Analysis of health professional security behaviors in a real clinical setting: an empirical study.

OBJECTIVE: The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. METHOD: Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. RESULTS: Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=0.085, P=0.254). Age was weakly correlated with good security practices (Pearson's r=-0.169, P=0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (U=2536, P=0.792, n=178). The results of the study suggest that more efforts are required to improve security education for health personnel. CONCLUSIONS: It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel.

Estudio sobre la importancia y la seguridad de uso de las contraseñas en el ámbito laboral sanitario / Study of the importance and security level of passwords in the healthcare setting

No disponible

Guía de buenas prácticas de seguridad informática en el tratamiento de datos de salud para el personal sanitario en atención primaria / A guide to good practice for information security in the handling of personal health data by health personnel in ambulatory care facilities

Con la introducción de la historia clínica digital surge la necesidad de reforzar la seguridad de los datos personales de salud para garantizar su privacidad. A pesar de la gran cantidad de medidas de seguridad técnicas y de recomendaciones existentes para el ámbito sanitario, hay un aumento en las violaciones de la privacidad de los datos personales de los pacientes en centros sanitarios, en muchos casos como consecuencia de errores o descuidos de los profesionales sanitarios. En este trabajo se presenta una guía de buenas prácticas de seguridad informática en la manipulación de los datos personales de salud por parte del personal sanitario, elaborada a partir de recomendaciones, normativa y estándares nacionales e internacionales. El material presentado en este trabajo puede emplearse tanto en la formación como en auditorías de seguridad informática a trabajadores de los centros de atención primaria (AU)

The appearance of electronic health records has led to the need to strengthen the security of personal health data in order to ensure privacy. Despite the large number of technical security measures and recommendations that exist to protect the security of health data, there is an increase in violations of the privacy of patients’ personal data in healthcare organizations, which is in many cases caused by the mistakes or oversights of healthcare professionals. In this paper, we present a guide to good practice for information security in the handling of personal health data by health personnel, drawn from recommendations, regulations and national and international standards. The material presented in this paper can be used in the security audit of health professionals, or as a part of continuing education programs in ambulatory care facilities (AU)

[A guide to good practice for information security in the handling of personal health data by health personnel in ambulatory care facilities]. / Guía de buenas prácticas de seguridad informática en el tratamiento de datos de salud para el personal sanitario en atención primaria.

The appearance of electronic health records has led to the need to strengthen the security of personal health data in order to ensure privacy. Despite the large number of technical security measures and recommendations that exist to protect the security of health data, there is an increase in violations of the privacy of patients' personal data in healthcare organizations, which is in many cases caused by the mistakes or oversights of healthcare professionals. In this paper, we present a guide to good practice for information security in the handling of personal health data by health personnel, drawn from recommendations, regulations and national and international standards. The material presented in this paper can be used in the security audit of health professionals, or as a part of continuing education programs in ambulatory care facilities.