Design and Development of a Competency Diagnosis Program for Personal Information Protection Among Medical Institution Personnel

preprint OA: closed
Full text JSON View at publisher
AI-generated deep summary by claude@2026-07, 2026-07-03 · read from full text

This study developed a customized competency diagnosis program for personal information protection tailored to medical institution personnel, incorporating institutional updates to relevant laws, technical considerations tied to digitized medical records, and administrative elements reflecting hospital practice. The program used a newly designed questionnaire to diagnose competency at each stage of the personal information processing cycle, and it was administered to 209 staff across all departments of a national hospital. Participants obtained competency scores by processing stage, and real-time educational materials were provided for areas identified as relatively weak. A key caveat is that the paper describes a preprint with preliminary information and does not clearly report peer-reviewed validation or longer-term outcomes beyond the immediate diagnosis and educational material delivery. The paper does not explicitly discuss endometriosis or adenomyosis; it was included in the corpus via a keyword match in the upstream search index.

Read from the paper's body, not the abstract. Not a substitute for reading the paper. No clinical advice. How this works

Abstract

This study aims to develop a customized Competency Diagnosis Program for Personal Information Protection that enables medical institution personnel to independently assess their competency levels in personal information protection and receive tailored educational materials. The ultimate goal is to enhance their competency and awareness regarding personal information protection. The program was developed by incorporating institutional aspects reflecting amendments to relevant laws, technical aspects considering the digitalization of medical information, and administrative aspects aligned with the practical realities of medical institutions. Additionally, to ensure precise competency diagnosis, a newly designed questionnaire was implemented, allowing diagnosis at each stage of personal information processing. The competency diagnosis program developed in this study was administered to 209 personnel across all departments of National Hospital A, affiliated with the Ministry of Health and Welfare. As a result, participants were able to identify their competency scores at each stage of personal information processing. Moreover, real-time educational materials were provided for areas where competency was relatively weak. With the rapid digitalization of medical information driven by advances in information and communication technology, enhancing the competency and awareness of medical institution personnel in personal information protection has become increasingly critical. Highlights By utilizing the newly designed competency diagnosis questionnaire and program developed in this study, any medical institution personnel can independently assess their competency levels and receive targeted educational materials for areas requiring improvement. This is expected to have a positive impact on enhancing competency and raising awareness of personal information protection.
Full text 41,303 characters · extracted from preprint-html · click to expand
Design and Development of a Competency Diagnosis Program for Personal Information Protection Among Medical Institution Personnel | Authorea try { document.documentElement.classList.add('js'); } catch (e) { } var _gaq = _gaq || []; _gaq.push(['_setAccount', 'G-8VDV14Y67G']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); Skip to main content Preprints Collections Wiley Open Research IET Open Research Ecological Society of Japan All Collections About About Authorea FAQs Contact Us Quick Search anywhere Search for preprint articles, keywords, etc. Search Search ADVANCED SEARCH SCROLL This is a preprint and has not been peer reviewed. Data may be preliminary. 6 July 2025 V1 Latest version Share on Design and Development of a Competency Diagnosis Program for Personal Information Protection Among Medical Institution Personnel Author : Yeon-Hu Lee 0000-0003-0783-5695 [email protected] Authors Info & Affiliations https://doi.org/10.22541/au.175183755.54635746/v1 Published Informatics for Health and Social Care Version of record Peer review timeline 208 views 90 downloads Contents Abstract Information & Authors Metrics & Citations View Options References Figures Tables Media Share Abstract This study aims to develop a customized Competency Diagnosis Program for Personal Information Protection that enables medical institution personnel to independently assess their competency levels in personal information protection and receive tailored educational materials. The ultimate goal is to enhance their competency and awareness regarding personal information protection. The program was developed by incorporating institutional aspects reflecting amendments to relevant laws, technical aspects considering the digitalization of medical information, and administrative aspects aligned with the practical realities of medical institutions. Additionally, to ensure precise competency diagnosis, a newly designed questionnaire was implemented, allowing diagnosis at each stage of personal information