Next Article in Journal
Can We Identify Patients in Danger of Delayed Treatment? Management of COVID-19 Pandemic Backlog in Urology Care in Poland
Next Article in Special Issue
A Multi-Level Analysis of Individual and Neighborhood Factors Associated with Patient Portal Use among Adult Emergency Department Patients with Multimorbidity
Previous Article in Journal
Influencing Factors and Risk Assessment of Precipitation-Induced Flooding in Zhengzhou, China, Based on Random Forest and XGBoost Algorithms
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Smartphone Use and Security Challenges in Hospitals: A Survey among Resident Physicians in Germany

by
Judith Kraushaar
* and
Sabine Bohnet-Joschko
Chair of Healthcare Management and Innovation, Faculty of Management, Economics and Society, Witten/Herdecke University, 58455 Witten, Germany
*
Author to whom correspondence should be addressed.
Int. J. Environ. Res. Public Health 2022, 19(24), 16546; https://doi.org/10.3390/ijerph192416546
Submission received: 21 October 2022 / Revised: 30 November 2022 / Accepted: 5 December 2022 / Published: 9 December 2022
(This article belongs to the Special Issue Advances in Medical Informatics to Improve Health Care)

Abstract

:
Although mobile devices support physicians in a variety of ways in everyday clinical practice, the use of (personal) mobile devices poses potential risks for information security, data protection, and patient safety in hospitals. We used a cross-sectional survey-based study design to assess the current state of smartphone use among resident physicians in hospitals and to investigate the relationships between working conditions, current smartphone usage patterns, and security-related behavior. In total, data from 343 participating physicians could be analyzed. A large majority (98.3%) used their smartphones during clinical practice. Of the respondents who used a smartphone during clinical practice, only 4.5% were provided with a smartphone by their employer. Approximately three-quarters of the respondents who used their smartphones for professional communication never/almost never used dedicated GDPR-compliant messenger services. Using a hierarchical regression model, we found a significant effect of the organizational resources Social Support (Supervisor) and Information Security-related Communication on security-related behavior during the selection of medical apps (App Selection). Smartphones are an important part of digital support for physicians in everyday clinical practice. To minimize the risks of use, technical and organizational measures should be taken by the hospital management, resulting, for example, in a Bring-Your-Own-Device (BYOD) initiative.

1. Introduction

In addition to high expectations concerning enhanced efficiency and quality in hospitals, increasing multimorbidity and complex clinical pathways require direct, easy, and quick access to and transmission of care-relevant information, independent of time and location. Mobile devices (especially smartphones and tablets) combined with digital applications (apps) already support physicians in hospitals in several ways, as numerous current mobile health studies show [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19] (Table A1). The rapid development in the field of mobile health indicates that mobile devices will increasingly be integrated into everyday clinical practice and are becoming essential devices. Furthermore, the current young generation of physicians consists of digital natives (Generation Y) who have been surrounded by digital devices since childhood and who take their private and professional use for granted [20,21].
The use of mobile devices offers a variety of options for physicians to communicate with each other, but also with hospital staff, patients, and professionals in other sectors, e.g., via calls, e-mails, messenger services, or video conferences. In addition, everyday work can easily be organized via mobile devices (e.g., using calendar functions or rosters). Together with apps, they also enable modern medical education and research while documentation and monitoring are other fields of application in clinical practice. Due to their widespread availability and highly developed cameras and screens, mobile devices are often used for clinical photography. They provide opportunities for remote access to electronic medical records and hospital information systems as information can be obtained flexibly (e.g., at home or directly at the point of care). Mobile devices also serve as diagnostic and therapeutic decision-support tools, e.g., when physicians need specific drug information or medical calculations. In addition, there is a unique possibility of integrating different sensors in smartphones and tablets or coupling with them (e.g., temperature, blood sugar), which supports diagnosis and therapy as well as (remote) patient monitoring. Here, their compactness offers a significant advantage in everyday clinical practice compared to large medical measuring devices.
However, despite the evident advantages outlined above, the use of (personal) mobile devices in clinical practice can be associated with high risks for information security, data protection, and patient safety [22,23,24]. In their case studies, Hedström et al. (2011) showed that employees in healthcare organizations are exposed to different value conflicts—e.g., health-care values vs. information security values—which they have to resolve quickly for each situation during their practice [25]. This poses security risks that need to be considered by the clinic management. In hospitals, information security refers to the state of full functionality of all IT systems, processes, and components, which are necessary for optimal patient care, and the protection of all information required for this. Information security must be guaranteed at all times, so continuous monitoring and rapid responses to breaches and attacks are essential. Cyber attacks on hospital information systems are no longer a rarity – a study from 2020 shows how vulnerable the German hospital landscape is to ransomware attacks [26]. Empirical research on information security-related behavior of employees at work and its supporting organizational and individual factors is a relatively new field. Researchers recognized that, in addition to the technical equipment of the organization to increase information security, it is also necessary for the employees to follow security policies and consciously use information technology (compliance) because non-compliance can lead to security breaches with far-reaching consequences for the organization. Hu et al. (2012) analyzed the role of top management, organizational culture, and individual cognitive beliefs on information security-related behavior among alumni of MIS and MBA programs and found significant effects [27]. D’Arcy and Greene (2014) examined the influence of security culture, job satisfaction, and perceived organizational support on security compliance intentions among computer-using professionals and found positive effects for security culture and job satisfaction [28]. Solomon and Brown (2020) could show relationships between organizational culture, information security culture—as an organizational subculture—and compliance. They further argued that goal orientation among employees has a stronger influence on compliance than rule orientation [29].
Since January 2022, all hospitals in Germany are obligated to implement state-of-the-art information security measures. This is intended to avoid disruptions to hospital operations due to system failures and to ensure the availability and security of patient information [30,31]. However, personal mobile devices, especially smartphones, are often overlooked as a relevant IT resource for physicians and are not taken into account when listing and analyzing information security-critical systems and processes in hospitals.
The primary objective of this study was to systematically record and assess the current status of smartphone use in everyday clinical practice by resident physicians in hospitals. In addition, our study aims to contribute to the research on organizational measures that can promote responsible behavior in order to reduce potential risks and enhance security. A second objective was, therefore, to examine the relationships between working conditions, current smartphone usage patterns, and security-related behavior. In doing so, we want to go a step further than the studies listed in Table A1 and identify specific organizational measures to mitigate security risks.

