Data Protection in Healthcare Research: Medical Students' Knowledge and Behavior.

Abstract

Healthcare research involves handling personal health information. Information security policies are implemented in research institutions to ensure data subjects' rights but are not always respected due to researchers' neglect or unawareness. This paper is part of an action research project at Saint Joseph University in Lebanon aiming to increase researchers' compliance with the university's information security policy. An anonymous online questionnaire was administered to medical students to evaluate their knowledge and behavior regarding patient data handling in research projects. 38 responses were collected. Results show that most students collect patient data for research, and are frequently not aware of, and do not comply with, the existing information security policy. We also found correlations between low knowledge and non-compliant behaviors including clicking on links from unknown senders, leaving computers unattended, and sharing data insecurely. To address these issues, we plan to implement various Information Security Awareness interventions and compare their effectiveness.