White Coat, Black Box: How Do Healthcare Workers Protect Personal Data?

Abstract

The protection of personal health data has become critical with the widespread adoption of EHRs in healthcare systems. This study evaluates the knowledge, attitudes, and awareness of healthcare professionals regarding the recording and protection of personal health data across diverse occupational groups and institutional contexts in Turkey. Data were collected from 346 healthcare professionals working in public and private hospitals through a structured questionnaire using a causal-comparative design. Statistical analyses included confirmatory factor analysis, independent samples t-tests, one-way analysis of variance, correlation analysis, and structural equation modeling. The scale demonstrated excellent reliability and structural validity, explaining 85.2% of variance across five dimensions: knowledge of personal health data, legal knowledge, legal data sharing, personal health data sharing, and personal health data recording. Significant differences were observed across educational levels, occupational groups, work units, and frequency of digital document usage. Postgraduate-educated professionals demonstrated higher awareness levels; however, this association may reflect confounding factors such as occupational role, professional responsibility levels, and work experience rather than education alone. Physicians exhibited significantly higher awareness levels than other healthcare professionals. Structural equation modeling revealed that PHDS, legal knowledge, and legal data sharing collectively explained 81.7% of variance in data recording awareness. The findings indicate that rather than isolated information acquisition, data protection awareness is shaped by an integrated framework of legal knowledge, ethical sensitivity, and institutional context. The study reveals critical awareness gaps among support staff and emergency service personnel, highlighting the need for profession-specific, unit-based educational interventions and strengthened data security culture across healthcare institutions.

Keywords

• Personal Health Data
• Data Security
• Health Information Systems
• Jurisprudence
• Confidentialy

References

1. Ajzen, I. (1991). Theory of planned behavior Organizational Behavior and Human Decision Processes, 50(2), 179-211. https://doi.org/10.1016/0749-5978(91)90020-T google scholar
2. Alçin, A. A. (2022). Personal health data in Turkish law and the obligation of the administration to protect personal health data. Türkiye adalat Akademisi Dergisi, 10(51), 365–410. https://doi.org/10.54049/taad.1140182 google scholar
3. Anderson, J. R. (1982). Acquisition of cognitive skills. Psychological Review, 89(4), 369-406. https://doi.org/10.1037/0033-295X.89.4.369 google scholar
4. Ataklıoğlu Başkan, S., Karakurt, P. & Kasımoğlu, N. (2021). Nursing students’ attitudes toward recording and protecting patients’ personal health data: A descriptive study Galician Medical Journal, 28(3), 1-7. https://doi.org/10.21802/gmj.2021.3.3 google scholar
5. Atalay, H. (2021). Mahremiyet kapsamında kişisel sağlık verilerinin korunması ve depolanması. Journal of Academic Perspective on Social Studies, (1), 01-20. https://doi.org/10.35344/japss.786353 google scholar
6. Atalay, H. N. & Yücel, Ş. (2023). Kişisel sağlık verileri paylaşımı ile ilgili değişkenlerin sosyo-demografik özellikler bakımından farklılıkları. Bilgi Yönetimi Dergisi, 6(2), 231 – 245. https://doi.org/10.33721/by.1242514 google scholar
7. Basit, G. (2021). Hemşirelik öğrencilerinin hastaların kişisel sağlık verileri ile ilgili görüşleri. Ege Üniversitesi Hemşirelik Fakültesi Dergisi, 37(3), 189-195. https://doi.org/10.53490/egehemsire.792537 google scholar
8. Bezirgan Gözmener, S., Şenol, S. & Seren İntepeler, Ş. (2019). Hemşirelik öğrencilerinin kişisel sağlık verilerinin kayıt ve korunması tutum ölçeği geçerlik ve güvenirlik çalışması*. Dokuz Eylül Üniversitesi Hemşirelik Fakültesi Elektronik Dergisi, 12(1), 21-30. google scholar

