Governance and Management of Protected Health Information in Health Records, Health Informatics, and Hospital Administrative Systems

Hamed Abdullah Alotaibi (1), Khamis Nazal Alahazmi (2), Yahya Mohammed H Alsaad (3), Faisal Ahmed Alsharif (4), Sultan Mohammed Hagawe (4), Saleh Hamad Dahin Al Sinan (5), Hassan Abdullah Hadi Hamedhi (6), Ali Muhammad Yahya Kulaibi (7), Abdullah Hussein Mohsen Faqihi (8), Khaled Yahya Ahmed Asseri (3), Laila Ahmed Abu Hashim (9), Amani Ahmed Mohammed Zakri (10), Fatimah Ahmed Barot (11)
(1) Dhurma Health Center – Dhurma, Ministry of Health, Saudi Arabia,
(2) The Northern Borders Health Cluster, Ministry of Health, Saudi Arabia,
(3) Inventory Control Management, Ministry of Health, Saudi Arabia,
(4) Jazan, Ministry of Health, Saudi Arabia,
(5) Kobash General Hospital – Najran, Ministry of Health, Saudi Arabia,
(6) King Fahd Central Hospital – Jazan, Ministry of Health, Saudi Arabia,
(7) King Fahd Hospital – Jazan, Ministry of Health, Saudi Arabia,
(8) King Fahd Central Hospital – Gizan, Ministry of Health, Saudi Arabia,
(9) Maternity and Children’s Hospital – Al-Ahsa, Ministry of Health, Saudi Arabia,
(10) Jazan Specialized Hospital, Jazan Health Cluster, Ministry of Health, Saudi Arabia,
(11) Damad General Hospital, Ministry of Health, Saudi Arabia
https://doi.org/10.64483/202522540

Article Sidebar

Issue
Vol. 2 No. 2 (2025)
Submitted
January 19, 2026
Published
December 31, 2025
Keywords:
    Protected Health Information; Health Informatics; Electronic Health Records; HIPAA; Data Governance; Patient Privacy
PDF

Abstract

Background: Protected Health Information (PHI) is a fundamental component of modern healthcare systems, particularly within digital health records, health informatics platforms, and hospital administrative systems. Regulatory frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) define PHI and establish standards for its protection to preserve patient privacy, trust, and legal accountability.


Aim: This article aims to examine the governance and management of PHI within health records, health informatics, and hospital administrative systems, highlighting ethical, legal, and clinical implications and clarifying the roles of healthcare professionals in safeguarding sensitive patient information.


Methods: A descriptive and analytical approach was employed, reviewing regulatory frameworks, healthcare workflows, and professional practices related to PHI handling. The article integrates legal provisions, institutional roles, and clinical scenarios to analyze risks, safeguards, and governance strategies across healthcare settings.


Results: The review demonstrates that effective PHI management depends on coordinated responsibilities among medical records specialists, medical secretaries, health informatics professionals, and hospital management. Technical safeguards such as encryption, role-based access, audit trails, and deidentification significantly reduce privacy risks while supporting clinical efficiency and research innovation


Conclusion: Robust PHI governance enhances patient trust, clinical quality, and regulatory compliance. Integrating ethical judgment, continuous training, and secure information systems is essential as healthcare becomes increasingly data driven.

Full text article

Generated from XML file

References

1. Burkle CM, Cascino GD. Medicine and the media: balancing the public's right to know with the privacy of the patient. Mayo Clinic proceedings. 2011 Dec:86(12):1192-6. doi: 10.4065/mcp.2011.0520.

2. Goldstein MM, Pewen WF. The HIPAA Omnibus Rule: implications for public health policy and practice. Public health reports (Washington, D.C. : 1974). 2013 Nov-Dec:128(6):554-8

3. Colorafi K, Bailey B. It's Time for Innovation in the Health Insurance Portability and Accountability Act (HIPAA). JMIR medical informatics. 2016 Nov 2:4(4):e34

4. Bowman MA,Maxwell RA, A beginner's guide to avoiding Protected Health Information (PHI) issues in clinical research - With how-to's in REDCap Data Management Software. Journal of biomedical informatics. 2018 Sep

5. Goldstein MM. Health information privacy and health information technology in the US correctional setting. American journal of public health. 2014 May:104(5):803-9. doi: 10.2105/AJPH.2013.301845.