2. Materials and Methods

2.1. Study Design

We used a cross-sectional survey-based study design. A structured online questionnaire in German was developed in LimeSurvey. The first page contained information on the target group, the research project, the content of the questionnaire, and the estimated processing time. After accepting the privacy policy, participants were taken to the second page with demographic questions. These were followed by the main part including seven sections: (1) Working Conditions, (2) Resilience, (3) Job Satisfaction and Work Engagement, (4) IT Resources, Information Security, and Data Protection, (5) Information Security-related Awareness and Compliance, (6) Technical Affinity and Innovative Work Behavior, and (7) Mobile Device Usage. At the end of the survey, participants had the opportunity to share their comments with us. The sections relevant to this report are explained below.
Working Conditions: To assess working conditions, we used the following scales from the Copenhagen Psychosocial Questionnaire (COPSOQ): Quantitative Demands, Predictability, Role Conflicts, Quality of Leadership, Social Support, Feedback, Sense of Community, Trust and Fairness, and Appreciation. The COPSOQ is an internationally established instrument to measure psychosocial work factors with good to very good validity and reliability for most of its scales [32] In Germany, the third version of the questionnaire, which we used in our study, was published in 2019 [33]. In contrast to the original questionnaire, we divided the Social Support and Feedback scales into two subscales each (supervisor/colleagues) to separate the social support/feedback from supervisors from the social support/feedback from colleagues, which could be rated differently, especially in hierarchical organizations. In addition, we used two scales (Uncertainty, Further Education) and two individual questions on working hours and shifts from the German instrument for stress-related job analysis for hospital physicians (ISAK) [34,35]. We also included four self-developed items regarding IT resources in the hospital because we could not find a suitable scale in the research literature.
Information Security-related Awareness and Compliance: In addition to state-of-the-art technical information security solutions, employees of an organization should be aware of the importance of information security and trained accordingly to behave in a compliant manner. The items we used to assess information security-related awareness, self-efficacy, top management commitment, and compliance are based on the works of Hu et al. (2012) [27], D’Arcy and Greene (2014) [28], Karlsson et al. (2017) [36], and Solomon and Brown (2020) [29]. We adapted the items to the clinical situation. Overall, this resulted in four items on awareness, two on self-efficacy, one on top management commitment, and four on compliance.
Mobile Device Usage: The items on mobile device usage are based on a systematic literature review in which we analyzed 41 quantitative studies on the use of mobile devices by physicians during clinical practice. The section consists of five subcategories on specific usage patterns (Communication, Organization, Documentation and Monitoring, Diagnostic and Therapeutic Decision Support, and Knowledge Acquisition and Training), one subcategory on Mobile App Selection, and other single items on the private and professional use of mobile devices. With the subcategory Mobile App Selection, we wanted to know to what extent the participants consider security-related criteria (patient safety, data protection, and information security) when selecting a new app to support diagnosis and therapy.
All English scales and single items were translated into German, checked independently by two bilinguals, and then adapted based on their comments. We used five-point Likert scales ranging from “Never” to “Several times a day”, “Never/almost never” to “Always”, and “Strongly disagree” to “Strongly agree”, respectively. In the Mobile App Selection scale, we added “No experience with such apps” as a sixth possible answer. To ensure content validity, the survey was reviewed by faculty members and statisticians and modified accordingly. It was then piloted with a group of residents, who highlighted and took notes on any remaining ambiguities which we corrected in the final questionnaire.

2.2. Data Collection

Data were collected between March and June 2022. Our target group comprised physicians who are currently undergoing medical specialist training/residency training in hospitals in Germany (henceforth referred to as “residents”). An invitation with a link to the online questionnaire was sent directly to the residents via e-mail or social media channels, or indirectly via our contacts in the medical field. Important contacts were chief physicians, senior physicians, university professors, hospital managers, alumni networks as well as presidents of the German medical societies. In addition, we asked medical experts with significant influence on social media platforms to share the link. The Hartmannbund, an important association of physicians in Germany, forwarded the link to its resident members.

2.3. Data Analysis

The data were first exported from Limesurvey to SPSS. Data analysis was performed with IBM SPSS Statistics 28 and only fully completed surveys were included. For all self-developed scales, the dimensionality was controlled via factor analysis using scree plots. Descriptive statistics were used to present the means, standard deviations, and frequencies. We created bar charts to visualize the results of the smartphone usage pattern analysis. Correlation coefficients were then calculated to determine the statistical relationships between smartphone usage patterns and information security-related compliance. Furthermore, a regression analysis was performed to determine the relationship between working conditions and smartphone usage patterns. For all tests, a p value of less than 0.05. was considered statistically significant.

3. Results

3.1. Preliminary Analyses

A total of 611 people entered the survey, of whom 349 completed it. An exact statement on the response rate cannot be made because we do not have information on the number of residents who received the questionnaire indirectly through our contacts. Data of six participants had to be excluded due to conspicuous response patterns (4×), work in a hospital abroad (1×), and specific information in the comment section (1×). In total, data from 343 participants were included in our analyses.
The factor analysis showed that the items measuring Information security-related Awareness loaded on two factors and we subsequently divided the scale into two scales: Information security-related Awareness and Information security-related Knowledge. Further, based on the factor analysis, we divided the Smartphone Communication scale into three subscales: Communication Channels, Communication Partners (job-related), and Communication Partners (private). To determine the reliability/internal consistency, Cronbach’s alpha/the Spearman–Brown coefficient was calculated for every scale. The two scales Predictability and Communication Partners (private) showed insufficient reliability (<0.7), meaning that their items were not sufficiently related. They were, therefore, excluded from subsequent correlation analyses. We further checked the assumptions of the regression and found no violations.