9. Bilgiç, İ., Paslı Gürdoğan, E. & Uslu, B. (2025). Nursing students’ attitudes toward the security of personal health data. Balkan Journal of Health Sciences, 3(3), 135-143. https://doi.org/10.61830/balkansbd.1614742https://doi.org/10.61830/balkansbd.1614742 google scholar
10. Büyüköztürk, Ş., Çakmak, E., Akgün, Ö., Karadeniz, Ş. ve Demirel, F. (2008). Bilimsel araştırma yöntemleri (1. Baskı). Ankara: Pegem Akademi, google scholar
11. Cabana, M. D., Rand, C. S., Powe, N. R., Wu, A. W., Wilson, M. H., Abboud, P. A., and Rubin, H. R. (1999). Why do physicians not follow clinical practice guidelines? A framework for improvement. JAMA, 282(15), 1458-1465. https://doi.org/10.1001/jama.282.15.1458 google scholar
12. Çavdar Lokumcu, P. (2024). Hekimlerin hastalarına ilişkin sosyal medya paylaşımlarından doğan sorumluluğu. Sakarya Üniversitesi Hukuk Fakültesi Dergisi, 12(1), 429-453. https://doi.org/10.56701/shd.1462767 google scholar
13. Demir Karabayır, E., Karaca Dedeoğlu & Kurşun, A. (2023). Sağlık Bilimleri Fakültesi öğrencilerinin kişisel sağlık verilerinin kayıt ve korunmasına ilişkin tutumlarının incelenmesi. R&S- Research Studies Anatolia Journal, 6(2), 145-168. https://doi.org/10.33723/rs.1257657 google scholar
14. Dündar, A., Hacivelioğlu, D., Erdoğdu, S., & Gündüz, N. (2024). Attitudes toward the recording and protection of personal health data: An example of a public hospital in Istanbul The Turkish Journal of Bioethics, 11(1), 17-27. google scholar
15. Durmuş İskender, M. & Durmuş, A. (2022). Determining the correlation between the privacy consciousness of midwifery and nursing students and their attitudes toward the recording and protection of personal health data. Euroasia Journal of Mathematics, Engineering, Natural & Medical Sciences, 9(21), 67-78. https://doi.org/10.38065/euroasiaorg.960 google scholar
16. Durmuş, V. (2021). Kişisel sağlık verilerinin korunmasında idarenin hukuki sorumluluğu. Dokuz Eylül Üniversitesi Hemşirelik Fakültesi Elektronik Dergisi, 2014, 14(1), 67-76. google scholar
17. Dutta, J. Barman, S. (2025). Smart contract and blockchain-based secured approach for storing and sharing electronic health records. Multimed Tools Applied, 84, 16883–16907. https://doi.org/10.1007/s11042-024-19714-7 google scholar
18. Ericsson, K. A., Prietula, M. J. and Cokely, E. T. (2007). Making an expert. Harvard Business Review, 85(7-8), 114-121. google scholar
19. Eskimez, Z. & Köse Tosunöz, İ. (2023). Nursing students’ attitudes toward the registration and preservation of personal health data Etkileşimli Hemşirelik Dergisi, 16(4), 513-523. https://doi.org/10.46483/jnef.1375543 google scholar
20. Evci Eralp, Ö. (2023). İşyerlerinde kişisel sağlık verilerinin işlenmesinde sır saklama yükümlülüğünün kapsamı. Kişisel Verileri Koruma Dergisi, 5(2), 28-38. https://doi.org/10.1016/j.kişiselverilerikorumadergisi google scholar
21. Farrell, A. M. (2010). Insufficient discriminant validity: A comment on Bove et al. (2009). Journal of Business Research, 63(3), 324-327. https://doi.org/10.1016/j.jbusres.2009.05.003 google scholar
22. Fraenkel, J. R., & Wallen, N. E. & Hyun, H. H. (2003). How to design and evaluate research in education. McGraw-Hill Higher Education, 366-386. google scholar
23. Gollwitzer, P. M. (1999). Implementation intentions: The strong effects of simple plans. American Psychologist, 54(7), 493-503. https://doi.org/10.1037/0003-066X.54.7.493 google scholar
