Evaluation of the effects of information security training on employees: a study from a private hospital

Aim: Human error is known as the biggest threat to information security in healthcare organizations. Training on the information security is important to the mission of establishing sustainable information security. The aim of the study was to evaluate the effect of a training program for information security in a private hospital. Materials and Methods: In this cross-sectional study, 66 medical unit employees (M/F: 53/13, mean age: 30,27±11,12 years) and 34 administrative unit employees (M/F: 11/23, mean age: 31,5±10,84 years) using the Hospital Information Management System (HIMS) were included. Data were collected by a questionnaire regarding the validated Information Security Scale before and after the training program. Results: Scores of three subgroups of the scale (Security Policy, Access and Authorization, Security Applications) were used in the study. Scores of them were significantly improved by the training program in both medical and administrative staff (p<0.05). However, these scores in pre-test and post-test were found to be similar in both groups (p>0.05). In addition, there was no positive effect of HIMS training on scores of these subgroups (p>0.05). Conclusion: Well-designed training programs are necessary for improving information security culture in hospitals. Since ensuring the appropriate protection of organizational assets, it is essential to design an effective training program regarding information security and privacy in the perspective of health managers.