processing. The competency diagnosis program developed in this study was administered to 209 personnel across all departments of National Hospital A, affiliated with the Ministry of Health and Welfare. As a result, participants were able to identify their competency scores at each stage of personal information processing. Moreover, real-time educational materials were provided for areas where competency was relatively weak. With the rapid digitalization of medical information driven by advances in information and communication technology, enhancing the competency and awareness of medical institution personnel in personal information protection has become increasingly critical. Highlights By utilizing the newly designed competency diagnosis questionnaire and program developed in this study, any medical institution personnel can independently assess their competency levels and receive targeted educational materials for areas requiring improvement. This is expected to have a positive impact on enhancing competency and raising awareness of personal information protection. Title: Design and Development of a Competency Diagnosis Program for Personal Information Protection Among Medical Institution Personnel Running title: Personal Information Competency Diagnosis Authors: Yeon-Hu Lee (PhD) * Affiliations: Department of Nursing, Honam University * Address: Department of Nursing, Honam University College of Health Science, 100 Honamdae-gil, Gwangsan-gu, Gwangju, 62399, Republic of Korea * Phone: +82-62-940-5552 * E-Mail: [email protected] Corresponding Author: Yeon-Hu Lee (PhD) * Affiliations: Department of Nursing, Honam University * Address: Department of Nursing, Honam University College of Health Science, 100 Honamdae-gil, Gwangsan-gu, Gwangju, 62399, Republic of Korea * Phone: +82-62-940-5552 * E-Mail: [email protected] Funding This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors. Conflict of Interest The author declares that there is no conflict of interest. Abstract This study aims to develop a customized Competency Diagnosis Program for Personal Information Protection that enables medical institution personnel to independently assess their competency levels in personal information protection and receive tailored educational materials. The ultimate goal is to enhance their competency and awareness regarding personal information protection. The program was developed by incorporating institutional aspects reflecting amendments to relevant laws, technical aspects considering the digitalization of medical information, and administrative aspects aligned with the practical realities of medical institutions. Additionally, to ensure precise competency diagnosis, a newly designed questionnaire was implemented, allowing diagnosis at each stage of personal information processing. The competency diagnosis program developed in this study was administered to 209 personnel across all departments of National Hospital A, affiliated with the Ministry of Health and Welfare. As a result, participants were able to identify their competency scores at each stage of personal information processing. Moreover, real-time educational materials were provided for areas where competency was relatively weak. With the rapid digitalization of medical information driven by advances in information and communication technology, enhancing the competency and awareness of medical institution personnel in personal information protection has become increasingly critical. Highlights By utilizing the newly designed competency diagnosis questionnaire and program developed in this study, any medical institution personnel can independently assess their competency levels and receive targeted educational materials for areas requiring improvement. This is expected to have a positive impact on enhancing competency and raising awareness of personal information protection. Keywords: Personally Identifiable Information, Health Personnel, Diagnosis Program, Hospital Information Systems, Personal health records 1. Introduction 1.1 Necessity of the Study The advancement of Information and Communications Technology (ICT) has brought significant changes to the field of personal information protection. The term Information and Communications means a series of activities and means for the promotion of informatization, including apparatuses, technologies, and services related to the collecting, processing, storing, searching, transmitting, receiving, and utilizing of information. 1, 2 Personal information refers to information related to a living individual, including names, resident registration numbers, and images, as well as any information that, when combined with other information, can be used to identify a specific individual. 3 While ICT advancements have introduced numerous positive changes to human life, they have also increased risks related to privacy violations, reduced individuals’ control over their personal information, and heightened the potential for negative consequences in the field of personal information protection due to expanded access to such information. 