Medical Information Breaches Occurrence with Respect to Social Media Usage, in Selected Medical Institutions in Uganda ()
1. Introduction
From historical perspectives, the embracement levels of SM usage in medical operations have been proliferating since 2010, [1] [2] [3] [4] . At the onset of its proliferation, SM was mainly used in informal settings, supporting largely personal and social needs of individual users, with minimal reported cases of medical information breaches in the mainstream medical settings, [1] [2] [5] . Before 2013, IT related breaches accounted for less than 10% of the overall forms of healthcare data breaches, but later surpassed all the other forms of healthcare breaches by 2015, [1] [6] . Eventually, by 2019, IT was reported as one of the most dominant form of healthcare data breaches in healthcare industry, accounting for over 90% of the overall forms of healthcare breaches, with global estimated cost of $6.45 million, [6] [7] . In Uganda, a study by Alunyu, et al. [8] indicates that 22% to 31% of respondents reported IT related breaches in medical records in hospital sites in Uganda, [8] . Recently, among the global IT related breaches reported, SM accounted for more than 56% of the 4.5 billion of information records compromised in 2018, [1] [7] .
Remarkably, the progressive embracement of SM usage in the mainstream medical settings, coupled with the growth in electronic healthcare information systems, coincided with the growing demands for effective management of electronic medical information, [4] [9] . With respect to SM usage and medical training/clinical operations, electronic medical information serve the roles of teaching/learning, research, as well as providing medical services, [2] [3] . In this case, SM usage enhances real-time interactions by effectively sharing clinical contents, and generating faster feedback among medical students, medical staff including supervisors, and stakeholders, [9] [10] [11] . However, the pressing demand for preserving medical information safety remains a pertinent issue in medical training and clinical operations, [2] [3] [4] .
1.1. Literature Review
In Uganda, over 1500 medical (MBChB) students in a semester session are often deployed across multiple clinical rotations—junior and senior clerkships, [12] [13] . In their clinical years, medical students start getting involved in patient care while attaining hands-on, as well as acquiring professional experience in various domain of medicine including ethical conducts, under expert guidance. At this level of medical training, SM usage becomes a valuable tool in providing a network-space for effective interactions and communication among medical students, medical staff including supervisors, and stakeholders, [11] [14] . According to Abraham et al. (2018), skills in time management are considered significant for medical training as students are often confronted with multitasking set of activities, [11] .
However, medical institutions are still conservative in ratifying SM usage in their operations, [10] [15] . This caution is often attributed to various anticipated challenges, and risks often linked to SM usage, especially in the area related to preserving medical information safety, [2] [3] [4] . According to Pander et al. [4] analysis study of the previous literatures on SM usage in medical institutions, 0.02% to 16% of medical students using SM had acted in unethical way. According to Kaddu & Mukasa [16] study of SM usage in higher education in Uganda, 29% to 38% of students got involved in unethical behaviors, including medical information breaches, [17] . Recently, Alunyu, et al. [8] study indicates that 22% to 31% of respondents reported IT related breaches in medical data in healthcare sites in Uganda. Globally, among IT related breaches, SM incidents accounted for more than 56% of the 4.5 billion of information records compromised in 2018, [1] [7] . The negative implications of medical information breaches include loss of trust and reputations, legal suit, or financial harm, etc., [3] [4] [18] [19] . According to Liaw & Hannan [20] , 49.1% of patients in Australia confirmed withholding information from clinicians based on privacy and confidentiality concerns, [21] . In healthcare industry, the global estimated cost of electronic data breaches in 2019 was $6.45 million, [6] [7] .
In Uganda, the main statutory instrument safeguarding patient’s rights to medical information safety are specified by patient’s charter of 2009, revised in 2019, [22] [23] [24] . Section 1, article 15 of the charter stipulates patient’s rights to privacy and confidentiality during consultation, as well as accessing treatment, [24] . According to the article, identifiable medical information, including treatment plan, can be divulged through informed consent, or when needed by court order. However, healthcare institutions or healthcare providers could permit medical record to a third party in the following circumstances: 1) “That the disclosure is for the purpose of patient’s treatment by another healthcare worker”. 2) “That the disclosure of information is vital for the protection of the healthcare of others or the public, and that the need for disclosure overrides the interest in the information’s non-disclosure”. 3) “That the disclosures are for the purpose of publication in a medical journal or for research or teaching purposes if all details identifying the patient have been concealed”. Therefore, to mitigate the challenge of medical information breaches (especially Section 3), clinical students, and medical staff sharing clinical contents on SM are mandated to safeguard the confidentiality of patient’s identifiable medical information on SM, [23] [24] . In this case, medical information breaches could occur when identifiable medical information are acquired, accessed, used or disclosed without the guidelines stipulated by the charter—sections 1), 2) and 3) above, [18] .
