Aim Data-protection regulations in German hospitals, based on data-protection laws and internal regulations, must be complied with and taken into account in daily work. However, these regulations are not always respected, as evidenced by the data-protection scandals in Germany of recent years. Subjects and methods In a 2010 survey, data was collected from 557 individuals including administrative staff, nursing staff, physicians, physicians with scientific/research-based work and other health professionals of 26 hospitals in Germany to analyze the factors of relevance with regard to data-protection compliance. Results The acceptance of hospital staff concerning dataprotection regulations is significantly influenced by subjective values and personal attitudes. Significant differences related to the acceptance of data-protection rules and regulations can be found in gender or type of hospital. The results show that employees consider rules and regulations to be necessary and important. However damage caused by data security breaches and the likelihood that they will occur, are considered to be less significant. A large impact on individual data-protection compliance can be reported in the subjective norm, which is influenced by the effect of close colleagues and superiors.
ConclusionThe underlying results of the study at hand demonstrate practical implications which can lead to a high degree of data-protection compliance in the future. The related aspects deserving future investigation of the possible explanations for differences in behavior related to data protection among various occupational groups in hospitals are discussed. Men and women exhibit very different levels of dataprotection acceptance, so future efforts to increase sensitivity and awareness of data-protection issues in employees require gender-specific approaches. Another issue that merits investigation is the source of the influence of hospital type on dataprotection compliance.