3.2. Sample Characteristics

Table 1 shows the sociodemographic characteristics of the study participants. Almost two-thirds of the participants were female (63.3%). The two age groups with the highest frequency were 31–35 years (40.8%) and 26–30 years (39.1%). There was a total of 16 specialties represented by at least two participants. Most participants were part of a residency program for Internal Medicine (22.2%). This was followed by Surgery (17.2%), Anesthesiology (14.9%), and Pediatrics and Adolescent Medicine (10.8%). Participants were almost evenly distributed across the residency levels, with the fewest residents in their 4th year (15.2%) and most residents in their 5th year or above (29.7%). The majority of the participants worked in a public hospital (61.5%), while approximately one-quarter worked in a non-profit hospital (22.7%) and 13.7% in a private hospital. Most of the hospitals were university/teaching hospitals (80.5%). The size of the hospitals (measured by the number of beds) in which the residents underwent their training varied, whereby most of them worked in a hospital with 300–800 beds (39.1%), followed by hospitals with more than 800 beds (37.6%). Only a few residents had a job in a hospital with less than 300 beds (17.5%).

3.3. Smartphone Usage

Almost all of the residents surveyed stated that they used a smartphone for private purposes (99.1%), with 97.1% of them using it several times a day. A large majority of the participants also used their smartphones during clinical practice: in the past six months, 98.3% used their smartphones in at least one of the five categories that we created (Communication, Organization, Documentation and Monitoring, Diagnostic and Therapeutic Decision Support, Knowledge Acquisition and Training). Only 1.7% of the participants always chose “Never” in all five categories and, thus, had never used their smartphone in clinical practice in the past six months. Of those who used a smartphone during clinical practice, only 4.5% were provided with a smartphone by their employer.

3.3.1. Communication

During clinical practice, about half of the participants used their smartphones regularly (several times a month or more) for text messages (55.1%), e-mails (49.9%), and/or phone calls (48.4%) (Figure A1). More than a third of the residents regularly received or sent pictures (35.0%), while 28.3% regularly received or sent documents. The majority of the respondents had never made a video call/conference (71.4%) and had never used social media (78.4%) on their smartphones during clinical practice in the past six months. The residents most frequently communicated with colleagues—most of them, several times a month or more for private and/or job-related reasons (77.0%/71.1%) (Figure A2). Smartphones were also regularly used by 39.7% of the participants to communicate with their supervisors. Approximately one-quarter of the respondents frequently communicated with staff at other hospitals. Communication with patients via smartphone was not common and 88.9% had never used it for this purpose. More than three-quarters of the residents surveyed regularly used their smartphones for private communication with their families and friends during clinical practice (82.2%).

3.3.2. Organization

Many residents had duty rosters and/or schedules on their smartphones—78.7% used them on a regular basis (Figure A3). The calendar function was also commonly used (several times a month or more) by more than two-thirds of those surveyed (68.2%). Around half of the residents took notes and/or created to-do lists on their smartphones several times a month or more (51.3%).

3.3.3. Documentation and Monitoring

Approximately one-third of the residents regularly accessed clinical information systems via their smartphones (30.9%) and one-quarter commonly took pictures/videos of patients with their smartphones (e.g., to document wounds, injuries, or the course of treatment, or to make before-and-after pictures) (23.0%) (Figure A4). Photographs of medical documents (e.g., X-rays, CT/MRI scans, medical records, laboratory results) were taken with a similar frequency (22.4%). The other four activities surveyed (Notes on diagnoses and procedures, Coding support, Writing reports/protocols, and Dictation of texts) were rarely carried out with the help of smartphones.

3.3.4. Diagnostic and Therapeutic Decision Support

In general, activities in this category were often supported by smartphones (Figure A5). A large majority of the participants frequently used their smartphones to search for drug information (80.8%). Approximately two-thirds of the residents performed clinical calculations (e.g., for doses, scores, indices) by using their smartphones several times a month or more (68.8%). About the same number of participants regularly looked up guidelines via smartphone (65.6%) and more than half of the residents used them frequently for differential diagnoses (56.6%). In the past six months, slightly less than half of the respondents had used their smartphones to look for assistance with operations and procedures (e.g., through video tutorials) (49.3%) and almost a third even did so regularly (30.3%).

3.3.5. Knowledge Acquisition and Training

Around three-quarters of those surveyed carried out simple internet searches via smartphone during clinical practice on a regular basis (77.8%) (Figure A6). During clinical practice, 44.3% read e-books on their smartphone several times a month or more and an equal number frequently carried out literature research via smartphone (45.2%). Smartphones were rarely used for patient information/education. In the past six months, 84.0% had used them once a month or less or even never for this purpose.

3.4. Medical App Usage and Selection

Of those who communicated professionally with their smartphone (N = 308), 72.1% never/almost never used special, GDPR-compliant messenger services and only 3.2% always used them (Figure A7). Around 90% of the participants already had experience with apps to support diagnosis and therapy. When selecting such apps, most of them often or even always paid attention to content quality and topicality (96.5%) (Figure A8). This result is in contrast to the four other safety criteria that were queried. Here, the proportion of participants with such app experience who often or always considered the respective criterion was below 50%: Information about the manufacturer/publisher (49.8%), Consequences and risks of using the app (48.4%), Seals or certifications (45.3%), and Information on data protection and information security (41.0%).

3.5. Relationships between Smartphone Usage, App Selection, and Information Security-Related Compliance

In this section, we wanted to exploratively investigate the correlations between smartphone usage patterns and information security-related compliance, as well as between the consideration of security-related criteria during app selection and information security-related compliance. The strength of the linear correlations was assessed according to Cohen [37].
Table A2 shows an overview of the correlations between the individual variables. There is a weak negative correlation between smartphone use across different communication channels and information security-related compliance (r = −0.155, p < 0.01). There is also a weak negative correlation between the use of smartphones for documentation and monitoring and information security-related compliance (r = −0.189, p < 0.01). There are no significant correlations between the other categories of smartphone usage and information security-related compliance. There is a moderate positive correlation (r = 0.348, p < 0.01) between the consideration of security-related criteria during app selection and information security-related compliance.

