Awareness About Information Security And Privacy Among Healthcare Employees

Krešimir Šolić*; Mateo Pleša; Tena Velki; Krešimir Nenadić

doi:10.26332/seemedj.v3i1.88

Krešimir Šolić* Department of Medical Statistics and Medical Informatics, Faculty of Medicine, Josip Juraj Strossmayer University of Osijek
Mateo Pleša Department of Medical Statistics and Medical Informatics, Faculty of Medicine, Josip Juraj Strossmayer University of Osijek
Tena Velki Department of Social Sciences, Faculty of Education, Josip Juraj Strossmayer University of Osijek
Krešimir Nenadić Department of Software Engineering, Faculty of Electrical Engineering, Computer Science and Information Technology, Josip Juraj Strossmayer University of Osijek

DOI: https://doi.org/10.26332/seemedj.v3i1.88

Abstract

Aim: The aim of this study was to analyze healthcare employees’ knowledge of information security and potentially risky behavior on the Internet considering demographic parameters and in comparison with the standardized behavioral norms among Internet users in Croatia.

Methods: The study was conducted as a cross-sectional study. Healthcare employees from three hospitals in different geographical areas (Osijek, Pula and Zagreb) were included in this study. The validated UISAQ (Users’ Information Security Awareness Questionnaire) was used for data collection. The questionnaire contains 33 questions, grouped in two scales and six subscales, and participants were self-evaluated using Likert scale. The time period of data collection was the summer of 2017.

Results: Surveyed healthcare employees show significantly less risky behavior and overall better knowledge than the average Internet user in Croatia. Female participants display online behavior that is less risky than that of the male participants; participants with a university degree are better at PC maintenance, while participants with a high school diploma are more skeptical in regard to loss of personal or professional data. Older people are significantly more careful and lend their access data to other colleagues at work less often.

Conclusion: Healthcare employees included in this study display partially better results than the average Internet users in Croatia when it comes to their knowledge and potentially risky online behavior. However, their average estimations are only partially better than referent estimations and their scores are not very high, especially when it comes to their awareness measured in the “Security in Communications” and “Secured Data” subscales. As there is high risk of losing data because of the nature of business protocols, healthcare employees need more education and training in order for their awareness regarding the importance of information security and privacy to increase.

(Solic K, Plesa M, Velki T, Nenadic K. Awareness About Information Security And Privacy Among Healthcare Employees. SEEMEDJ 2019; 3(1); 21-28)

KEYWORDS: information security, privacy protection, risky behavior, Internet, UISAQ