Analysis of health professional security behaviors in a real clinical setting: An empirical study

José Luis Fernández-Alemán, Ana Sánchez-Henarejos, Ambrosio Toval, Ana Belén Sánchez-García, Isabel Hernández-Hernández, Luis Fernandez

Research output: Contribution to journalArticle

14 Citations (Scopus)


Objective: The objective of this paper is to evaluate the security behavior of healthcare professionals in a real clinical setting. Method: Standards, guidelines and recommendations on security and privacy best practices for staff personnel were identified using a systematic literature review. After a revision process, a questionnaire consisting of 27 questions was created and responded to by 180 health professionals from a public hospital. Results: Weak passwords were reported by 62.2% of the respondents, 31.7% were unaware of the organization's procedures for discarding confidential information, and 19.4% did not carry out these procedures. Half of the respondents (51.7%) did not take measures to ensure that the personal health information on the computer monitor could not be seen by unauthorized individuals, and 57.8% were unaware of the procedure established to report a security violation. The correlation between the number of years in the position and good security practices was not significant (Pearson's r=. 0.085, P=. 0.254). Age was weakly correlated with good security practices (Pearson's r=. -0.169, P=. 0.028). A Mann-Whitney test showed no significant difference between the respondents' security behavior as regards gender (. U=. 2536, P=. 0.792, n=. 178). The results of the study suggest that more efforts are required to improve security education for health personnel. Conclusions: It was found that both preventive and corrective actions are needed to prevent health staff from causing security incidents. Healthcare organizations should: identify the types of information that require protection, clearly communicate the penalties that will be imposed, promote security training courses, and define what the organization considers improper behavior to be and communicate this to all personnel.

Original languageEnglish
Pages (from-to)454-467
Number of pages14
JournalInternational Journal of Medical Informatics
Issue number6
Publication statusPublished - 1 Jun 2015
Externally publishedYes



  • Health personnel
  • Personal health information
  • Privacy
  • Security
  • Surveys

ASJC Scopus subject areas

  • Health Informatics

Cite this

Fernández-Alemán, J. L., Sánchez-Henarejos, A., Toval, A., Sánchez-García, A. B., Hernández-Hernández, I., & Fernandez, L. (2015). Analysis of health professional security behaviors in a real clinical setting: An empirical study. International Journal of Medical Informatics, 84(6), 454-467.