unauthorized access. Regular audits and real-time monitoring of EMR access logs should be carried out to detect and prevent unauthorized access, and establishing support systems to help healthcare staff manage stress related to EMR privacy concerns is essential for maintaining a healthy work environment. ## Acknowledgment *The authors gratefully acknowledge the Deanship of Scientific Research of the Saudi Electronic University, Riyadh, Saudi Arabia, for providing financial support and access to facilities that enabled the completion of this study. The authors also extend their heartfelt thanks to all the respondents who generously and voluntarily participated in the study. Additionally, They would like to thank AJE Editing for the English language editing.* ## Footnotes * **Disclosure.** Authors have no conflict of interests, and the work was not supported or funded by any drug company. * Received November 11, 2024. * Accepted January 26, 2025. * Copyright: © Saudi Medical Journal This is an Open Access journal and articles published are distributed under the terms of the Creative Commons Attribution-NonCommercial License (CC BY-NC). Readers may copy, distribute, and display the work for non-commercial purposes with the proper citation of the original work. ## References 1. 1.WHO. eHealth at WHO. [Updated 2019; accessed 2024 Oct 20]. Available from: [https://www.who.int/ehealth/about/en/](https://www.who.int/ehealth/about/en/) 2. 2.Sher M, Talley PC, Yang C, Kuo K. Compliance with electronic medical records privacy policy: an empirical investigation of hospital information technology staff. INQ: The J of Health Care Organization, Provision, and Financing 2017; 54: 1-12. 3. 3.Kuo K, Chen YC, Talley PC, Huang C. Continuance compliance of privacy policy of electronic medical records: the roles of both motivation and habit. BMC Med Inform Decis Mak 2018; 18: 1-12. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1186/S12911-018-0671-1/FIGURES/9&link_type=DOI) [PubMed](http://smj.org.sa/lookup/external-ref?access_num=29301576&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) 4. 4.Ceylan SS, Çetinkaya B. Attitudes towards gossip and patient privacy among paediatric nurses. Nurs Ethics 2020; 27: 289-300. [PubMed](http://smj.org.sa/lookup/external-ref?access_num=31088205&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) 5. 5.Al Otaybi HF, Al-Raddadi RM, Bakhamees FH. Performance, barriers, and satisfaction of healthcare workers toward electronic medical records in SaudiArabia: a national multicenter study. Cureus 2022; 14: 1-14. 6. 6.Hasanain RA, Vallmuur K, Clark M. Electronic medical record systems in Saudi Arabia: knowledge and preferences of healthcare professionals. J Health Inform Dev Ctries 2015; 9: 23-31. 7. 7.Alumran A, Aljuraifani S, Almousa Z, Hariri B, Aldossary H, Aljuwair M, et al. The influence of electronic health record use on healthcare providers burnout. Inform Med Unlock 2024; 50: 1-7. 8. 8.Amano A, Brown-Johnson CG, Winget M, Sinha A, Shah S, Sinsky CS, et al. Perspectives on the intersection of electronic health records and health care team communication, function, and well-being. JAMA Netw Open 2023; 6: 1-12. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1001/jamanetworkopen.2023.13734&link_type=DOI) 9. 9.Kruse CS, Stein A, Thomas H, Kaur H. The use of electronic health records to support population health: a systematic review of the literature. J Med Syst 2018; 42: 1-16. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1007/s10916-018-0994-6&link_type=DOI) 10. 10.Dougherty M, McGavin R, Richardson JE, Wines RC, Horvath M. Health information technology adoption and utilization in long-term and post-acute care settings. [Updated 2023; accessed 2024 Oct 26]. Available from: [https://www.ncbi.nlm.nih.gov/books/NBK606653/](https://www.ncbi.nlm.nih.gov/books/NBK606653/) 11. 11.Ghafur S, Kristensen S, Honeyford K, Martin G, Darzi A, Aylin P. A retrospective impact analysis of the WannaCry cyberattack on the NHS. Digit Med 2019; 2: 1-7. 12. 12.Almaghrabi NS, Bugis BA. Patient confidentiality of electronic health records: a recent review of the Saudi literature. Dr. Sulaiman Al Habib Med J 2022; 4: 126-135. 13. 13.Banerjee S, Barik S, Das D, Ghosh U. EHR security and privacy aspects: a systematic review. [Updated 2023; accessed 2024 Oct 26]. Available from: [https://link.springer.com/chapter/10.1007/978-3-031-45878-1\_17](https://link.springer.com/chapter/10.1007/978-3-031-45878-1_17) 14. 14.Campione J, Liu H. Perceptions of hospital electronic health record (EHR) training, support, and patient safety by staff position and tenure. BMC Health Serv Res 2024; 24: 1-11. [PubMed](http://smj.org.sa/lookup/external-ref?access_num=38169381&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) 15. 15.Appari A, Johnson ME. Information security and privacy in healthcare: current state of research. Intl J Internet Enterp Manag 2010; 6: 279-314. 16. 16.Janarthanan V, Kumaran SM, Nagrale NV, Singh OG, Raj KV. Legal and ethical issues associated with challenges in the implementation of the electronic medical record system and its current laws in India. Cureus 2024; 16: 1-7. 17. 17.Fernández-Alemán JL, Señor IC, Lozoya PÁ, Toval A. Security and privacy in electronic health records: a systematic literature review. J Biomed Inform 2013; 46: 541-562. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1016/j.jbi.2012.12.003&link_type=DOI) [PubMed](http://smj.org.sa/lookup/external-ref?access_num=23305810&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) 18. 18.Bansal G, Zahedi FM, Gefen D. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis Support Syst 2010; 49: 138-150. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1016/j.dss.2010.01.010&link_type=DOI) 19. 19.Shrestha A, Graham DM, Dumaru P, Paudel R, Searle KA, Al-Ameen MN. Understanding the behavior, challenges, and privacy risks in digital technology use by nursing professionals. Proc ACM Hum Comput Interact 2022; 6: 1-22. [PubMed](http://smj.org.sa/lookup/external-ref?access_num=37360538&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) 20. 20.Hester M. Healthcare privacy in an electronic data age. [Updated 2024; accessed 2024 Jun 25]. Available from: [https://doi.org/10.1007/978-3-031-51063-2\_10](https://doi.org/10.1007/978-3-031-51063-2_10) 21. 21.Angst CM, Agarwal R. Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion. MIS Quarterly 2009; 33: 339-370. 22. 22.Bishop TF, Ryan AM, Casalino LP, Moynihan JL. Paid malpractice claims for adverse events in inpatient and outpatient settings. JAMA 2011; 305: 2427-2431. [CrossRef](http://smj.org.sa/lookup/external-ref?access_num=10.1001/jama.2011.813&link_type=DOI) [PubMed](http://smj.org.sa/lookup/external-ref?access_num=21673294&link_type=MED&atom=%2Fsmj%2F46%2F3%2F299.atom) [Web of Science](http://smj.org.sa/lookup/external-ref?access_num=000291597300022&link_type=ISI) 23. 23.Ayatollahi H, Mirani N, Haghani H. Electronic health records: what are the most important barriers? Perspect Health Inform Manag 2013; 14: 1-12.