Unfortunately, despite the high embracement levels of SM usage reported in medical training, and clinical operations, medical institutions in Uganda still lack concerted policy to guide on SM usage in their operations, [1] [10] [17] . Formalizing SM usage would help to enforce management control, and accountability in SM usage in case of breaches, and would protect medical institutions against uncensored usage of SM by stakeholders. This would salvage medical institutions against negative consequences such as; loss of trust and reputations, legal suit, or financial harm, [3] [4] [5] [10] [18] [19] . In this case, the study is focused on providing a basis for rationalizing the challenges associated with SM usage in medical training, and clinical operations, [3] . The study outcome would support strategic development process, including curricula and policies development, in line with SM usage in medical training, including clinical operations. Thus, the study was intended to investigate the characteristics of medical information breaches due to SM usage, in selected medical institutions in Uganda.
1.2. Objectives
The main objective of this study was to examine the characteristics of SM usage and medical information breaches occurrence, in selected medical institutions in Uganda. Specifically, the study was focused on the following specific objectives:
1) Establish the prevalence of medical information breaches occurrence due to SM usage, in selected medical institutions in Uganda.
2) Identify the vulnerable areas of SM usage with respect to medical information breaches, in selected medical institutions in Uganda.
3) Examine the association relationships between the demographic profiles and medical information breaches occurrence.
2. Methodology
The study employed online survey, using structured questionnaires (Google forms). The questionnaire items consisted of 4 sections: 1) Introduction; explaining the intention of the researcher, the purpose of data collection, and anonymity assurance to respondents. 2) Demographic profiles; covers demographic characteristics of the respondents. 3) SM usage; covers the types of SM platform used, and the level of SM usage engagement. 4) Medical information breaches; covers medical information breaches occurrence, frequency of medical information breaches, and medical information breaches factors—the items include; a) medical information on SM are obtained and used without informed consent. b) Identifiable medical information on SM are disclosed illegally. c) Identifiable medical information on SM are shared to third party illegally. These items were derived as guided by patient’s charter of 2019, stipulating patient’s rights to medical information safety in Uganda, [22] [24] . The measures of the items were developed with 5-points Likert scales, including; “1 = strongly disagree, 2 = disagree, 3 = neutral, 4 = agree, and 5 = strongly agree”, [25] [26] . Therefore, based on the questionnaire developed, the researcher collected data on demographic profiles, SM usage characteristics, and medical information breaches. However, verbal consultations, and document review were conducted to probe, and substantiate some of the facts which were limitedly captured through questionnaire method, for instance the other types of SM platforms used among respondents.
2.1. Study Population
The study population (N) was constituted by 2300 medical (MBChB) students, and 175 medical staff including supervisors, [13] [27] . The population members were identified from 2 selected medical institutions in Uganda; 1) Mbarara University of Science and Technology (MUST) Faculty of Medicine; 2) Kampala International University (KIU) Faculty of Clinical Medicine and Dentistry. Both MUST and KIU have dedicated teaching hospital sites, handling over 1500 medical students in a single semester session, [27] [28] . The criterion used in selecting the medical institutions was based on recognition by national authority, which signify a better status of system establishment favorable for such a study, [28] [29] . From MUST, the estimated population of medical (MBChB) students in a semester session is 800, and the number of corresponding medical staff and supervisors are 75; while at KIU, the estimated population of medical (MBChB) students within a semester session is 1500, and the corresponding medical staff and supervisors are 100. Overall, the total estimated target population was 2300 + 175 = 2475, respectively, [13] [27] . In this case, the appropriate sample size was determined based on the estimated population of 2475.
2.2. Sample Size
Therefore, using the target population (N) of 2475, appropriate sample size (n) was determined using Morgan and Krejcie population and sample size table, [30] [31] . Taking into considerations the finite and heterogeneous characteristics of the population. In this case, the researcher intended to include all the sub-groups into the study sample. Therefore, Morgan and Krejcie technique was considered appropriate for determining the sample size, since the technique takes into consideration the heterogeneous characteristics of the population, confidence interval level of 95%, and minimum response rate of 50%, [30] [32] . Therefore, using Morgan and Krejcie method, the researcher then derived the sample size using population and sample size table, [30] [31] [33] . Table 1 below indicates the target population, and the expected sample sizes derived within
Table 1. Population and sample size.
