Over the years, as breaches have become more prevalent, more and more companies are engaging in some sort of employee training program.

Although many companies have taken part in some sort of training program, many still have employees who lack basic security knowledge. Companies across the board, even those outside of health care, continue to find that one of their primary areas of security risk lies with their employees’ ability to recognize and avoid potential threats. To assess employee knowledge, security awareness training company, MediaPRO, conducts an annual study of “employees’ security awareness and knowledge of cybersecurity best practices.”

In the 2018 study, MediaPRO measured employees’ reactions to a large variety of threats to assess how susceptible they are to leave the system vulnerable. They evaluated the employee’s ability to identify phishing threats, possible malware infections, and risks in cloud computing and social media. Additionally, they tested their knowledge of physical security, working remotely, and reporting security incidents is also tested.

This year’s study consisted of 1,024 employees from seven industry sectors. Each of these individuals took part in the State of Privacy and Security Awareness study: they were asked questions concerning all of the topics listed above. After the study was completed, each individual who participated was placed in a category based off of the percentage of questions they got right. They were either a “hero”, a “novice”, or a “risk.”

  • Hero – someone with a superb understanding of electronic security and how to protect assets.
  • Novice – a person who has an average understanding of the basics of cybersecurity but still needs greater improvement in crucial areas
  • Risk – one who lacks a sufficient understanding of cyber threats and has limited comprehension of online security practices. This person would represent a significant risk.

The results of the study this year were better than ever with a record 25 percent of employees being ranked as “hero,” but they were considerably worse across the board. The results of the study as a whole could leave many questioning the security of their own personal information. Of this group, 75 percent of them “lacked security awareness to some degree” and many of them answered fewer than 90 percent of the questions correctly. The number of “risk” employees has drastically increased from past years

In order to keep ePHI safe, all employees need training. In the health care field specifically, this training is continually needed as technology continues to change. It is up to each health care entity to ensure that their employees have the most recent training and knowledge of policies pertaining to confidentiality, specifically the HIPAA policies.

“Healthcare managers need to take more action and be held accountable for training their employees regarding the confidentiality of electronic health records,” Julia VanderMolen, PhD told Educational Perspectives in Health Informatics and Information Management (EPHIIM).

There are many easy ways to begin making sure that your employees are getting the basic security knowledge that they need; start with HIPAAgps to get your employees on track to protecting the confidentiality of your patient’s Protected Health Information (PHI). HIPAAgps provides an extensive HIPAA training portal that includes videos covering standards and quizzes to help employees retain important privacy and security information.