3.6. Relationship between Organizational Resources and App Selection

In this section, the aim was to analyze whether certain working conditions, especially organizational resources, have an impact on the consideration of security-related criteria when selecting an app for diagnosis and therapy. Specifically, we hypothesized that social support from colleagues and supervisors as well as information security-related communication can predict the consideration of security-related criteria during app selection. This is based on the research model of D’Arcy and Greene (2014) [28].
Table A2 shows that both of the organizational resources Social Support (Supervisor) (r = 0.191, p < 0.01) and Information Security-related Communication (r = 0.167, p < 0.01) show a weak positive correlation with the variable App Selection. A significant correlation between Social Support (Colleagues) and App Selection could not be found. There were also weak positive associations between the personal resource Affinity for Technology Interaction (ATI) (r = 0.224, p < 0.01), measured by the Ultra-Short Scale for Assessing Affinity for Technology Interaction [38], and the Residency Level (r = 0.146, p < 0.05). Therefore, ATI and residency level will serve as control variables in the following regression analysis.
The hierarchical regression model for predicting safety-related behavior (App Selection) is shown in Table 2. There was a significant effect of the organizational resources Social Support (Supervisor) (β = 0.210, p = 0.001) and Information security-related Communication (β = 0.125, p = 0.026) on the dependent variable App Selection. There was no significant effect of Social Support (Colleagues) on App Selection (β = −0.069, p = 0.282). The control variables Residency Level (β = 0.109, p = 0.049) and ATI (β = 0.215, p < 0.001) also had significant effects on App Selection.

4. Discussion

This study demonstrates the high prevalence of smartphone use during clinical practice among resident physicians in hospitals in Germany. Well over 90% of the residents surveyed used their smartphone at work, while fewer than 5% received a smartphone from their employer for professional use. These high usage rates of personal smartphones are in line with results of other recent studies on the use of mobile devices in clinical settings, both nationally and internationally [2,3,7,11,16].
Approximately one in two respondents regularly used a smartphone at work to communicate via phone calls, text messages, and e-mails, most frequently with colleagues. Smartphones have great potential to increase the efficiency of communication in hospitals: Compared to one-way pagers and stationary phones, smartphones can have significant advantages in terms of flexibility, reception, and the convenience and efficiency of information transfer. We also asked about the use of smartphones for sending/receiving pictures and medical documents and found that more than one in four participants regularly used their smartphones for this purpose. Other studies found similar results or even higher rates for this aspect, also depending on the respective specialty [3,9,11,12,13]. From a data-protection perspective, this is critical if private communication takes place via the same mobile device, which was the case for most our study participants, as only a few of them were provided with smartphones by their employers. This is also reinforced by the frequent private communication with friends and family, as mentioned by the participating residents. Thus, the great potential of smartphones to improve clinical communication is offset by the risks of data breaches.
The study shows that smartphones are particularly helpful in organizing day-to-day clinical work. The availability and use of electronic duty rosters and schedules on smartphones appear to be widespread. However, we believe that there is great potential in this field, for example, through intelligent and connected task and workflow management.
Approximately one in three residents regularly accessed clinical information systems with their smartphone as part of documentation and monitoring. The advantages of smartphones here are their high flexibility in terms of location and time of information access. For example, if no digital data are available at the point of care, accessing the clinical information system via smartphone seems to be the most efficient solution. However, there is a particular risk of breaching information security while accessing clinical information systems via smartphones.
The use of smartphones to support diagnostic and therapeutic decisions was particularly frequent among the respondents in our study. The majority of participants used their smartphones to obtain drug information, look up guidelines, and perform clinical calculations and differential diagnoses. The results are in line with those of most other studies that have investigated this topic in recent years [1,2,3,7,8,9,10,11,14,16,19]. Approximately 90% had experience with apps to support diagnosis and therapy. There is great potential for innovation and digitization in this field. However, users must also be aware of the potential risks for information security, data protection, and, in particular, patient safety. The results of the study regarding the consideration of security-related criteria when selecting an app for therapeutic and diagnostic decision support indicate that some criteria were only taken into account to a limited extent, which could lead to a security gap.
Smartphones have become important devices in everyday clinical practice and can, therefore, be seen as part of the digital transformation process in hospitals. However, our study highlighted potential risks for information security, data protection, and patient safety. Here, we see various ways in which the organization or hospital management can reduce these risks: banning the use of personal smartphones in everyday clinical practice (1), providing hospital-owned devices (2), the prevention and rapid detection of breaches with state-of-the-art IT (security) equipment (3), and training and supporting employees on security-related topics (4). In our opinion, banning the use of smartphones as a measure to increase information security might have detrimental effects on the digital transformation in hospitals and should, therefore, not be considered as a stand-alone policy. Separating private and professional use by providing a hospital-owned smartphone or a dedicated short-range communication device that is capable of performing essential tasks, such as communication, access to clinical information systems, photo taking, or calculating medical scores, could be better options. The usability of hospital-owned devices and accessible applications should be evaluated prior to the hospital-wide implementation to avoid high costs with little benefit. Improving IT and IT security equipment is an important and effective measure, as physicians are currently almost forced to use their own digital devices in everyday clinical practice to work efficiently. Apps for GDPR-compliant communication are used by very few of the participants surveyed. Especially when sensitive patient data are exchanged via smartphone, it is imperative to use GDPR-compliant (medical) messenger services. Some providers now offer a variety of additional functions that could be helpful to physicians, e.g., video calls, case creation, photo editing (e.g., for anonymization), and direct connection to the clinical information system. Their use should be considered by the clinic management. The reasons for the current low usage rates would have to be assessed in a further survey but could be due to low penetration and acceptance. In addition, physicians have to find appropriate apps to support their work themselves. The provision of quality-assured apps for the above-mentioned usage patterns, e.g., by the organization or medical societies, could increase transparency and security.
In addition to technical support, another way to minimize the risks of smartphone use in everyday clinical practice is to train and support employees. We were able to show that social support from supervisors and information security-related communication correlate positively with the consideration of security-related criteria when selecting an app for diagnosis and therapy support. We hypothesize that social support from supervisors may improve residents’ job satisfaction and their sense of responsibility, which, in turn, increases compliance. Information security-related communication could provide greater awareness of possible information security-related risks and, thus, lead to greater compliance so that security-related aspects are given more consideration. Both technical and organizational support could then culminate in a Bring-Your-Own-Device (BYOD) initiative. For the secure integration of personal mobile devices into everyday clinical practice, a BYOD initiative should represent a complex network of technical and organizational measures [22,39,40].
A few limitations should be taken into account when considering and evaluating our results, one of which pertains to the study design. First, since our study was conducted in Germany, it is not possible to directly apply the results to other countries. However, our study is intended to create incentives to conduct studies in hospitals in other countries to explore organizational factors for improving safety-related behavior when using mobile devices. Second, when using an online survey, comprehension problems on the part of the participants cannot be identified and addressed. However, we believe that the approach was the most suitable for the aim of the study and the selected target group as, for example, interviews would have resulted in a much smaller sample and reduced the validity of the results. Third, the cross-sectional design does not allow us to form causal relationships between the organizational factors and the behaviors, but only correlations. Any alterations in physicians’ behavior due to changes in organizational factors can only be assessed with a longitudinal design.
Even though it was an anonymous online questionnaire, the risk of social desirability bias remains, with participants trying to be much more positive about their actual smartphone use behavior. Specifically, concerning risky behaviors (e.g., sending patient images/data), such a bias might have arisen.
Furthermore, the fact that we cannot precisely determine the response rate represents another limitation. Since we do not have information on the number of residents who received the questionnaire indirectly through our contacts e.g., via chief physicians or the hospital management, we are not able to make an exact statement on the number of residents being invited, which is the basis for calculating the response rate. However, based on the information available to us, we estimate that fewer than 10% of those who received the questionnaire actually responded. If there are systematic differences between the responders and non-responders, the results of our survey may not be representative of the target population. This so-called non-response bias may threaten the external validity of our study by reducing the representativeness of the results. However, previous research suggests that physician surveys are less susceptible to non-response bias than general population studies because they are a more homogeneous study population [41]. Moreover, it is not always the case that a low response rate automatically reduces the representativeness, which is why the response rate should not be considered in isolation [42]. We believe the main reason for the low response rate was the heavy workload, which did not allow physicians the time to participate. Another indicator for the representativeness of a study is the sampling method [43]. Our study may have appealed to physicians with a higher average digital affinity than in the target population. To sum up, statistical conclusions on the entire target population should, therefore, always be drawn taking into account the supposedly limited representativeness.

