Awareness Training Transfer and Information Security Content Development for Healthcare Industry

Abstract

Electronic Health Record (EHR) becomes increasingly pervasive and the need to safeguard EHR becomes more vital for healthcare organizations. Human error is known as the biggest threat to information security in Electronic Health Systems that can be minimized through awareness training programs. There are various techniques available for awareness of information security. However, research is scant regarding effective information security awareness delivery methods. It is essential that effective awareness training delivery method is selected, designed, and executed to ensure the appropriate protection of organizational assets. This study adapts Holton’s transfer of training model to develop a framework for effective information security awareness training program. The framework provides guidelines for organizations to select an effective delivery method based on the organizations’ needs and success factor, and to create information security content from a selected healthcare’s internal information security policy and related international standards. Organizations should make continual efforts to ensure that content of policy is effectively communicated to the employees.