4 In particular, medical institutions are rapidly adopting ICT–driven systems and medical devices, making it imperative to establish effective personal information protection measures. Traditionally, patient medical records were primarily maintained as paper documents. However, with the adoption of Order Communication Systems (OCS), Electronic Medical Record (EMR), and Picture Archiving and Communication Systems (PACS), they have transitioned to electronic record formats utilizing ICT. Moreover, following the enforcement of the Personal Information Protection Act in September 2011 and the establishment of the Personal Information Protection Commission as a central administrative agency in August 2020, regulations governing the management of patient personal information have been significantly strengthened. Personal information in the medical sector is a highly critical area in terms of privacy protection, as it involves the processing of large volumes of sensitive health information classified under the Personal Information Protection Act. This includes not only personally identifiable information such as a patient’s name and unique identification number but also health–related information obtained through medical treatment and information necessary for maintaining health. 5, 6 Furthermore, with 93.9% of hospitals and higher–level medical institutions having implemented and operating Electronic Medical Record (EMR) systems, 7 the vast majority of patient personal information has been digitized. Given that hospitals serve as key industrial sites where the entire personal information processing cycle–from information collection, utilization, storage, provision, to disposal–takes place, ensuring robust information protection measures has become essential. Due to this structural characteristic, medical institution personnel can easily access patient personal information through medical record viewing, storage, and printing, leading to a rise in privacy breaches. Consequently, personal information breaches in medical institutions have been increasing. According to a press release from Representative Jin-Sook Jeon of the National Assembly’s Health and Welfare Committee, a total of 91 personal information breaches occurred in medical institutions after 2020, with a continuous upward trend. A breakdown by hospital type indicates 4 cases in tertiary hospitals, 15 in general hospitals, 29 in hospitals, and 43 in clinics. 8 The Personal Information Protection Commission reported that between April 2018 and January 2020, personal information belonging to approximately 185,271 patients was breached from 17 hospitals, including tertiary hospitals. Among the leaked information, some cases involved sensitive information. The reported breach methods included hospital staff photographing patient personal information from the medical information system and illegally accessing and downloading patient records. 9 Additionally, Dr. A, who worked as an endoscopy specialist, was convicted in the first trial for photographing monitor screens displaying patient personal information between April 2021 and February 2022, resulting in the breach of 105 patient records. He was sentenced to a fine. 10 Similarly, assistant nurses B was sentenced to probation for fraudulently obtaining prescription medication for insomnia by misusing the personal information of patients and colleagues at the hospital where they were employed between February and March 2022. 11 To prevent personal information breaches in medical institutions, the Korea Social Security Information Service (SSIS), under the Ministry of Health and Welfare, has begun providing security monitoring services to support medical institutions in mitigating information leakage incidents. Additionally, the Ministry of Health and Welfare and the Personal Information Protection Commission have developed and revised the ”Personal Information Protection Guidelines [Medical Institutions Edition]” and incorporated personal information protection standards into the Medical Institution Accreditation System as part of governmental efforts to strengthen information protection measures. While technical and institutional safeguards are crucial in preventing information breaches, the most critical aspect is enhancing the competency of medical institution personnel in personal information protection. A structured education and training program must be established to improve awareness and adherence to information protection practices. 1.2 Research Objective This study aims to develop a customized competency diagnosis program for personal information protection that allows medical institution personnel to independently evaluate their personal information protection competency levels and receive real–time feedback along with educational materials addressing their areas of weakness. Through this program, the study seeks to enhance the competency and awareness of medical institution personnel regarding personal information protection. 2. Methods 2.1 Literature Review Numerous studies have conducted awareness diagnosis on personal information protection among medical institution personnel before and after the enactment of the Personal Information Protection Act. An analysis of existing literature revealed that most previous research focused on personnel in clinical departments, such as nurses, medical technicians, and nursing students, who directly interact with patients. 