5. Conclusions

To our knowledge, this is the first study to present findings on residents’ smartphone use in hospitals and its association with security-related behavior. Smartphone use in clinical practice was very common among resident physicians in hospitals and smartphones were only rarely provided to the physicians surveyed by their employers. Instead, most of them used their own devices for a variety of different activities. This poses potential risks to information security, data protection, and patient safety in hospitals. These can potentially be reduced through the appropriate use of organizational resources. Here, our results show that organizational measures correlate significantly with security-related behavior and might be able to influence it positively.
In particular, it is a matter of adequate training and information for the employees, i.e., creating awareness of potential benefits, and innovative applications, but also for potential risks of smartphone use during clinical practice and, at the same time, integrating state-of-the-art IT and IT security equipment. These aspects, when combined in a complex BYOD initiative, could subsequently improve information security, data protection, and patient safety.

Author Contributions

J.K. designed the study and S.B.-J. made important contributions during this phase. With the kind support of the Hartmannbund, J.K. recruited most of the participants. S.B.-J. helped distribute the questionnaire through her professional network. J.K. analyzed and interpreted the data. J.K. wrote the manuscript. S.B.-J. was a major contributor to the revision of the manuscript. Both authors have approved the manuscript before submission. All authors have read and agreed to the published version of the manuscript.

Funding

The APC is paid for under the ATLAS project “Innovation and digital transformation in healthcare” funded by the State of North Rhine-Westphalia, Germany [grant number: ITG-1-1].

Institutional Review Board Statement

Ethical review and approval were waived for this study due to the anonymous and voluntary participation without any vulnerable content and consequences for the physicians.

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

The datasets used and/or analyzed in the context of this study are available from the corresponding author upon reasonable request.

Acknowledgments

This study was actively supported by the Hartmannbund.

Conflicts of Interest

The authors declare no conflict of interest.

Appendix A

Table A1. Current Mobile Health Studies.
Table A1. Current Mobile Health Studies.
#Author(s)Year of Publ.CountryMedical SpecialtyStudy Population# of Particip. Physic.Types of Mobile DevicesData about Application Patterns Considered for Prevalence Analysis
Comm. & Org.Doc. & Monit.Diagn. & Therap. Dec. Supp.Educat.
1Al Harrasi et al. [1]2021OmanCross-specialtyJunior physicians, senior physicians266not further specified (“mobile handheld devices”/”POC devices”)
2Hitti et al. [2]2021LebanonEmergency medicineJunior physicians, senior physicians, medical students, nurses42Smartphones, tablets, smart watch/band
3Jahn et al. [3]2021UK, IrelandPediatricsJunior physicians, senior physicians, GPs198not further specified (“mHealth use”)
4Al Owaifeer et al. [4]2020Saudi ArabiaOphthalmologyJunior physicians, senior physicians248Smartphones, tablets, laptopsNo distinction between smartph., tablets, and laptops during the analysis of usage patterns.
5Dittrich et al. [5]2020GermanyOrthopedics and Trauma SurgeryJunior physicians, senior physicians206Smartphones
6Lavorgna et al. [6]2020ItalyNeurologyJunior physicians, senior physicians405Smartphones, tablets, personal computersNo distinction between smartph., tablets, and personal computers during the analysis of usage patterns.
7Maassen et al. [7]2020GermanyCross-specialtyJunior physicians, senior physicians, others303Smartphones, tablets
8Zeiger et al. [8]2020USANeurologyJunior physicians, senior physicians213Smartphones
9Buabbas et al. [9]2019KuwaitDermatologyJunior physicians, senior physicians101Smartphones
10Teferi et al. [10]2019EthiopiaCross-specialtyJunior physicians, senior physicians, GPs417Smartphones
11Yahya [11]2019NigeriaCross-specialtyJunior physicians, senior physicians326Smartphones
12El Hadidy et al. [12]2018IrelandCross-specialty (Pediatric surgery)Junior physicians, senior physicians132Smartphones
13Kameda-Smith et al. [13]2018CanadaNeurosurgeryJunior physicians76Smartphones, tablets
14Terry & Terry [14]2018USAFamily medicine, internal medicineJunior physicians39Smartphones
15Gipson et al. [15]2017USAPsychiatryJunior physicians68Smartphones, tablets
16Nerminathan et al. [16]2017AustraliaCross-specialtyJunior physicians, senior physicians109Smartphones, tablets, laptops
17Stergiannis et al. [17]2017GreeceCross-specialtyJunior physicians, senior physicians, nurses, nurse assistants352SmartphonesNo distinction between physicians and nurses during the analysis of usage patterns.
18Vallangeon et al. [18]2017USAPathologyJunior physicians171Smartphones, tablets, laptops
19Jahanshir et al. [19]2017IranCross-specialtyJunior physicians65Smartphones