Based on population and sample size table, [30] [31] .
each population sub-group, which add up to the composite sample size of 706 including medical students, and respective medical staff from both MUST and KIU.
Sampling Method
From the target population identified, proportional stratified sampling was used to ensure that all the categories of potential respondents in the target population were fairly represented in the sample study. Taking into consideration the estimated minimum response rate of 50%, [34] . In this case, the researcher stratified sub-groups of medical (MBChB) students in year 3, 4 and 5, together with corresponding medical staff. Subsequently, simple probability sampling was then carried out within each stratum (sub-group). The advantage of proportional stratified sampling is that the unique proportionality of the sub-group identified in the target population is retained in the study sample, (Taherdoost, 2016). While, simple probability sampling within sub-group ensured that all the members within the sub-group were given equal probability chance of being selected in the final study sample, [30] [34] .
Approximately, the sample size presented in Table 2 was exaggerated to cater for errors that could arise due to low response rate, or elimination due to data cleaning process, [30] . Therefore, a total of 740 online questionnaires were disbursed to respondents consisting of 580 medical students, and 160 medical staff. In response, a total of 718 questionnaires were duly filled and returned by respondents. However, after conducting data cleaning process and sorting, the valid questionnaires considered were 710. Thereafter, the valid questionnaires were coded and captured into SPSS software. Subsequently, the datasets were summarized and sanctioned for analysis, as guided by specific objectives.
2.3. Data Analysis
After data collection, datasets were cleaned and prepared for analysis. In this case, data processing dealt with the following sets of activities; 1) questionnaire checking to eliminate improper questionnaires; thus 5 questionnaires were found inadequate, where instructions were not followed properly, while 3 were incomplete. 2) 5 questionnaires were edited to correct anomalies including illegibility, incomplete data, inconsistent, and vague answers. 3) Coding was then done to allocate alpha and numeric codes to responses that did not have them so that objective statistical methods could be applied on SPSS, [30] [32] . Eventually, 710 valid questionnaires were considered and sanctioned for analysis using appropriate statistical tools outlined in the following sections.
Data analysis was performed using SPSS version 26 software, supported by MS Excel. The advantage of SPSS is its ability of being comprehensive, and can easily import and presents datasets captured from other sources, specifically data captured using Google form linked to MS Excel format, and later exported to SPSS environment. Altogether, appropriate statistical tools employed included univariate, and bivariate statistical analysis tools; 1) univariate analysis tools included frequency counts, percentage distributions, and measure of central tendency—mean, median and mode. 2) Bivariate analysis statistical tools included graphical visual display such as; tables, frequency tables, and charts. For association between variables, Chi-square (x2) test was conducted to determine the type and strength of associations between the variables. Altogether, the detailed analysis results and discussions are presented in Section 3, 4 and 5, accordingly.
3. Results
The researcher summarized and presented the results using narrative, and simple graphical illustrations including charts and tables. The key items considered under frequency counts, include; respondent’s demographic profiles, SM usage characteristics, and medical information breaches, respectively. However, for association between variables, Chi-square (x2) test was performed. The analysis results within each section are outlined with brief narratives of the key outputs of the section. However, detailed discussion and interpretation of the analysis results are stipulated in Section 4.
3.1. Demographic Profiles
The main respondents used in this study include 566 medical students, and 143 medical staff, respectively. Therefore, with respect to the selected medical institutions, MUST and KIU, Table 2 summarizes and presents the demographic profiles of the respondents, showing the representativeness of the members within the category divides. Thus, indicating the frequency counts, and the corresponding percentage distributions, accordingly.
Table 2. Demographic profile, with respect to medical institutions.
According to Table 2 above, MUST and KIU demographic datasets show similar trends in percentage distributions within the category divides; male students (MUST: 58%, KIU: 56%) compared to female students (MUST: 42%, KIU: 44%). Notably, the higher percentage representation within student’s categories include; age-group: 18 - 25 (MUST: 75%, KIU: 64%); nationality: Ugandan (MUST: 90%; KIU: 88%); year of study: year 3 (MUST: 49%; KIU: 49%); denomination: catholic (MUST: 52%; KIU: 32%); medical department (MUST dermatology: 16%; KIU pediatrics: 13%). Figure 1 below shows gender percentage distribution, with respect to medical institutions (MUST n = 260 students, n = 63 staff; KIU n = 306 students, n = 80 staff).