12-19 However, with the widespread digitalization of medical information, most patient personal information is now stored electronically. Consequently, even non–clinical personnel–including administrative and IT staff–who do not directly interact with patients can easily access patient personal information due to the evolving structural environment. Despite these changes, previous studies largely excluded non–clinical personnel from their research scope. Furthermore, the survey questionnaires used in these studies were originally developed over a decade ago exclusively for clinical personnel. 18, 19 As a result, these questionnaires no longer align with the current medical environment or the institutional, technical, and administrative standards established for personal information protection. 2.2 Design and Development of the Personal Information Protection Competency Diagnosis Program This study addresses the limitations of previous research by developing a Personal Information Protection Competency Diagnosis Program that enables all medical institution personnel to independently assess their personal information protection competency and receive real–time educational materials for areas requiring improvement. Additionally, the survey questionnaire integrated into the diagnosis program was specifically designed and implemented to reflect the latest medical environment and the current legal framework for personal information protection. 2.2.1 Survey Questionnaire Design To develop the survey questionnaire for the Personal Information Protection Competency Diagnosis Program, this study followed the instrument development process outlined by DeVellis, 20 proceeding through both development and validation phases. During the development phase, an initial set of questionnaire items was designed based on a review of previous studies and relevant legal frameworks. These items were then validated through expert content validity diagnosis and a preliminary survey. This study aimed to overcome the limitations of previous survey questionnaires by incorporating the latest legal and environmental changes. Specifically, the questionnaire design considered the institutional aspects of the Personal Information Protection Act, revised in March 2023, and the ”Guidelines for Personal Information Protection in Medical Institutions,” updated in December 2020, the technical aspects reflecting the digitalization of medical information, and the administrative aspects aligned with the practical realities of medical institutions. The newly designed survey questionnaire is presented in Table 1. The questionnaire consists of a total of 47 items, including 12 items that measure only awareness of personal information protection and 17 items that assess both awareness and corresponding behavioral practices. The survey questionnaire is structured to evaluate competencies across different stages of personal information processing, categorizing them into ”Definition,” ”Collection & Use,” ”Provision,” ”Management,” and ”Disposal.” The expert panel for content validity diagnosis of the survey questionnaire was formed based on the guidelines proposed by Lynn 21 to ensure an objective and professional evaluation. Experts were selected from the Ministry of Health and Welfare, which oversees medical institutions, and the Personal Information Protection Commission, the primary authority on personal information protection. The panel consisted of a total of nine experts, including four personal information protection officers from National Hospitals under the Ministry of Health and Welfare, one head nurse from a National Hospital, two researchers from the Ministry of Health and Welfare Personal Information Integrated Monitoring Center, and two certified personal information protection instructors appointed by the Personal Information Protection Commission. To calculate the Content Validity Index (CVI), the experts were asked to evaluate how relevant each item was to the survey’s subject using Lynn’s 21 four–point scale (1 = Not relevant, 2 = Unable to determine relevance without modification, 3 = Relevant but requires minor revision, 4 = Highly relevant.) A survey item was considered to have satisfactory item–level content validity (I-CVI) if at least 78% (0.78) of the experts rated it 3 or 4. For the overall content validity of the measurement tool, the Scale–Level Content Validity Index/Average (S-CVI/Ave) was calculated by summing the I-CVI scores of all items and dividing them by the total number of items. This study adopted the standard threshold of 0.90, as recommended by Polit & Beck. 22 The content validity diagnosis results from the nine experts indicated that all 29 primary survey items (including 47 sub–items) achieved a minimum I-CVI of 0.78 and a maximum of 1.00. The overall S-CVI/Ave for the questionnaire was 0.93, confirming its validity. To assess the readability and comprehension of the expert–validated survey items, a preliminary survey was conducted with 15 medical institution personnel affiliated with the Ministry of Health and Welfare. The participants included five nurses, three physicians, three medical technicians, one clinical psychologist, one administrative staff, one medical record administrator, and one personal information protection staff. Based on the survey results, four items with unclear wording were revised, and the final survey questionnaire was confirmed. The Likert 5-point scale was adopted for the survey, with the following response options (5 = Strongly Agree, 4 = Agree, 3 = Neutral, 2 = Disagree, 1 = Strongly Disagree). 