# Safeguarding patient privacy in eHealth systems: Bridging theory and practice through a scoping review and healthcare survey

**Authors:** Michael Winter, Robin Kraft, Celine Belas, Manfred Reichert, Maximilian Ertl, Rüdiger Pryss

PMC · DOI: 10.1371/journal.pdig.0001325 · PLOS Digital Health · 2026-03-26

## TL;DR

This study explores how hospitals manage patient privacy in digital health systems by combining research and surveys, revealing gaps between theory and practice.

## Contribution

The paper bridges theoretical privacy concepts with practical healthcare challenges through a scoping review and survey of professionals.

## Key findings

- Healthcare professionals highlight insufficient training and lack of standardization as major privacy challenges.
- Technical solutions like blockchain are common in research, but staff emphasize the need for better workflow integration.
- A practical framework is proposed to align privacy measures with real-world healthcare needs and legal requirements.

## Abstract

The integration of eHealth technologies in hospitals has transformed patient care while raising privacy concerns. To address the latter, this paper combines a scoping review with a survey of healthcare professionals to examine both theoretical and practical aspects of privacy in hospital eHealth systems. Publications from 2021 to June 2024 focusing on privacy in hospital eHealth systems were reviewed. Literature was retrieved from PubMed, IEEE Xplore, ACM Digital Library, and Web of Science, resulting in 1,556 initial records. Additionally, 122 healthcare professionals from Swiss and German hospital networks were surveyed using purposive and convenience sampling regarding their perceptions of privacy measures and implementation challenges. From 434 included studies, 339 focused on technical measures, 40 on organizational processes, 29 on patient perspectives and ethical considerations, and 26 on legal and regulatory aspects. Key technical advancements included blockchain and AI. The survey revealed that participants primarily associated privacy with confidentiality of patient data and protection against unauthorized access. Most identified insufficient training, lack of standardization, and inadequate existing measures as key implementation challenges, thus highlighting gaps between theoretical privacy concepts and practical implementation in healthcare settings. While technical solutions dominate the literature, the survey emphasizes the importance of staff perspectives, particularly regarding confidentiality, access controls, training, and standardization. An integrated framework addressing technical, organizational, and workflow-specific privacy measures is proposed to bridge the theory-practice gap. Future eHealth privacy frameworks should balance technological innovation with practical implementation considerations that incorporate healthcare professionals’ insights to effectively safeguard patient data.

In recent years, digital technologies have become an essential part of hospital care, offering new opportunities but also raising serious questions about how patient information is protected. In this study, we wanted to understand how hospitals actually handle privacy when using eHealth systems. We reviewed a total of 1,556 research records on privacy in hospital digital systems published between 2021 and June 2024, and also conducted a survey with 122 healthcare workers recruited through hospital networks in Germany and Switzerland using purposive and convenience sampling methods. Moreover, since participation was anonymous, voluntary, and no demographic data was captured, formal ethical approval was not required. We found that while many technical tools like blockchain and encryption are being developed, the real-world challenges healthcare staff face are often overlooked. Staff told us that unclear procedures, lack of training, and time pressure make it hard to fully protect patient privacy. Our findings show that improving privacy in healthcare is not just about better technology, it also requires better support for hospital staff, clearer policies, and stronger alignment with legal frameworks. We developed a practical framework with implementation examples for different resource settings to help translate privacy principles into actionable measures. We hope our work helps bridge the gap between theory and practice so that digital health systems can be both innovative and respectful of patient privacy.

## Full-text entities

- **Diseases:** substance use disorder (MESH:D019966), COVID-19 (MESH:D000086382)
- **Species:** Homo sapiens (human, species) [taxon 9606]

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC13021168/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/PMC13021168/full.md

## References

98 references — full list in the complete paper: https://tomesphere.com/paper/PMC13021168/full.md

---
Source: https://tomesphere.com/paper/PMC13021168