Informationssäkerhetsmedvetenhet : Vårdpersonals efterlevnad av informationssäkerhetspolicy i Sverige

Sammanfattning: Information security is important in all organizations, not least in healthcare. To maintain the safety, you need policies and guidelines that employees must adhere to. However, it’s problematic if these are not followed adequately by the employees. The purpose of this study is to develop recommendations for increased information security policy compliance in Swedish healthcare. This study gathered data through semi-structured interviews with healthcare employees in Sweden which is then analysed with thematic analysis method. The study examines which methods management and IT-staff use to communicate and educate healthcare employees. The respondents indicated that they have a basic understanding for privacy and how it relates to their daily operation. There are flaws in their understanding of information security policies and what the consequence of poor compliance is. There are clear indications that the employees are willing and eager to develop their knowledge. The study concludes with recommendations for how organisations can educate their healthcare employees. There are some measures that should be kept and other factors that should be considered during communication and education. The authors notes that information security awareness is fundamental for policy compliance in the organization. Recommendations for how information security awareness can be increased in healthcare employees is presented.