2.2.2 Development of the Personal Information Protection Competency Diagnosis Program The Personal Information Protection Competency Diagnosis Program was developed as a Windows–based application incorporating the 47 survey items designed in this study. The program was built using PowerBuilder, a fourth–generation programming language (4GL) known for its ease of coding and seamless integration with databases. Due to these advantages, PowerBuilder is widely used for developing Windows applications rather than mobile applications. Participants for the self–diagnosis using the Personal Information Protection Competency Diagnosis Program developed in this study were selected based on an appropriate sample size determination. Various perspectives exist regarding the adequate sample size for research. Cattell 23 suggested that a sample size below 100 is insufficient, between 101 and 200 is moderate, and 300 or more is desirable. DeVellis 20 recommended that when the number of survey items is 40 or fewer, a sample size of approximately 200 is appropriate. Additionally, some scholars have proposed determining sample size in proportion to the number of survey items. Guilford 24 recommended a 1:2 ratio, while Costello A.B. & Osborne J.W., 25 Nunnally, 26 and Tabachnick & Fidell 27 suggested that a 1:5 ratio is appropriate. Considering these perspectives, this study determined that a sample size of 200 to 250 participants would be appropriate, accounting for potential missing information. Ultimately, a total of 213 participants were selected from National Hospital A, affiliated with the Ministry of Health and Welfare. Participants included physicians, nurses, medical technicians, social workers, administrative staff, and technical personnel–all professionals who have direct or indirect involvement with patients. 3. Results 3.1 General Characteristics of Participants The participants’ ages ranged from their 20s to 60s, and the study was conducted with all 28 departments of National Hospital A, affiliated with the Ministry of Health and Welfare. A total of 213 participants from various occupational categories took part in the study, including 20 physicians, 115 nurses, 15 social workers, 9 clinical psychologists, 6 medical technologists, 5 pharmacists, 23 administrative staff, and 20 technical staff. However, four participants with inadequate responses were excluded from the final analysis. 3.2 Implementation of the Personal Information Protection Competency Diagnosis Program The Personal Information Protection Competency Diagnosis Program developed in this study enables medical institution personnel to independently assess their personal information protection competency and receive real–time feedback and educational materials tailored to their areas of weakness. As shown in Fig. 1, the diagnosis process involves running the program in a Windows environment and answering all 47 survey items independently. Once all responses are submitted, scores are automatically calculated for each stage of personal information processing: ”Definition,” ”Collection & Use,” ”Provision,” ”Management,” and ”Disposal.” The program then identifies the weakest area and provides real–time access to relevant legal provisions and educational materials. To ensure the credibility of the educational materials, the program utilizes standard lecture materials developed by the Korea Internet & Security Agency (KISA) for certified personal information protection instructors. Fig. 1. Initial Screen of the Personal Information Protection Competency Diagnosis Program Fig. 2 shows the diagnosis results and educational materials screen for Dr. A, a participant who used the program. The results indicate that ”Collection & Use” was the weakest area, and relevant educational materials were provided to help improve this competency. Fig. 2. Diagnosis Results of Dr. A (A) and Corresponding Educational Materials (B) Fig. 3 presents the diagnosis results and educational materials screen for Nurse B, another participant. The results indicate that ”Provision” was the weakest area, and appropriate educational materials were provided to address the deficiency. Fig. 3. Diagnosis Results of Nurse B (A) and Corresponding Educational Materials (B) The diagnosis results of all employees at National Hospital A, affiliated with the Ministry of Health and Welfare, are presented in Table 2. The results indicate that, across all occupational categories, the ”Definition” category was the weakest compared to other areas. Based on these findings, National Hospital A could develop a customized training plan focused on strengthening the ”Definition” aspect of personal information protection competency to enhance the overall competency of all hospital staff. By utilizing the Personal Information Protection Competency Diagnosis Program developed in this study, medical institution personnel can not only conduct individual competency diagnosis and receive real–time training, but the program can also be leveraged to formulate institutional training plans. This approach is expected to significantly contribute to enhancing awareness of personal information protection within medical institutions. 4. Discussion Medical institutions handle a significant amount of patient medical information, classified as sensitive information, making them particularly vulnerable to personal information breaches. Among all industries, information leaks in medical settings are expected to have the greatest societal impact. 