Figure 1. Gender percentage distribution, with respect to medical institution.
3.1.1. SM Usage Characteristics, with Respect to Medical Institutions
According to Mirembe, Lubega & Kibukamusoke [17] , SM usage is more dominant in higher educational institutions compared to other formal settings in Uganda. And, according to Olum & Bongomin [13] , over 90% of medical students in Uganda are using SM in their operations. Thus, the most dominant SM platforms in medical institutions in Uganda include; WhatsApp, Facebook, Twitter, and YouTube, [13] [17] . Therefore, the selected medical institutions, and SM platforms used in this study would fit within the geographical and content scope definition of the study. Table 3 below summarizes and presents SM usage characteristics, with respect to the selected medical institutions (MUST and KIU), indicating the frequency counts, and percentage distributions within the category divides, accordingly.
Table 3. SM usage characteristics, with respect to medical institutions.
Remarkably, the leading types of SM platforms reported among respondents include; WhatsApp (MUST: 97%; KIU: 98%), Facebook (MUST: 78%; KIU: 76%), Twitter (MUST: 62%; KIU: 66%), and YouTube (MUST: 52%; KIU: 61%). The other upcoming types of SM platforms reported among medical students include; TikTok, Instagram, Pinterest and Snapchat. However, it should be noted here that, the response options on types of SM platform were independent responses.
On the other hand, the leading SM usage engagement categories were reported among students; experience in SM usage: > 5 years (MUST: 79%; KIU: 76%), frequency of SM usage: always and often (MUST: 75%; KIU: 74%), number of contacts/friends connected: > 150 (MUST: 69%; KIU: 82%). Notably, the level of SM usage engagement categories among medical student ranges from 72% to 94%, compared to medical staff (55% to 70%). Overall, 77% to 87% of the respondents across category divides acknowledged sharing medical data on SM. Whereby, the lowest level was reported among MUST staff (77%), and the highest level was reported among KIU students (87%). Figure 2 below shows the types of SM platform within students category divides, with respect to medical institutions, (MUST n = 260, KIU n = 306)
Figure 2 shows similar trends in percentage distribution reported among MUST and KIU student. The other SM usage engagement factors (experience of SM usage, frequency of SM usage, and contacts/friends connected) in Table 3 also showed some levels of uniformity in percentage distribution between the two institutions (MUST and KIU).
3.1.2. Medical Information Breaches
With respect to medical information breaches, 2 perspectives of questionnaire items were developed to measure medical information breaches; 1) occurrence of medical information breaches, with responses: yes/no; 2) medical information breaches items, developed with 5-points Likert scale measures. Therefore, with respect to medical information breaches item, with yes/no responses, 27% to 42% of the respondents within category divides acknowledged occurrence of medical information breaches, due to SM usage. Whereby, the lowest level of medical information breaches were reported among MUST staff (27%), and the highest level were reported among KIU students (42%). Nevertheless, the percentage distribution of the breaches within demographic profiles include; medical students: yes (MUST: 40%, KIU: 42%) compared to medical staff: yes (MUST: 27%, KIU: 35%). Figure 3 below shows the response on medical information breaches reported within title categories (students, and staff), with respect to medical institutions (MUST n = 260 students, n = 63 staff; KIU n = 306 students, n = 80 staff).
Figure 2. Types of SM platform, with respect to medical institutions.
Figure 3. Medical information breaches within title, with respect to medical institutions.
According to Figure 3, higher levels of medical information breaches were reported among medical students, compared to medical staff. Thus, medical students: yes (MUST: 40%; KIU: 42%); compared to medical staff: yes (MUST: 27%; KIU: 36%). Comparatively, the percentage distributions among MUST, and KIU show higher percentage distributions, compared to related studies in Uganda, [3] [4] [8] [17] . For instance, Alunyu, et al. [8] study indicates that 22% to 31% of respondents reported IT related breaches in medical information in hospital sites in Uganda. Nevertheless, the disparity in percentage distribution could also be attributed to the slight over-edge in population and sample size used, or differences in study objectives or methodologies used. Figure 4 shows the responses on medical information breaches reported, within gender, with respect to medical institutions, (MUST n = 189 male, n = 134 female; KIU n = 218 male, n = 169 female).
Figure 4. Medical information breaches within gender, with respect to medical institutions.
Table 4 presents percentage distributions of medical information breaches within selected demographic profile, and SM usage engagement categories. In this case, the key categories selected include; gender, age-group, experience in SM usage, and contacts/friends connected.
Table 4. Medical information breaches, within key categories.
