Abstract-Electronic Health Record (EHR) becomes increasingly pervasive and the need to safeguard EHR becomes more vital for healthcare organizations. Human error is known as the biggest threat to information security in Electronic Health Systems that can be minimized through awareness training programs. There are various techniques available for awareness of information security. However, research is scant regarding effective information security awareness delivery methods. It is essential that effective awareness training delivery method is selected, designed, and executed to ensure the appropriate protection of organizational assets. This study adapts Holton's transfer of training model to develop a framework for effective information security awareness training program. The framework provides guidelines for organizations to select an effective delivery method based on the organizations' needs and success factor, and to create information security content from a selected healthcare's internal information security policy and related international standards. Organizations should make continual efforts to ensure that content of policy is effectively communicated to the employees.
This paper aims to develop an information security awareness training program for the healthcare industry to ensure the appropriate protection of electronic health systems. Serious games are primarily designed for training purposes rather than pure entertainment. Serious games are proven as an effective training approach for awareness programs. Serious games benefit learning as the games are fun to play and motivate learners to participate and interact with learning activities. Developing a serious game requires the revision of adequate guidelines that identify all characteristics to be incorporated in such games. Thus, this paper reviews serious game models that have been constructed as game development guidelines. To this end, a serious game is developed and implemented at a selected healthcare organization.
Abstract-Electronic Health Record (EHR) is a valuable asset of every healthcare and it needs to be protected. Human errors are recognized as the major information security threats to EHR systems. Employees who interact with EHR systems should be trained about the risks and hazards related to information security. However, there are limited studies regarding the effectiveness of training programs. The aim of this paper is to propose a framework that provides guidelines for healthcare organizations to select an effective information security training delivery method. In addition, this paper proposes a guideline to develop information security content for awareness training programs. Lastly, this study attempts to implement the proposed framework in a selected healthcare for evaluation. Hence, a serious game is developed as a training method to deliver information security content for the selected healthcare. An effective training program raises employees' awareness toward information security with a long-term impact. It helps to gradually change employees' behavior over time by reducing their negligence towards secure utilization of healthcare EHR systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.