28 To prevent personal information breaches in medical institutions, it is crucial to enhance the competency and awareness of medical personnel regarding personal information protection. To address this need, this study developed the Personal Information Protection Competency Diagnosis Program, allowing medical personnel to independently assess their competency in personal information protection without constraints of time and location. The program also provides real–time results and educational materials to support learning. Additionally, the survey questionnaire incorporated into the program was designed and implemented with consideration of recent amendments to relevant laws, institutional regulations, technological advancements, and administrative requirements to ensure comprehensive coverage. 5. Conclusions By utilizing the Personal Information Protection Competency Diagnosis Program developed in this study, medical institution personnel can independently assess their competency and receive targeted training in areas where improvement is needed. This not only enhances individual competency in personal information protection but also allows institutions to formulate comprehensive training plans based on the collective diagnosis results of all employees. While this study developed a Windows-based program, future research should consider developing a mobile application compatible with Android and iOS operating systems, reflecting the increasing adoption of mobile devices in medical settings. Additionally, further refinement of the survey questionnaire should be explored to enable a more detailed competency diagnosis for specific occupational groups within medical institutions by restructuring the survey items accordingly. Ethical statement The study was conducted with the approval of the Institutional Review Board (IRB No. 1041223-202402-HR-41) of Honam University. Funding This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors. Conflict of interest The author have no conflicts of interest to declare for this study. References 1. INFORMATION AND COMMUNICATIONS TECHNOLOGY INDUSTRY PROMOTION ACT Article 2 (1) 1. Sejong-si: Statutes of the Republic of Korea; February 13, 2024. 2. FRAMEWORK ACT ON INTELLIGENT INFORMATIZATION Article 2 (1) 3. Sejong-si: Statutes of the Republic of Korea; June 9, 2020. 3. PERSONAL INFORMATION PROTECTION ACT Article 2 (1). Sejong-si: Statutes of the Republic of Korea; March 14, 2023. 4. Son YH. Advances in Information and Communication Technology and Personal Information Protection. Korea Business Law Association 2022;36(1):172. 5. Kim SC. Emergency patients’ right to access medical information under UK and US law. Law & Policy Review 2022;8:20-23. 6. Kim KH. A Constitutional Study on the Protection of Personal Health Information: With the focus on the protection of personal health information in the public sector. Ajou Law Review 2016;10(2):1-40. 7. 2020 Health and Medical Informatization Survey Results Report. Seoul: Korea Health Information Service; May 18, 2021. 8. Kim YM. Medical institution, Since 2020 there have been 91 breaches of medical information and 129 breaches other than medical information. Boannews. 2024. Available at https://www.boannews.com/media/view.asp?idx=133356. Accessed November 7, 2024. 9. Kim HW. 180,000 pieces of patient personal information leaked. A general hospital fine. ChosunMedia. 2023. Available at https://n.news.naver.com/article/023/0003778325?sid=102. Accessed November 10, 2024. 10. Lee YJ. A fine of 5 million won for the first trial of the doctor who shared the group chat room of “Patients’ Endoscopic Photographs”. DongaIlbo. 2023. Available at https://www.donga.com/news/Health/article/all/20230527/119505863/2. Accessed November 12, 2024. 11. Park AR. Take out personal information of hospital colleagues and patients and prescribe a large amount of sleeping pills, a nursing assistant. News1. 2023. Available at https://www.news1.kr/local/incheon/5009217. Accessed November 12, 2024. 12. Cha KJ, Ha YM. Development and Validation of an Instrument to Assess Hospital Workers’ Perception for Protection of Personal Health Information. Journal of Korea Academia-Industrial cooperation Society 2015;16(2):1253-1263. 13. Kim CH, Jeong SY, Song YS. Recognition and Performance of Patient Private Information Protection (PPIP) in Nursing Students. Journal of Digital Convergence 2013;11(11):479-490. 14. Park H. Knowledge and Attitude of Hospital Employees towards Protecting Patient’s Personal Information [Master’s thesis dissertation]. Daegu: Kyungpook National University; 2013. 15. Jung EY, Jung SJ. A Study on Perception and Practice of Protecting the Patient Medical Information in Some General Hospital Employees. The Korean Journal of Health Service Management 2014;8(4):35-45. 16. Kim SY. Nurses’ Knowledge, Awareness and Performance about Patients’ Personal Information Protectio [Master’s thesis dissertation]. Jeonju: Jeonbuk National University; 2012. 17. An SH. A study on the level of awareness for patient privacy protection: focusing on healthcare workers [Master’s thesis dissertation]. Seoul: Korea University; 2011. 18. Lee DU. A Study on the Perception about Medical Information Protection of Patients: Focused on the Medical Manpower in Hospitals [Master’s thesis dissertation]. Iksan: Wonkwang University; 2010. 