Appendix B

Figure A1. Communication Channels.
Figure A1. Communication Channels.
Ijerph 19 16546 g0a1
Figure A2. Communication Partners.
Figure A2. Communication Partners.
Ijerph 19 16546 g0a2
Figure A3. Organization.
Figure A3. Organization.
Ijerph 19 16546 g0a3
Figure A4. Documentation and Monitoring.
Figure A4. Documentation and Monitoring.
Ijerph 19 16546 g0a4
Figure A5. Diagnostic and Therapeutic Decision Support.
Figure A5. Diagnostic and Therapeutic Decision Support.
Ijerph 19 16546 g0a5
Figure A6. Knowledge Acquisition and Training.
Figure A6. Knowledge Acquisition and Training.
Ijerph 19 16546 g0a6
Figure A7. Use of GDPR-compliant Messenger Services.
Figure A7. Use of GDPR-compliant Messenger Services.
Ijerph 19 16546 g0a7
Figure A8. App Selection—Consideration of Security-related Aspects.
Figure A8. App Selection—Consideration of Security-related Aspects.
Ijerph 19 16546 g0a8

Appendix C

Table A2. Relationships between study variables.
Table A2. Relationships between study variables.
VariableMSD1234567891011121314
1.
Gender a
//
2.
Residency Level b
//0.024
3.
Commun. (channels) b
//0.153 **0.180 **
4.
Commun. (partners, job-rel.) b
//0.0720.151 **0.583 **
5.
Organization b
//0.122 *0.0580.467 **0.323 **
6.
Docum. & Monitoring b
//0.0720.0650.469 **0.405 **0.341 **
7.
Diagn. & Therap. Dec. Supp. b
//0.103−0.108 *0.337 **0.317 **0.496 **0.431 **
8.
Knowl. Acq. & Training b
//0.194 **0.0390.376 **0.373 **0.492 **0.386 **0.635 **
9.
Social Support (Colleagues)
4.190.67−0.011−0.0570.0070.0160.051−0.085−0.0210.037
10.
Social Support (Supervisor)
3.530.980.086−0.053−0.0220.0530.049−0.0650.0140.0680.532 *
11.
ATI
3.781.150.407 **0.0180.0630.0230.211 **0.0620.0850.208 **−0.031−0.014
12.
Inform. sec.-rel. Commun.
2.690.880.0900.1100.027−0.0260.057−0.040−0.075−0.0550.137 *0.192 **−0.013
13.
Inform. sec.-rel. Compliance
3.560.72−0.0370.035−0.155 **−0.1050.097−0.189 **−0.014−0.0050.131 *0.193 **0.0850.292* *
14.
App Selection c
3.490.850.0490.146 *−0.0020.0810.125 *−0.0880.0620.0770.0450.191 **0.224 **0.167 **0.348 **
a Female = 1, Male = 2. N = 342. b Ordinal data. Therefore, Spearman’s Rank Correlation Coefficient was used. c Only respondents who had experience with such apps were included. N = 302. * p < 0.05. ** p < 0.01. All statistically significant correlations are highlighted in grey.