According to Table 4, the breaches were highly reported among; male respondents: yes (MUST: 60%, KIU: 58%) compared to female respondents: yes (MUST: 40%; KIU: 42%); age-group 18 - 25 years: yes (MUST: 63%; KIU: 54%) compared to the other categories, 26 - 46 years: yes (MUST: 37%; KIU: 46%); experience of SM usage: more than 6 years: yes (MUST: 58%; KIU: 43%) compared to the other categories, less than 6 years: yes (MUST: 42%; KIU: 57%); contacts/friends connected, more than 200: yes (MUST: 46%; KIU: 43%) compared to the other categories, less than 200: yes (MUST: 54%; KIU: 57%). However, with respect to types of SM platform, the breaches were highly reported among; WhatsApp users: yes (MUST: 61%; KIU: 66%) compared to the other categories: yes (MUST: 39%; KIU: 44%).
On the other hand, the frequency in medical information breaches category helps to gauge the rate at which medical information breaches occurs. The measures include; “1 = never”, “2 = rarely”, “3 = sometimes”, “4 = often”, and “5 = always”. Among the different categorical responses, 5% to 32% of the respondents acknowledged some level of frequency in medical information breaches, due to SM usage. Whereby, the lowest level of frequency was reported among KIU staff (5%), and the highest level was reported among MUST students (32%). With respect to demographic profiles, and SM usage engagement, higher level of frequency in medical information breaches was reported among male student category (11% to 58%), and WhatsApp users (44% to 62%). Figure 5 presents the percentage distribution in medical information breaches within title (students, and staff), with respect to medical institutions (MUST n = 260 students, n = 63 staff; KIU n = 306 students, n = 80 staff).
Figure 5. Frequency in medical information breaches, with respect to medical institutions.
Furthermore, with respect to the 5-Points Likert scale measures, 3 items were used to capture respondent’s opinions on the level of medical information breaches, due to SM usage. The items include; 1) medical information on Social Media are obtained and used without informed consent. 2) Identifiable medical information on Social Media are disclosed illegally. 3) Identifiable medical information on Social Media are shared to third party illegally, [22] [24] . Figure 6 below shows the percentage distribution level of agreement based on medical information breaches within gender, with respect to medical institutions, (MUST n = 260 students, n = 63 staff; KIU n = 306 students, n = 80 staff).
According to Figure 6, the level of agreement (agree + strongly agree) within gender, with respect to medical institutions include; male: agree + strongly agree (MUST: 53%, KIU: 42%) compared to female: agree + strongly agree (MUST: 35%, KIU: 31%). Overall, 31% to 53% of the respondents within gender category divides agreed with some levels of medical information breaches. However, the percentage distribution is higher among MUST, and male respondents compared to KIU, and female respondents, respectively. Relatively, the results for the Likert scale (31% to 53%) is slightly higher compared to the categorical response (yes/no) range (27% to 42%). The extreme percentage figure for Likert scale response for MUST (53%) could also be attributed to outlier factors, since the corresponding result for KIU (42%) is within the categorical range (27% to 42%).
Figure 6. Medical information breaches, levels of agreement.
However, with respect to age-group, the level of agreement (agree + strongly agree) include; 18 - 25 years: agree + strongly agree (MUST: 50%, KIU: 43%); 26 - 35 years: agree + strongly agree (MUST: 42% KIU: 31%); 36 - 45 years: agree + strongly agree (MUST: 34%, KIU: 33%); above 45 years: agree + strongly agree (MUST: 54%, KIU: 41%). Relatively, the levels of agreement is uniform within the age-group categories, but higher among MUST respondents compared to KIU respondents (Table 5). Overall, 31% to 54% of the respondents within age-group categories agreed with some levels of medical information breaches. Table 5 presents the levels of agreement in medical information breaches within age-group, with respect to medical institutions, (MUST n = 260 students, 63 staff; KIU n = 306 students, 80 staff).
Table 5. Levels of agreement within age-group, with respect to medical institutions.
It should be noted that, the percentage distributions in Table 5, and Figure 6 were interpreted within gender, and age-group categories, respectively. However, for detailed association between variables, Chi-square (x2) test was conducted to examine the level of association existing between selected demographic profiles, and medical information breaches occurrence.