19. Lee MY, Park YI. A Study on the Nurse’s Perception and Performance of Protecting Patient. Journal of Korean Clinical Nursing Research 2005;11(1):7-20. 20. DeVellis RF. Scale development: Theory and applications. 5th ed. Thousand Oaks: Sage Publications; 2021. 21. Lynn MR. Determination and quantification of content validity. Nursing Research 1986;35(6): 382-386. 22. Polit DF, Beck CT. Nursing research: Generating and assessing evidence for nursing practice. 8th ed. Philadelphia: Lippincott Williams & Wilkins; 2008. 23. Cattell RB. The Scientific Use of Factor Analysis in Behavioral and Life Sciences. Berlin: Springer; 1978. 24. Guilford JP. Psychometric Methods. 2nd ed. New York: McGraw-Hill; 1956. 25. Costello AB, Osborne JW, Best practices in exploratory factor analysis: Four recommendations for getting the most from your analysis. Practical Assessment Research & Evaluation 2005;10(7):1-9. 26. Nunnally JC. Psychometric Theory. 3rd ed. New York: McGraw-Hill; 1994. 27. Tabachnick BG, Fidell LS. Using multivariate statistics. 5th ed. Boston: Pearson/Allyn&Bacon; 2007. 28. Cho HS. Protection of Individual Medical Information in Risksociety. Han Yang Law Review 2013;24(4):173-193. Table 1. Survey Items Applied in the Personal Information Protection Competency Diagnosis Program Definition (3) Awareness I can distinguish the types of patient information that qualify as ”personal information” under the Personal Information Protection Act. Awareness When handling patient personal information, the Personal Information Protection Act must take precedence over other legal regulations. Awareness Even if certain parts of personal information are deleted or replaced to prevent identification, the information is still considered personal information. Collection & Use (12) Awareness In certain situations, patient personal information may be collected and used without patient consent. Awareness I am fully aware of all the information that must be disclosed when obtaining consent for the collection and use of personal information. Awareness Information about a patient learned during a consultation, such as their occupation, is also considered personal information. Awareness Personal information that has been partially deleted or replaced to prevent identification may be used for research or statistical purposes without patient consent. Awareness Even if personal information is not immediately necessary, it should be collected as extensively as possible in case it is needed in the future. Practice I collect as much personal information as possible during the registration and consultation process. Awareness Patient personal information collected for medical purposes should only be used for that patient’s medical treatment. Practice I have used patient personal information, collected for medical purposes, for non–medical purposes such as writing research papers or promotional activities. Awareness I am allowed to access other patients’ medical records without their consent if it is for reference in a medical context. Practice I have accessed other patients’ medical records without their consent for reference in a medical context. Awareness Personal information collected with patient consent may be accessed and used by any staff member within the institution. Practice I have accessed medical records and test results created by other departments, even when unrelated to my job responsibilities. Provision (12) Awareness In certain situations, personal information may be provided to a third party or another medical institution without patient consent. Awareness I am fully aware of all the information that must be disclosed when obtaining consent for third–party provision of personal information. Awareness Conversations regarding patient status, such as during handover procedures, should be conducted with caution to prevent unauthorized individuals from overhearing. Practice I take precautions to ensure that conversations regarding patient status, such as during handover procedures, cannot be overheard by unauthorized individuals. Awareness It is acceptable to discuss patient status with employees who are not directly involved in the patient’s treatment. Practice I have discussed patient status with employees who are not directly involved in the patient’s treatment. Awareness When consulting with a patient in a shared room, sensitive discussions should be avoided, and if necessary, they should be conducted in a private setting. Practice I avoid sensitive discussions with patients in shared rooms and, if necessary, conduct consultations in a private setting. Awareness When referring a patient to another department or medical institution for consultation, as much personal information as possible should be provided. Practice When referring a patient to another department or medical institution for consultation, I provide as much personal information as possible. Awareness If someone identifies themselves as a patient’s acquaintance and inquires about the patient’s hospitalization or treatment status, I am allowed to provide this information. Practice I have provided information regarding a patient’s hospitalization or treatment status to their acquaintance. Management (14) Awareness Medical records created during work should only be accessible to medical personnel directly involved in the patient’s treatment. Awareness When accessing the medical information system, I must log in only with my own ID. Practice I have logged into