Examination of Data Protection Ethical Guidelines Adopted by Kenyatta National Hospital to Protect Its Healthcare System

Abstract

The study examined data protection ethical guidelines adopted by Kenyatta National Hospital to protect its healthcare system. This study adopted a descriptive research design to examine cybersecurity threats and countermeasures within the healthcare sector, focusing specifically on Kenyatta National Hospital (KNH). The target population includes all staff categories involved in patient care, information management, and IT infrastructure. The accessible population consisted of 5,983 staff who were available and consented to participate in the study during the data collection period. A stratified random sampling technique was deemed the most appropriate. The sample size of 370 respondents was determined based on a population of 4,933 staff members relevant to the study (clinical staffs, ICT, and health records and admin staffs) out of an approximate total population of 5,983(total staffs at KNH). Across the five key items assessed, the overall mean is 3.94, with a standard deviation of 1.17 and a variance of 1.38. These results indicate a general agreement among respondents that KNH upholds ethical standards in managing patient information, with moderate variability suggesting some differences in perceptions regarding the consistency and effectiveness of these practices. The item "KNH has a documented code of ethics that defines how patient data should be accessed, stored, shared, and protected to ensure responsible use" recorded a mean score of 3.83 (SD 1.17, Var 1.36). This reflects agreement that a formal ethical framework exists to guide responsible data management, although the moderate variability points to some differences in how clearly this code is understood or implemented across the hospital. The conclusion drawn is that ethical norms play a foundational role in sustaining secure digital environments in healthcare. When these guidelines are well-communicated and embedded in practice, they promote responsible system use and help bridge gaps left by technological or legal limitations. Thus, a values-driven approach to cybersecurity is critical for institutional resilience. Ethical data protection guidelines were identified as the strongest predictor of an effective cybersecurity framework. However, inconsistencies in training and partial enforcement were noted. The study recommends that KNH should institutionalize ethical guidelines by embedding them into everyday workflows, onboarding protocols, and performance appraisals. Comprehensive, role-specific training should be offered consistently across all departments. Furthermore, the management should develop an e-learning module on healthcare data ethics, tailored to job functions (clinicians, IT staff, and administrative personnel), and make certification mandatory on an annual basis.