Information security awareness of medical practitioners

Document Type

Conference Proceeding




Computing, Health and Science


Computer and Information Science, Centre for Security Research




This article was originally published as: Williams, P. (2005). Information security awareness of medical practitioners Developing Partnerships: Proceedings of the First Colloquium for Information Systems Security Education - Asia Pacific (CISSE-AP) (pp.32-41) Mawson Lakes, Adelaide. Conference website available here.


Studies have shown deficiency in awareness by medical practitioners of the logistical security issues related to patient data in the electroniC environment. The various profossional associations provide guidance in the form of checklists, but none provide an awareness curriculum Whilst the subject of security is covered in qualifications such as Medical Informatics post-graduate awards, most general practitioners do not possess such qualifications. Therefore, to ensure that practitioners, who are the owners of the personal patient data they collect, are fully informed of the issues, risks and protection available, education is required. In Australia, with the current implementation on a national electronic medical records scheme, practitioners need to be more aware and assume direct responsibility for the security of their patient data. This paper proposes a framework for medical practitioners to increase the awareness and knowledge on information security in the medical environment