Title: Technology and Health Care Search for Conference Proceedings Publications

Pages: 389-390

ISI Web of Knowledge

Scopus - 1 Citation

Authenticus ID: P-007-F25

Abstract (EN): Introduction: With the adoption of new information systems in healthcare, young doctors need to comprehend them from their conception. Therefore, all feedback provided during their training into the medical profession is essential for the enhancement of those systems, moreover in terms of information security. The Biostatistics and Medical Informatics Department of Porto Faculty of Medicine teaches Ethics and Medical Informatics to 1st year medical students. The later subject includes theoretical and practical lectures about Electronic Patient Records (EPR) and information security. This study aims to investigate the attitudes and awareness of 1st year medical students towards security issues relating to EPR. Methods: The students responded to the same questionnaire before Ethics and Medical Informatics' lectures at the beginning of the academic year of 2003/2004 and, again, at the end of the year after those lectures. This questionnaire was anonym and presented 3 scenarios. The first scenario described a breach of patient confidentiality by a colleague, asking whether students could recognize that breach (Q1A) and also, the attitude of the respondents in knowing about it (Q1B); the second asked if the students would alter their answer to Q1B by realizing that their colleague shared a password with a friend, and that friend committed the security breach (Q2); the third scenario asked if sensitive information (i.e. related to VIPs or sexual diseases) needs stronger security protection than other sensitive healthcare information (Q3). The answers were inserted in SPSS and analysed separately. Results: A total of 460 questionnaires were filled by the students. 52% (238) were answered before the lectures started, whilst 48% (222) after the lectures finished. In Q1A, 98% (450) of the answers were valid. At the beginning of the year 99% (232) of the students identified a security breach of EPR confidentiality, while at the end of the year, 100% (217) did the same. For Q1B, 60% (276) of the answers were valid. At the beginning of the year, 54% (77) students felt they would reason with the responsible for the breach, whilst 29% (42) affirm they would, instead, inform responsible authorities about that breach. At the end of the year, 44% (58) thought they would still talk with the responsible and 41% (54) would inform responsible authorities. In Q2, 62% (287) of the answers were valid. At the beginning of the year, 74% (109) of the students would not alter their answer to Q1B whilst, at the end of the year, 83% (115) thought the same. For Q3, 89% (410) of the answers were valid. At the beginning of the year, 44% (91) of the students felt no extra security measures should be applied, the main reason being the fact that all security measures must be effective for all cases, independently of the patient or healthcare performed. 55% (112) thought extra security measures were necessary because they affirm there is the need to protect certain social groups from discrimination. Again, at the end of the year, 38% (77) felt no extra security measures were needed whilst 62% (127) thought there were. Discussion: According to this study results, after Medical Informatics and Ethics lectures, students feel more conscientious to report confidentiality breaches to responsible parties (Q1B). They understand better how to behave in order to protect confidentiality of electronic information and consider indirect disclosure of sensitive information, such with another person's password, a serious fault (Q2). Further, at the end of the year, students become more aware for the need of different protection levels of security depending on how sensitive information can be (Q3). We believe that the introduction of Medical Informatics and Ethics early in the degree has an influence in the awareness and attitudes of first year medical students towards information security and EPR.

Language: English

Type (Professor's evaluation): Scientific