References

  1. Al Harrasi, A.; Al Mbeihsi, L.M.; Al Rawahi, A.; Al Shafaee, M. Perception and usage of point of care devices: A cross-sectional study targeting residents and trainers in Oman. Oman Med. J. 2021, 36, e213. [Google Scholar] [CrossRef]
  2. Hitti, E.; Hadid, D.; Melki, J.; Kaddoura, R.; Alameddine, M. Mobile device use among emergency department healthcare professionals: Prevalence, utilization and attitudes. Sci. Rep. 2021, 11, 1917. [Google Scholar] [CrossRef] [PubMed]
  3. Jahn, H.K.; Jahn, I.; Behringer, W.; Lyttle, M.D.; Roland, D. On behalf of Paediatric Emergency Research United Kingdom, Ireland. A survey of mHealth use from a physician perspective in paediatric emergency care in the UK and Ireland. Eur. J. Pediatr. 2021, 180, 2409–2418. [Google Scholar] [CrossRef] [PubMed]
  4. Al Owaifeer, A.M.; Al Taisan, A.; Alqahtani, B.; Alburayk, K.; Alsubaie, M.; Alenezi, S.H. Ownership and usage of mobile devices among ophthalmology residents and attending physicians: Identifying the generation gap. Adv. Med. Educ. Pract. 2020, 11, 801–805. [Google Scholar] [CrossRef] [PubMed]
  5. Dittrich, F.; Back, D.A.; Harren, A.K.; Landgraeber, S.; Reinecke, F.; Serong, S.; Beck, S. Smartphone and app usage in orthopedics and trauma surgery: Survey study of physicians regarding acceptance, risks, and future prospects in Germany. JMIR Form. Res. 2020, 4, e14787. [Google Scholar] [CrossRef]
  6. Lavorgna, L.; Brigo, F.; Abbadessa, G.; Bucello, S.; Clerico, M.; Cocco, E.; Iodice, R.; Lanzillo, R.; Leocani, L.; Lerario, A.; et al. The Use of Social Media and Digital Devices among Italian Neurologists. Front. Neurol. 2020, 11, 583. [Google Scholar] [CrossRef]
  7. Maassen, O.; Fritsch, S.; Gantner, J.; Deffge, S.; Kunze, J.; Marx, G.; Bickenbach, J. Future mobile device usage, requirements, and expectations of physicians in German university hospitals: Web-based survey. J. Med. Internet 2020, 22, e23955. [Google Scholar] [CrossRef]
  8. Zeiger, W.; DeBoer, S.; Probasco, J. Patterns and perceptions of smartphone use among academic neurologists in the United States: Questionnaire survey. JMIR mHealth uHealth 2020, 8, e22792. [Google Scholar] [CrossRef]
  9. Buabbas, A.J.; Sharma, P.; Al-Abdulrazaq, A.; Shehab, H. Smartphone use by government dermatology practitioners in Kuwait: A self-reported questionnaire based cross-sectional study. BMC Med. Inform. Decis. Mak. 2019, 19, 155. [Google Scholar] [CrossRef] [Green Version]
  10. Teferi, G.H.; Tilahun, B.C.; Guadie, H.A.; Amare, A.T. Smartphone Medical App Use and Associated Factors Among Physicians at Referral Hospitals in Amhara Region, North Ethiopia, in 2019: Cross-sectional Study. JMIR mHealth uHealth 2021, 9, e19310. [Google Scholar] [CrossRef]
  11. Yahya, H. Healthcare-related smartphone use among doctors in hospitals in Kaduna, Nigeria—A Survey. Niger. J. Clin. Pract. 2019, 22, 897–905. [Google Scholar] [CrossRef] [PubMed]
  12. El Hadidy, T.S.; Alshafei, A.E.; Mortell, A.E.; Doherty, E.M. Smartphones in clinical practice: Doctors’ experience at two Dublin paediatric teaching hospitals. Ir. J. Med. Sci. 2018, 187, 565–573. [Google Scholar] [CrossRef] [PubMed]
  13. Kameda-Smith, M.M.; Iorio-Morin, C.; Winkler-Schwartz, A.; Ahmed, U.S.; Bergeron, D.; Bigder, M.; Dakson, A.; Elliott, C.A.; Guha, D.; Lavergne, P.; et al. Smartphone Usage Patterns by Canadian Neurosurgery Residents: A National Cross-Sectional Survey. World Neurosurg. 2018, 111, e465–e470. [Google Scholar] [CrossRef] [PubMed]
  14. Terry, D.L.; Terry, C.P. Smartphone Use and Professional Communication among Medical Residents in Primary Care. PRiMER 2018, 2, 18. [Google Scholar] [CrossRef] [Green Version]
  15. Gipson, S.; Torous, J.; Boland, R.; Conrad, E. Mobile phone use in psychiatry residents in the United States: Multisite cross-sectional survey study. JMIR mHealth uHealth 2017, 5, e160. [Google Scholar] [CrossRef]
  16. Nerminathan, A.; Harrison, A.; Phelps, M.; Scott, K.M.; Alexander, S. Doctors’ use of mobile devices in the clinical setting: A mixed methods study. Intern. Med. J. 2017, 47, 291–298. [Google Scholar] [CrossRef]
  17. Stergiannis, P.; Intas, G.; Toulia, G.; Tsolakoglou, I.; Kostagiolas, P.; Christodoulou, E.; Chalari, E.; Kiriakopoulos, V.; Filntisis, G. Clinical use of smartphones among medical and nursing staff in Greece: A survey. Comput. Inform. Nurs. 2017, 35, 483–488. [Google Scholar] [CrossRef]
  18. Vallangeon, B.D.; Hawley, J.S.; Sloane, R.; Bean, S.M. An assessment of pathology resident access to and use of technology: A nationwide survey. Arch. Pathol. Lab. Med. 2017, 141, 431–436. [Google Scholar] [CrossRef] [Green Version]
  19. Jahanshir, A.; Karimialavijeh, E.; Vahedi, H.; Momeni, M. Smartphones and medical applications in the emergency department daily practice. Emergency 2017, 5, e14. [Google Scholar]
  20. Kilber, J.; Barclay, A.C.; Ohmer, D.G. Seven Tips for Managing Generation Y. J. Manag. Policy Pract. 2014, 15, 80–91. [Google Scholar]
  21. Nakagawa, K.; Yellowlees, P. Inter-generational Effects of Technology: Why Millennial Physicians May Be Less at Risk for Burnout Than Baby Boomers. Curr. Psychiatry Rep. 2020, 22, 45. [Google Scholar] [CrossRef] [PubMed]
  22. Moreira, A.; Portela, F.; Santos, M. Bring Your Own Device in Healthcare. Int. J. Priv. Health Inf. Manag. 2019, 7, 94–102. [Google Scholar] [CrossRef]
  23. Bromwich, M.; Bromwich, R. Privacy risks when using mobile devices in health care. CMAJ 2016, 188, 855–856. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  24. Thomairy, N.A.; Mummaneni, M.; Alsalamah, S.; Moussa, N.; Coustasse, A. Use of Smartphones in Hospitals. Health Care Manag. 2015, 34, 297–307. [Google Scholar] [CrossRef] [PubMed]
  25. Hedström, K.; Kolkowska, E.; Karlsson, F.; Allen, J.P. Value conflicts for information security management. J. Strateg. Inf. Syst. 2011, 20, 373–384. [Google Scholar] [CrossRef]
  26. Klick, J.; Koch, R.; Brandstetter, T. Epidemic? The Attack Surface of German Hospitals during the COVID-19 Pandemic. In Proceedings of the 2021 13th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, 25–28 May 2021; pp. 73–94, ISBN 978-9916-9565-5-7. [Google Scholar]
  27. Hu, Q.; Dinev, T.; Hart, P.; Cooke, D. Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decis. Sci. 2012, 43, 615–660. [Google Scholar] [CrossRef]
