Addressing information security training and awareness within the European healthcare community

This paper discusses the need to promote information security issues within modern healthcare establishments and the consequent need for appropriate training and awareness initiatives. Security is an area of extreme significance in healthcare information systems but, whilst the need is generally recognised, many personnel are not familiar with even basic concepts and procedures. As such, adequate promotion of security through training and awareness initiatives is viewed as a vital first step. The paper highlights a series of basic factors that healthcare establishments (HCEs) should consider in setting up a training and awareness framework. The discussion then examines a number of ways in which relevant information may be disseminated to staff, including security guidelines, training seminars and world-wide web based services. The paper is largely based upon work that is currently being conducted as part of the Health Telematics ISHTAR (Implementing Secure Healthcare Telematics Applications in euRope) project.