24. Graber, M. L., Franklin, N., & Gordon, R. (2005). Diagnostic errors in internal medicine Archives of Internal Medicine, 165(13), 1493-1499. https://doi.org/10.1001/archinte.165.13.1493 google scholar
25. Grol, R., & Grimshaw, J. (2003). From best evidence to best practice: Effective implementation of change in patient care The Lancet, 362(9391), 1225-1230. https://doi.org/10.1016/S0140-6736(03)14546-1https://doi.org/10.1016/S0140-6736(03)14546-1 google scholar
26. Gupta, N., Vashist, S., & Verma, R. & Terang, P. P. (2025). Cybersecurity and Privacy Concerns in Digital Health Navigating Innovations and Challenges in Travel Medicine and Digital Health. https://doi.org/10.4018/979-8-3693-8774-0.ch019 google scholar
27. Hair, J. F.; Black, W. C.; Babin, B. J.; Anderson, R. E. (2010). Multivariate data analysis (7th ed.). Pearson, Prentice Hall. google scholar
28. İster, E. D. (2022). Nursing students’ attitudes toward registration and protection of personal health data and related factors Turkish Journal of Bioethics, 9(3), 95-104 google scholar
29. Kahneman, D. (2011). Thinking, Fast and Slow. Farrar, Straus, and Giroux. google scholar
30. Kaiser, H. F. (1974). An index of factorial simplicity. Psychometrika, 39(1), p. google scholar
31. Kalyuga, S., Ayres, P., Chandler, P., & Sweller, J. (2003). The expertise reversal effect. Educational Psychologist, 38(1), 23-31. https://doi.org/10.1207/S15326985EP3801_4 google scholar
32. Keshta, I. Odeh, A. (2021). Security and Privacy of Electronic Health Records: Concerns and Challenges Journal of Egyptian Informatics, 22(2), 177–183. google scholar
33. Kırca, N., Bademli, K., Ozgonul, M. L. Karacar, Y. (2025). Relationship between the awareness of privacy, registration, and preservation of personal health data of nursing students: A cross-sectional study International Journal of Caring Sciences, 18(1), 152-164. google scholar
34. Kruger, J., & Dunning, D. (1999). Unskilled and unaware of it: How difficulties in recognizing one’s own incompetence lead to inflated self-assessments Journal of Personality and Social Psychology, 77(6), 1121-1134. https://doi.org/10.1037/0022-3514.77.6.1121 google scholar
35. Kurt Konca, & Badur, E. (2023). Avukatın müvekkilinin kişisel sağlık verilerine erişimine ilişkin değerlendirmeler. Selçuk Ünviersitesi Hukuk Fakültesi Dergisi, 31(1), 193-228. https://doi.org/10.15337/suhfd.1238540 google scholar
36. MacCallum, R., and C. Widaman, K. F. (1999). Sample size in the factor analysis Psychological Methods, 4 (1), 84-99. https://doi.org/10.1037/1082-989X.4.1.84. google scholar
37. Mahammad, S. & Rani, K. U. (2025). Secure sharing of health records stored in a cloud using cryptographic secret sharing schemes through computational intelligence: A review Computational Intelligence in Sustainable Computing and Optimization, 281-301. https://doi.org/10.1016/B978-0-443-23724-9.00015-3 google scholar
38. Maraş, G. & Ceyhan, Ö. (2021). Nursing students’ attitudes toward the registration and protection of personal health data. Journal of Inonu University Health Services Vocational School, 9(2), 498-509. https://doi.org/10.33715/inonusaglik.851192 google scholar
39. Mehmedović, E., & Mehmedović, A. (2023). Personal health data and the significance of its administrative protection. Uprava, 14(2), 11–37. https://doi.org/10.53028/1986-6127.2023.14.2.11 google scholar
