Gökhan ÖZASLAN, Pınar KILIÇ AKSU, Büşra TEKİN, Nur ŞİŞMAN KİTAPÇI, Okan Cem KİTAPÇI, Leyla KÖKSAL, Gonca MUMCU

THE EFFECTS OF INFORMATION SECURITY TRAINING ON EMPLOYEES: A STUDY FROM A PRIVATE HOSPITAL

Training on the information security is important to the mission of establishing sustainable information security. The aim of the study was to evaluate the effect of a training program for information security in a private hospital. Materials and Methods: In this cross-sectional study, 66 medical unit employees (M/F: 53/13, mean age: 30,27±11,12 years) and 34 administrative unit employees (M/F: 11/23, mean age: 31,5±10,84 years) using the Hospital Information Management System (HIMS) were included. Data were collected by a questionnaire regarding the validated Information Security Scale before and after the training program. Results: Scores of Security Policy, Security Applications, Access and Authorization subgroups were significantly improved by the training program in both medical and administrative staff (p<0.05). However, these scores in pre-test and post-test were found to be similar in both groups (p>0.05). In addition, there was no positive effect of HIMS training on scores of these subgroups (p>0.05). Conclusion: Well-designed training programs are necessary for improving information security culture in hospitals. Since ensuring the appropriate protection of organizational assets, it is essential to design an effective training program regarding information security and privacy in the perspective of health managers.

Keywords:

information security, privacy, information security training, private hospital,

PDF

___

Ahlan, AR., Lubis, M. and Lubis, AR. (2015). Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures, Procedia Computer Science, 72:361 – 373.
Arain, MA., Tarraf, R. and Ahmad, A. (2019). Assessing, Staff Awareness and Effectiveness of Educational Training on IT Security and Privacy in a Large Healthcare Organization, Journal of Multidisciplinary Healthcare, 12:73–81.
Box, D. and Pottas, D. (2013). Improving Information Security Behaviour in the Healthcare Context, Procedia Technology, 9:1093 – 1103.
Delgado, J., Llorente, S., Pàmies, M. and Vilalta, J. (2016). Security and Privacy in a DACS, Exploring Complexity in Health: An Interdisciplinary Systems Approach, European Federation for Medical Informatics (EFMI) and IOS Press, 122-127.
Desjardin, B., Mirsky, Y., Ortiz, MP., Glozman, Z., Tarbox, L., Horn, R. and Horii, SC. (2020). Dicom Images Have Been Hacked! Now What? American Journal of Roentgenology, 214(4):727-735.
Fernández-Alemán, JL., Sánchez-Henarejos, A., Toval, A,. Sánchez-García, AB., Hernández-Hernández, I. and Fernandez-Luque, L. (2015). Analysis of Health Professional Security Behaviors in a Real Clinical Setting: An Empirical Study, Internatioal Journal of Medical Informatics, 84(6):454–67.
Gebrasilase, T. and Ferede, LL. (2011). Information Security Culture in Public Hospitals: The Case of Hawassa Referral Hospital, The African Journal of Information Systems, 3(3): Article 1.
Ghazvini, A., Shukur, Z. (2016). Awareness Training Transfer and Information Security Content Development for Healthcare Industry, International Journal of Advanced Computer Science and Applications, 7(5):361-370.
Hepp, SL., Tarraf, RC., Birney, A. and Arain, MA. (2018). Evaluation of the Awareness and Effectiveness of IT Security Programs in a Large Publicly Funded Health Care System, Journal of the Health Information Management Association of Australia, 47(3):116-124.
Kılıç Aksu, P., Şişman Kitapçı, N., Çatar, RÖ., Köksal, L. and Mumcu, G. (2015). An Evaluation of Information Security from the Users’ Perspective in Turkey, Journal of Health Informatics in Devoloping Countries, 9(2):55-67.
Kruse, CS., Smith, B., Vanderlinden, H. and Nealand, A. (2017). Security Techniques for the Electronic Health Records, Journal of Medical Systems, 41(8):127.
Mumcu, G., Köksal, L., Şişman, N., Çatar, RÖ. and Tarım, M. (2014). The Effect of Pharmacy Information Management System on Safety Medication Use: A Study from Private Hospitals in İstanbul. Marmara Pharmaceutical Journal, 18:1-4.
Olusegun, OJ. and Ithnin, NB. (2013). People are the Answer to Security: Establishing a Sustainable Information Security Awareness Training (ISAT) Program in Organization, International Journal of Computer Science and Information Security, 11(8): 57-64.
Peikari, HR., Ramayah, T., Shah, MH. and Lo, MC. (2018). Patients’ Perception of the Information Security Management in Health Centers: The Role of Organizational and Human Factors, BMC Medical Informatics and Decision Making, 18:102.
Schattner, P., Pleteshner, C., Bhend,H. and Brouns, J. (2007). Guidelines for Computer Security Ingeneral Practice, Informatics in Primary Care, 15:73-82.
Sevimli, E., Altingöz, EN., Şisman Kitapçı, N., Kitapçı, OC., Köksal, L., Yay, M., Kılıç Aksu, P. and Mumcu, G. (2019). An Assessment of Health Information Systems Through the Perspectiveof Computer Engineering Students and Medical Students, Acta Informatica Medica, 27(5):300-304.
Stanton, JM., Stam, KR. and Mastrangelo, P. (2005). Analysis of End User Security Behaviors, Computers & Security, 24(2):124-133.
Tschakert, KA. and Ngamsuriyaroj, S. (2019). Effectiveness of and User Preferences for Security Awareness Training Methodologies, Heliyon, 5(6).
Tsohou, A., Kokolakis, S., Karyda, M. and Kiountouzis, E. (2008). Investigating Information Security Awareness: Research and Practice Gaps, Information Security Journal A Global Perspective. 17(5-6):207-227.
Veiga, AD. and Martins, N. (2015). Improving the Information Security Culture Through Monitoring and Implementation Actions Illustrated Through a Case Study, Computers&Security, 49: 162–76.
Wilkowska, W. and Martina, Z. (2012). Privacy and Data Security in E-health: Requirements from the User’s Perspective, Health Informatics Journal, 18(3):191–201.