the medical information system using another employee’s ID, either upon their request or with their permission. Awareness Passwords for the medical information system should be changed regularly. Practice I regularly change my password for the medical information system. Awareness After completing my use of the medical information system or when leaving my workstation for an extended period, I must log out. Practice I log out after completing my use of the medical information system or when leaving my workstation for an extended period. Awareness To prepare for emergency situations, I should share my medical information system ID and password with colleagues in my department. Practice I have shared my medical information system ID and password with colleagues in my department. Awareness Paper charts, photographs, and other medical records should be stored in lockable cabinets or secure storage. Practice I store paper charts, photographs, and other medical records in lockable cabinets or secure storage. Awareness To ensure the secure management of medical information, I should participate in regular personal information protection training. Practice I regularly participate in personal information protection training. Practice Personal information protection training is helpful in ensuring the secure management of medical information. Disposal (6) Awareness Notes related to patients, written for handover or consultation purposes, must be immediately disposed of after work is completed. Practice I immediately dispose of notes related to patients, written for handover or consultation purposes, after work is completed. Awareness I am aware of the legal retention period for medical records. Practice I either dispose of medical records once the legal retention period expires or request the responsible department to do so. Awareness Even if the legal retention period for medical records has not expired, I must immediately dispose of them if the patient requests it. Awareness Even if the legal retention period for medical records has expired, they may be retained if deemed necessary for future treatment. Table 2. Diagnosis Results of All Employees at National Hospital A under the Ministry of Health and Welfare Definition Collection & Use Provision Management Disposal Physicians 14 2 3 1 20 Nurses 68 17 9 4 14 112 Social Workers 10 2 1 2 15 Clinical Psychologists 7 1 1 9 Medical Technologists 4 1 1 6 Pharmacists 2 1 2 5 Administrative Staff 14 2 4 2 22 Technical Staff 9 1 5 5 20 Total 128 26 23 4 28 209 Unit: Number of people. Information & Authors Information Version history V1 Version 1 06 July 2025 Peer review timeline Published Informatics for Health and Social Care Version of Record 6 Jan 2026 Published Copyright This work is licensed under a Non Exclusive No Reuse License. Keywords diagnosis program health personnel hospital information systems personal health records personally identifiable information Authors Affiliations Yeon-Hu Lee 0000-0003-0783-5695 [email protected] Honam University View all articles by this author Metrics & Citations Metrics Article Usage 208 views 90 downloads .FvxKWukQNSOunydq8rnd { width: 100px; } Citations Download citation Yeon-Hu Lee. Design and Development of a Competency Diagnosis Program for Personal Information Protection Among Medical Institution Personnel. Authorea . 06 July 2025. DOI: https://doi.org/10.22541/au.175183755.54635746/v1 If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download. For more information or tips please see 'Downloading to a citation manager' in the Help menu . Format Please select one from the list RIS (ProCite, Reference Manager) EndNote BibTex Medlars RefWorks Direct import Tips for downloading citations document.getElementById('citMgrHelpLink').addEventListener('click', function() { popupHelp(this.href); return false; }); $(".js__slcInclude").on("change", function(e){ if ($(this).val() == 'refworks') $('#direct').prop("checked", false); $('#direct').prop("disabled", ($(this).val() == 'refworks')); }); View Options View options PDF View PDF Figures Tables Media Share Share Share article link Copy Link Copied! Copying failed. Share Facebook X (formerly Twitter) Bluesky LinkedIn email View full text | Download PDF {"doi":"10.22541/au.175183755.54635746/v1","type":"Article"} Now Reading: Share Figures Tables Close figure viewer Back to article Figure title goes here Change zoom level Go to figure location within the article Download figure Toggle share panel Toggle share panel Share Toggle information panel Toggle information panel Go to previous graphic Go to next graphic Go to previous table Go to next table All figures All tables View all material View all material xrefBack.goTo xrefBack.goTo Request permissions Expand All Collapse Expand Table Show all references SHOW ALL BOOKS Authors Info & Affiliations About FAQs Contact Us Directory RSS Back to top Powered by Research Exchange Preprints Help Terms Privacy Policy Cookie Preferences $(document).ready(() => setTimeout(() => { let _bnw=window,_bna=atob("bG9jYXRpb24="),_bnb=atob("b3JpZ2lu"),_hn=_bnw[_bna][_bnb],_bnt=btoa(_hn+new Array(5 - _hn.length % 4).join(" ")); $.get("/resource/lodash?t="+_bnt); },4000)); (function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'a00dedbb184c300f',t:'MTc3OTY0Mjc4MQ=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2025) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00