3.2. Association between Variables
Eventually, Chi-square (x2) test was conducted to examine the level of association existing between selected categorical variables, and medical information breaches reported. The key categorical variables used include medical institution (MUST and KIU), gender, and age-group. Chi-square test was conducted at the critical alpha (α) value of 0.05. In this case, for all the 3 categorical variables, null hypothesis (H0) states that there is statistically no significant difference between medical institutions/gender/age-group, and medical information breaches occurrence reported. While alternative hypotheses include the following:
H1: there is statistically significant difference between medical institutions (MUST and KIU) and medical information breaches occurrence reported. In this case, Chi-square (x2) results generated (x2 = 7.890, df = 4, p = 0.096) show insignificant difference between medical institutions (MUST and KIU) and medical information breaches reported. The results also reinforce the earlier position reported, where MUST and KIU datasets showed similar trends in percentage distributions within the medical information breaches category divides, with respect to medical institution, (Table 4).
H2: there is statistically significant difference between gender and medical information breaches occurrence reported. In this case, Chi-square (x2) results generated (x2 = 17.348, df = 4, p = 0.002) show significant difference between gender and medical information breaches occurrence reported. However, within medical institutions, Chi-square (x2) results generated for MUST (x2 = 17.822, df= 4, p = 0.001) shows significant difference between gender and medical information breaches, while KIU (x2 = 6.084, df = 4, p = 0.193) shows insignificant association between gender and medical information breaches occurrence.
H3: state that there is significant difference between age-group and medical information breaches reported. In this case, Chi-square (x2) results generated (x2 = 23.738, df = 12, p = 0.022) show significant association between age-group and medical information breaches occurrence reported. However, within medical institutions, Chi-square (x2) results generated for MUST (x2 = 17.872, df = 12, p = 0.120), and KIU (x2 = 15.631, df = 12, p = 0.209) both show insignificant association between age-group and medical information breaches occurrence reported.
4. Demographic Profiles
According to Table 2, MUST and KIU datasets show similar trends in percentage distributions within the category divides, where male students (MUST: 58%, KIU: 56%) registered higher percentage compared to female students (MUST: 42%, KIU: 44%). However, the disparity in gender percentage distribution could also be attributed to gender inequality enrollment in medical programme in Uganda, as reported by other studies, [13] [17] [27] [33] [35] . Nevertheless, the higher percentage representation within student’s categories were recorded among; age-group: 18 - 25 (MUST: 75%, KIU: 64%); nationality: Ugandan (MUST: 90%; KIU: 88%); year of study: year 3 (MUST: 49%; KIU: 49%); denomination: catholic (MUST: 52%; KIU: 32%); medical department (MUST dermatology: 16%; KIU pediatrics: 13%). Nevertheless, the slight disparity in percentage distribution on the overall study outcome could be minimal since the respondents are normally subjected to similar operational conditions, [27] [28] . Remarkably, the leading types of SM platforms reported among respondents include; WhatsApp (MUST: 97%; KIU: 98%), Facebook (MUST: 78%; KIU: 76%), Twitter (MUST: 62%; KIU: 66%), and YouTube (MUST: 52%; KIU: 61%). Comparatively, the dataset for MUST, KIU, and related studies conducted in Uganda shows similar trends in percentage distributions among SM usage categories, [13] [17] [27] . While the other upcoming types of SM platforms reported among medical students include; TikTok, Instagram, Pinterest and Snapchat.
On the other hand, the leading SM usage engagement categories were reported among students; experience in SM usage: >5 years (MUST: 79%; KIU: 76%), frequency of SM usage: always and often (MUST: 75%; KIU: 74%), number of contacts/friends connected: >150 (MUST: 69%; KIU: 82%). Notably, the level of SM usage engagement categories among medical student ranges from 72% to 94%, compared to medical staff (55% to 70%). Overall, 77% to 87% of the respondents across category divides acknowledged sharing medical data on SM. Whereby, the lowest level were recorded among MUST staff (77%), and the highest level were recorded among KIU students (87%). The other SM usage engagement items (experience of SM usage, frequency of SM usage, and contacts/friends connected) in Table 4 also showed uniformity in percentage distribution between the two institutions (MUST and KIU).
4.1. Medical Information Breaches
With respect to specific objective 1, the researcher’s intention was to establish the prevalence of medical information breaches occurrence, due to SM usage. With respect to medical information breaches responses, items with yes/no responses (Figure 3), 27% to 42% of the respondents within category divides (yes/no) acknowledged occurrence of medical information breaches, due to SM usage. Whereby, the lowest level of medical information breaches were recorded among MUST staff (27%), and the highest level were recorded among KIU students (42%). Nevertheless, the percentage distribution of the breaches recorded within demographic profiles include; medical students: yes (MUST: 40%, KIU: 42%) compared to medical staff: yes (MUST: 27%, KIU: 35%). Comparatively, the percentage distributions recorded among MUST, and KIU show higher percentage distributions, compared to related studies in Uganda, [3] [4] [8] [17] . For instance, Alunyu, et al. [8] study indicates that 22% to 31% of respondents reported IT related breaches in medical records in hospital sites in Uganda. Nevertheless, the disparity in percentage distribution could also be attributed to the slight over-edge in population, sample size, or differences in study objectives, or methodologies used.