6. Feldman H, Kamali P, Lin SJ, Halamka JD. Clinical 3D printing: A protected health information (PHI) and compliance perspective. International journal of medical informatics. 2018 Jul:115():18-23. doi: 10.1016/j.ijmedinf.2018.04.006.

7. Drolet BC, Marwaha JS, Hyatt B, Blazar PE, Lifchez SD. Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance. The Journal of hand surgery. 2017 Jun:42(6):411-416. doi: 10.1016/j.jhsa.2017.03.023.

8. Motiwalla L, Li XB. Developing Privacy Solutions for Sharing and Analyzing Healthcare Data. International journal of business information systems. 2013 Jan 1:13(2):. doi: 10.1504/IJBIS.2013.054335.

9. Nettrour JF, Burch MB, Bal BS. Patients, pictures, and privacy: managing clinical photographs in the smartphone era. Arthroplasty today. 2019 Mar:5(1):57-60. doi: 10.1016/j.artd.2018.10.001.

10. Filkins BL, Kim JY, Roberts B, Armstrong W, Miller MA, Hultner ML, Castillo AP, Ducom JC, Topol EJ, Steinhubl SR. Privacy and security in the era of digital health: what should translational researchers know and do about it? American journal of translational research. 2016:8(3):1560-80

11. Vanderpool D, Hipaa-should I be worried? Innovations in clinical neuroscience. 2012 Nov

Authors

Hamed Abdullah Alotaibi
Dhurma Health Center – Dhurma, Ministry of Health
hamed.alhozaimi@gmail.com (Primary Contact)
Khamis Nazal Alahazmi
The Northern Borders Health Cluster, Ministry of Health
Yahya Mohammed H Alsaad
Inventory Control Management, Ministry of Health
Faisal Ahmed Alsharif
Jazan, Ministry of Health
Sultan Mohammed Hagawe
Jazan, Ministry of Health
Saleh Hamad Dahin Al Sinan
Kobash General Hospital – Najran, Ministry of Health
Hassan Abdullah Hadi Hamedhi
King Fahd Central Hospital – Jazan, Ministry of Health
Ali Muhammad Yahya Kulaibi
King Fahd Hospital – Jazan, Ministry of Health
Abdullah Hussein Mohsen Faqihi
King Fahd Central Hospital – Gizan, Ministry of Health
Khaled Yahya Ahmed Asseri
Inventory Control Management, Ministry of Health
Laila Ahmed Abu Hashim
Maternity and Children’s Hospital – Al-Ahsa, Ministry of Health
Amani Ahmed Mohammed Zakri
Jazan Specialized Hospital, Jazan Health Cluster, Ministry of Health
Fatimah Ahmed Barot
Damad General Hospital, Ministry of Health
Alotaibi, H. A., Alahazmi, K. N., Alsaad, Y. M. H., Alsharif, F. A., Hagawe, S. M., Al Sinan, S. H. D., … Barot, F. A. (2025). Governance and Management of Protected Health Information in Health Records, Health Informatics, and Hospital Administrative Systems. Saudi Journal of Medicine and Public Health, 2(2), 3085–3091. https://doi.org/10.64483/202522540
Download Citation
Endnote/Zotero/Mendeley (RIS) BibTeX

Copyright (c) 2025 Hamed Abdullah Alotaibi, Khamis Nazal Alahazmi, Yahya Mohammed H Alsaad, Faisal Ahmed Alsharif, Sultan Mohammed Hagawe, Saleh Hamad Dahin Al Sinan, Hassan Abdullah Hadi Hamedhi, Ali Muhammad Yahya Kulaibi, Abdullah Hussein Mohsen Faqihi, Khaled Yahya Ahmed Asseri, Laila Ahmed Abu Hashim, Amani Ahmed Mohammed Zakri, Fatimah Ahmed Barot

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Article Details