40. Olğun, S. & Adıbelli, D. (2022). Hemşirelik öğrencilerinin hastaların kişisel sağlık verilerinin kayıt ve korunmasına yönelik tutumlarının belirlenmesi. Sürekli Tıp Eğitimi Dergisi, 31(6), 441-450. https://doi.org/10.17942/sted.1063958 google scholar
41. Pakiş Çetin S. & Çevik K. (2021). Hemşirelik öğrencilerinin hastaların kişisel sağlık verilerinin kayıt ve korunmasına ilişkin tutumları. Dokuz Eylül Üniversitesi Hemşirelik Fakültesi Elektronik Dergisi, 14(3), 199- 206. https://doi.org/10.46483/deuhfed.779557 google scholar
42. Putnick, D. L. and Bornstein, M. H. (2016). Measurement invariance conventions and reporting: State of the art and future directions for psychological research. Developmental Review, 41, 71-90. https://doi.org/10.1016/j.dr.2016.06.004 google scholar
43. Shabir, G. Kenzie, F. (2025). Enhancing Patient-Doctor Communication with Digital Tools: A Path to Better Health Literacy and Outcomes https://doi.org/10.13140/RG.2.2.15931.94248 google scholar
44. Shah, S. M., & Khan, R. A. (2020). Secondary use of electronic health record: Opportunities and challenges. IEEE Access, 8, 136947–136965. google scholar
45. Silva, R. R. T. (2025). A Privacy Aware Architecture for Electronic Health Records. Thesis. Faculdade de Ciências e Tecnologia da Universidade de Coimbra. google scholar
46. Taber, K. S. (2018). Cronbach’s alpha is used when developing and reporting research instruments in science education. Research in Science Education, 48, 1273-1296. https://doi.org/10.1007/s11165-016-9602-2. google scholar
47. Tao, X., Shi, S. & Liu, J. (2025). Established but unused? Empirical study on the impact of health records on the use of basic public health services in China Evaluation and Program Planning, 112. DOI: 10.1016/j.evalprogplan.2025.102654 google scholar
48. Tural Büyük, E. & Ünaldı Baydın, N. (2020). Relationship between EI and ethical sensitivity in Turkish nursing students Turkish Journal of Bioethics, 19(2), 341-351. https://doi.org/10.5505/tjob.2020.93685 google scholar
49. Türk, F., & Topuz, İ., (2024). Yeni kuşak hemşirelik öğrencilerinde hasta mahremiyetinin incelenmesi. Sivas Cumhuriyet Üniversitesi Sağlık Öğrencileri Kongresi. Sivas, Turkey google scholar
50. Ülker, T. & Korkut, S. (2023). Does the consciousness of nursing students regarding privacy affect their attitudes toward the registration and preservation of personal health data? A descriptive study Ordu University Journal of Nursing Studies, 6(3), 640-648. https://doi.org/10.38108/ouhcd.1099347 google scholar
51. Vandenberg, R. J., & Lance, C. E. (2000). A review and synthesis of the literature on measurement invariance: suggestions, practices, and recommendations for organizational research. Organizational Research Methods, 3(1), 4-70. https://doi.org/10.1177/109442810031002 google scholar
52. Ware, S., Sukte, C., Patil, S., Patil, T., Keripale, S. & Nikam, Y. (2025). HealthX: Smart Health Record Management System with Speech Input, 2025 International Conference on Advanced Computing Technologies (ICoACT), Sivalasi, India, 1-7, doi: 10.1109/ICoACT63339.2025.11004679. google scholar
53. Xu, G. & Zhao, L. (2024). Classification and retrieval of personal health data based on differential privacy International Journal of Data Mining and Bioinformatics, 29(1-2). google scholar
54. Yılmaz, D. Uysal, O. (2024). Nursing students’ attitudes toward the recording and protection of patient health data: A cross-sectional study Makara Journal of Health Research, 28(2), 148-154. https://doi.org/10.7454/msk.v28i2.1604 google scholar