According to Table 4, the breaches were highly reported among; male: yes (MUST: 60%, KIU: 58%) compared to female: yes (MUST: 40%; KIU: 42%); age-group 18 - 25 years: yes (MUST: 63%; KIU: 54%) compared to the other categories, 26 - 46 years: yes (MUST: 37%; KIU: 46%); experience of SM usage: more than 6 years: yes (MUST: 58%; KIU: 43%) compared to the other categories, less than 6 years: yes (MUST: 42%; KIU: 57%); contacts/friends connected, more than 200: yes (MUST: 46%; KIU: 43%) compared to the other categories, less than 200: yes (MUST: 54%; KIU: 57%). However, with respect to types of SM platform, the breaches were highly recorded among; WhatsApp users: yes (MUST: 61%; KIU: 66%) compared to the other categories (TikTok, Instagram, Pinterest and Snapchat): yes (MUST: 39%; KIU: 44%). However, frequency in medical information breaches item helps to gauge the rate at which medical information breaches occurs (Figure 5). The measures included; “1 = never”, “2 = rarely”, “3 = sometimes”, “4 = often”, and “5 = always”. Among the different categorical responses, 5% to 32% of the respondents acknowledged some level of frequency in medical information breaches, due to SM usage. Whereby, the lowest level of frequency was reported among KIU staff (5%), and the highest level was reported among MUST students (32%). With respect to demographic profiles, and SM usage engagement, higher level of frequency in breaches was recorded among male student category (11% to 58%), and WhatsApp users (44% to 62%), respectively.
With respect to the 5-Points Likert scale measures (Figure 6), the level of respondents agreement (agree + strongly agree) on medical information breaches within gender, with respect to medical institutions include; male: agree + strongly agree (MUST: 53%, KIU: 42%) compared to female: agree + strongly agree (MUST: 35%, KIU: 31%). Overall, 31% to 53% of the respondents within gender category divides agreed with some levels of medical information breaches. However, the percentage distribution is higher among MUST and male categories compared to KIU and female categories, respectively. Relatively, the results for Likert scale (31% to 53%) is slightly higher compared to the categorical response—yes/no (27% to 42%). Notably, the extreme percentage figure for Likert scale response for MUST (53%) could also be attributed to outlier factors, since the corresponding result for KIU (42%) is within the categorical range (27% to 42%). However, with respect to age-group, the level of agreement (agree + strongly agree) include; 18 - 25 years: agree + strongly agree (MUST: 50%, KIU: 43%); 26 - 35 years: agree + strongly agree (MUST: 42% KIU: 31%); 36 - 45 years: agree + strongly agree (MUST: 34%, KIU: 33%); above 45 years: agree + strongly agree (MUST: 54%, KIU: 41%). Relatively, the levels of agreement are uniform within the age-group categories, but higher among MUST respondents compared to KIU respondents (Table 5). Overall, 31% to 54% of the respondents within age-group categories agreed with some levels of medical information breaches.
4.2. Association between Variables
Eventually, Chi-square (x2) test was conducted to examine the types of association existing between selected categorical variables, and medical information breaches occurrence. The key categorical variables used include medical institution (MUST and KIU), gender, and age-group. The test was performed at a critical alpha (α) value of 0.05. In this case, for all the 3 categorical variables, null hypothesis (H0) states that there is statistically no significant difference between medical institutions/gender/age-group, and medical information breaches occurrence. While alternative hypotheses include the following:
H1: there is statistically significant difference between medical institutions (MUST and KIU) and medical information breaches occurrence reported. In this case, Chi-square (x2) results generated (x2 = 7.890, df = 4, p = 0.096) show insignificant association between medical institutions (MUST and KIU) and medical information breaches occurrence. The results also reinforce the earlier position reported, where MUST and KIU datasets showed similar trends in percentage distributions within the medical information breaches categories, with respect to medical institution, (Table 4). Therefore, from the Chi-squares (x2) results obtained, since p > 0.05, we reject H1 and accept H0: that says there is statistically no significant difference between medical institutions and medical information breaches occurrence. However, for consistency in the research findings, more related studies could still be done to involve the other medical institutions in Uganda.
