ASSESSING STAFF ATTITUDES TOWARDS INFORMATION SECURITY IN A EUROPEAN HEALTH-CARE ESTABLISHMENT

Information security is now recognized as an important consideration i n modern healthcare establishments (HCEs), with a variety of guideline s and standards currently available to enable the environments to be p roperly protected. However, financial and operational constraints ofte n exist which influence the practicality of these recommendations. Thi s paper establishes that the staff culture of the organization is of p articular importance in determining the level and types of security th at will be accepted. This culture will be based upon staff awareness o f and attitudes towards security and it is, therefore, important to ha ve a clear idea of what these attitudes are. To this end, two surveys have been conducted within a reference environment to establish the at titudes of general users and technical staff, allowing the results to be fed back to HCE management to enable security policy to be appropri ately defined. These results indicated that, although the establishmen t had participated in a European healthcare security initiative, staff attitudes and awareness were still weak in some areas.