Observational Measures for Effective Profiling of Healthcare Staffs' Security Practices

Abstract

The healthcare sector is characterized with variant situations and services such as emergency services, collaborations in patient care and patient referrals. These activities require erratic accesses and electronic exchange of personal health information (PHI) between health professionals and healthcare organizations. Also, healthcare information is deemed to be among the most confidential of all types of personal data. Analyzing and modeling the security threats emanating from healthcare staffs' security practices therefore need an efficient approach. There is a need for tailored measures to be adopted in assessing healthcare personnel security practices in relation to Confidentiality, Integrity and Availability (CIA) threats. Standards and technical security implementations, required by regulatory bodies, have resulted in tracking healthcare staffs' security practices in various data sources which can be explored for security countermeasures. A literature survey was adopted to obtain the most appropriate observational measures that can be used to empirically study healthcare staffs' security practice analysis, modeling and incentivization (HSPAMI). The survey was conducted in journal and conference articles, healthcare security breaches reports and AI tools for detecting anomalous healthcare staff security practices. The survey results did not find a comprehensive and tailed observational measures suitable for the HSPAMI project. A comprehensive and tailored observational measures were therefore developed from healthcare standards, legal, regulatory aspects, and the code of conduct. Observational measures relating to healthcare security practices such as self-authorization, inter-organizational accesses to PHI and ICT readiness were found to be unique and have not been factored in existing observational measures for efficient profiling of healthcare staffs.