100 word response due 2/18/2023
Morga
There are various governance policies that can be implemented to assist the outlook of an organization. Within health care, the policy for awareness and training is critical. The electronic health record system is an essential tool that is frequently utilized as it contains patient information. Due to this, it develops an opportunity for threats as human error could likely occur. To reduce the chances of experiencing these issues, training programs are needed.
A study conducted by Ghazvini and Shukur investigated the necessary guidelines and frameworks to enforce the importance of this policy by creating an effective training method in the healthcare industry. There are various factors that are considered such as motivation and design of the training. However, understanding the exact needs of an organization is an aspect that requires attention (Ghazvini & Shukur, 2016). Employees may have their strengths and weaknesses in various areas. By developing a training that focuses on those weak areas, it could show improvement. Another aspect to consider is the presentation of the training method that would be a best fit for the organization (i.e., providing it as a webinar or web-based training). These critical factors assist in selecting an effective training approach to minimize human errors.
Cone Health posted the following policy within their organization: ITS Information Security Training and Awareness Procedure to ensure the confidentiality, integrity, and availability of any protected health information that is received or delivered (Cone Health, 2022). The necessary trainings, contents, and methods of the training was provided as well as those who are responsible for completing the trainings. The policy was effective June 2, 2022 and is set to be reviewed a year from that date (Cone Health, 2022).
I selected P 18.0 Awareness and Training Policy because it is an aspect that all organizations conduct and plays a vital role in information security. It is interesting to know the various approaches and trainings that are developed based on the type of organization and it’s location to best inform employees. Ghazvini and Shukur provided their approach to this and while comparing it to Cone Health, it is applied through another approach that is applicable to their organization. In addition, similarities or differences can be identified in the development of their trainings.