H2: there is statistically significant difference between gender and medical information breaches occurrence reported. In this case, Chi-square (x2) results generated (x2 = 17.348, df = 4, p = 0.002) show significant difference between gender and medical information breaches occurrence reported. However, within medical institutions, Chi-square (x2) results generated for MUST (x2 = 17.822, df= 4, p = 0.001) shows significant difference between gender and medical information breaches, while KIU results (x2 = 6.084, df = 4, p = 0.193) shows insignificant difference between gender and medical information breaches. From the Chi-squares (x2) results obtained, since p < 0.05, we reject H0and accept H2: that says there is statistically significant difference between gender and medical information breaches occurrence reported. However, within medical institution, Chi-square results for MUST shows significant result (p < 0.05), while KIU results shows insignificant level of association, where p > 0.05. Nevertheless, for consistency in the research outcomes, more related studies could still be done to involve the other medical institutions in Uganda.
H3: state that there is significant difference between age-group and medical information breaches accordance reported. In this case, Chi-square (x2) results generated (x2 = 23.738, df = 12, p = 0.022) show significant difference between age-group and medical information breaches occurrence. However, within medical institutions, Chi-square (x2) results generated for MUST (x2 = 17.872, df = 12, p = 0.120), and KIU (x2 = 15.631, df = 12, p = 0.209) both show insignificant association between age-group and medical information breaches occurrence. Therefore, from the Chi-squares (x2) result obtained, since p < 0.05, we reject H0 and accept H3: that says there are statistically significant associations between age-group and medical information breaches occurrence reported. However, within medical institution, Chi-square results for both MUST and KIU show insignificant result (p > 0.05). Nevertheless, for consistency in the findings, more related studies could still be done to involve the other medical institutions in Uganda.
5. Study Contributions
Generally, the study outcome provides guidance to medical institutions, researchers, SM practitioners, by pointing out the vulnerable areas of SM usage in medical operations. The study also provides empirical inputs into policy development process, in line with SM usage and medical operations. Formalizing SM usage in medical institutions would help to regulate and enforce accountability in SM usage, and protect medical institutions against uncensored usage of SM by stakeholders. This would protect medical institutions against negative implications such as loss of trust and reputations, legal suit, or financial harm, etc., [3] [4] [5] [10] [18] [19] . More so, the study outcomes would help to guide and improve on the level of awareness on the choice of SM functions, in line with medical information safety, and medical training activities—learning, teaching and research, [18] . This would enhance coordination and sharing of quality contents among medical students, and medical staff including supervisors.
Overall, addressing security gap in SM usage in medical operations is in the best interest of every SM user in healthcare fraternity. With better information security mechanism on SM usage, patients and community confidence, and trust in healthcare systems will improve. When patients and community are assured of the safety of their private healthcare information, they would be more willing to disclose sensitive information to physicians, and this will improve on the quality of medical care and services provided, (Jomin & Takura, 2019). According to Liaw & Hannan [20] , 49.1% of patients in Australia confirmed withholding information from clinicians based on privacy and confidentiality concerns, [21] .
6. Recommendations and Conclusion
The vulnerable areas of the breaches highlighted would serve as important reference points for SM practitioners, and researchers. However, further studies need to focus on identification of the key SM usage factors associated with medical information breaches in medical institutions in Uganda, [36] . In reference to the study limitations stated in Section 1, more empirical studies need to be conducted to enrich the empirical foundations supporting SM usage in medical education, [2] [3] . The few existing studies depend mainly on the descriptive approaches, or practitioner experience, or literature-search, which may be context specific, [2] [3] [5] . As such, their measures and findings could be limited in scopes, and prone to duplications, redundancy, or inconsistency. Formally, the subjective nature of SM concepts makes it complex for existing theories and studies to have a standard definition of SM concepts, [37] . This is mainly due to the casual nature of SM functions, where individual could use colloquial forms of subjective language to express their views and opinions. Therefore, to address the challenges, more empirical studies need to focus on generating quantitative evidence to substantiate some of the unique challenges associated with SM usage. However, to help enforce accountability in SM usage, medical institutions in Uganda need to ratify SM usage in their operations, [38] . This would protect the institutions against uncensored usage of SM by stakeholders. Thus, promote SM usage, and protect medical institutions against dreaded and negative consequences such as; loss of trust and reputations, legal suit, or financial harm, [5] [10] [18] [19] .