  28. D’Arcy, J.; Greene, G. Security culture and the employment relationship as drivers of employees’ security compliance. Inf. Manag. Comput. Secur. 2014, 22, 474–489. [Google Scholar] [CrossRef]
  29. Solomon, G.; Brown, I. The influence of organisational culture and information security culture on employee compliance behaviour. J. Enterp. Inf. Manag. 2020, 34, 1203–1228. [Google Scholar] [CrossRef]
  30. Humpert-Vrielink, F.; Graf, D. Daten, Informationen und Informationssicherheit: Theorie und Praxis. In Digitalstrategie im Krankenhaus; Henke, V., Hülsken, G., Meier, P.-M., Beß, A., Eds.; Springer Fachmedien Wiesbaden: Wiesbaden, Germany, 2022; pp. 253–267. ISBN 978-3-658-36225-6. [Google Scholar]
  31. Semmelmayer, H. IT-Sicherheit 2022: Was PDSG und KRITIS 2.0 für Kliniken bedeuten. Klin. Manag. Aktuell 2022, 27, 40–41. [Google Scholar] [CrossRef]
  32. Burr, H.; Berthelsen, H.; Moncada, S.; Nübling, M.; Dupret, E.; Demiral, Y.; Oudyk, J.; Kristensen, T.S.; Llorens, C.; Navarro, A.; et al. The Third Version of the Copenhagen Psychosocial Questionnaire. Saf. Health Work 2019, 10, 482–503. [Google Scholar] [CrossRef]
  33. Lincke, H.-J.; Vomstein, M.; Lindner, A.; Nolle, I.; Häberle, N.; Haug, A.; Nübling, M. COPSOQ III in Germany: Validation of a standard instrument to measure psychosocial factors at work. J. Occup. Med. Toxicol. 2021, 16, 50. [Google Scholar] [CrossRef] [PubMed]
  34. Keller, M.; Bamberg, E.; Kersten, M.; Nienhaus, A. Entwicklung eines Instruments zur stressbezogenen Arbeitsanalyse für Klinikärztinnen und -ärzte (ISAK). Z. Arb. Wiss. 2010, 64, 337–353. [Google Scholar]
  35. Keller, M.; Bamberg, E.; Kersten, M.; Nienhaus, A. Validierung des Instruments zur stressbezogenen Arbeitsanalyse für Klinikärztinnen und -ärzte (ISAK). Z. Arb. Organ. 2013, 57, 3–21. [Google Scholar] [CrossRef]
  36. Karlsson, F.; Karlsson, M.; Åström, J. Measuring employees’ compliance—The importance of value pluralism. ICS 2017, 25, 279–299. [Google Scholar] [CrossRef]
  37. Cohen, J. Statistical Power Analysis for the Behavioral Sciences, 2nd ed.; Routledge: London, UK, 1988; ISBN 9781134742707. [Google Scholar]
  38. Wessel, D.; Attig, C.; Franke, T. ATI-S—An Ultra-Short Scale for Assessing Affinity for Technology Interaction in User Studies. In Proceedings of the Mensch und Computer 2019; Alt, F., Bulling, A., Döring, T., Eds.; ACM: New York, NY, USA, 2019; pp. 147–154. ISBN 9781450371988. [Google Scholar]
  39. Wani, T.A.; Mendoza, A.; Gray, K. Hospital Bring-Your-Own-Device Security Challenges and Solutions: Systematic Review of Gray Literature. JMIR Mhealth Uhealth 2020, 8, e18175. [Google Scholar] [CrossRef] [PubMed]
  40. Krey, M. A framework for the adoption of bring your own device (BYOD) in the hospital environment. GSTF J. Comput. 2018, 6, 77–88. [Google Scholar]
  41. Kellerman, S. Physician response to surveys A review of the literature. Am. J. Prev. Med. 2001, 20, 61–67. [Google Scholar] [CrossRef] [PubMed]
  42. Schouten, B.; Cobben, F.; Bethlehem, J. Indicators for the Representativeness of Survey Response. Surv. Methodol. 2008, 35, 101–113. [Google Scholar]
  43. Ortmanns, V.; Schneider, S.L. Can we assess representativeness of cross-national surveys using the education variable? Surv. Res. Methods 2016, 10, 189–210. [Google Scholar] [CrossRef]
Table 1. Sample characteristics.
Table 1. Sample characteristics.
Variablen%
Gender
Female21763.3
Male12536.4
Other10.3
Age group (years)
21–2572.0
26–3013439.1
31–3514040.8
36–403710.8
40 or older257.3
Specialty
Internal Medicine7622.2
Surgery5917.2
Anesthesiology5114.9
Pediatrics and Adolescent Medicine3710.8
General Medicine205.8
Neurology195.5
Gynecology and Obstetrics185.2
Radiology133.8
Psychiatry and Psychotherapy113.2
Neurosurgery82.3
Child and Adolescent Psychiatry and Psychotherapy72.0
Urology51.5
Ophthalmology51.5
Otorhinolaryngology30.9
Pathology20.6
Psychosomatic Medicine and Psychotherapy20.6
Other72.0
Residency level
1st year6719.5
2nd year6418.7
3rd year5816.9
4th year5215.2
5th year or higher10229.7
Hospital sponsorship
Private4713.7
Public21161.5
Non-profit7822.7
I don’t know72.0
University/teaching hospital
Yes27680.5
No6218.1
I don’t know51.5
Hospital size (beds)
Less than 3006017.5
300–80013439.1
More than 80012937.6
I don’t know205.8
Note. N = 343.
Table 2. Hierarchical Regression Analysis to predict security-related behavior (App Selection).
Table 2. Hierarchical Regression Analysis to predict security-related behavior (App Selection).
Variable Δ R 2 βSE95% CIp
LLUL
10.064
(Constant) 0.1902.2813.030<0.001
Residency Level 0.1190.0320.0050.1290.035
ATI 0.2170.0420.0800.246<0.001
20.056
(Constant) 0.3621.3692.794<0.001
Residency Level 0.1090.0310.0000.1230.049
ATI 0.2150.0410.0810.243<0.001
Social Support (Supervisor) 0.2100.0550.0720.2900.001
Social Support (Colleagues) −0.0690.081−0.2460.0720.282
Inform. sec.-rel. Commun. 0.1250.0530.015.2240.026
Note. R² = 0.117. Only respondents who had experience with diagnostic and therapeutic decision support apps were included. N = 302. CI = confidence interval; LL = lower limit; UL = upper limit.
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Kraushaar, J.; Bohnet-Joschko, S. Smartphone Use and Security Challenges in Hospitals: A Survey among Resident Physicians in Germany. Int. J. Environ. Res. Public Health 2022, 19, 16546. https://doi.org/10.3390/ijerph192416546

AMA Style

Kraushaar J, Bohnet-Joschko S. Smartphone Use and Security Challenges in Hospitals: A Survey among Resident Physicians in Germany. International Journal of Environmental Research and Public Health. 2022; 19(24):16546. https://doi.org/10.3390/ijerph192416546

Chicago/Turabian Style

Kraushaar, Judith, and Sabine Bohnet-Joschko. 2022. "Smartphone Use and Security Challenges in Hospitals: A Survey among Resident Physicians in Germany" International Journal of Environmental Research and Public Health 19, no. 24: 16546. https://doi.org/10.3390/ijerph192416546

APA Style

Kraushaar, J., & Bohnet-Joschko, S. (2022). Smartphone Use and Security Challenges in Hospitals: A Survey among Resident Physicians in Germany. International Journal of Environmental Research and Public Health, 19(24), 16546. https://doi.org/10.3390/ijerph192416546

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop