Explore our sister journals here.

Maintenance Notice

Due to necessary scheduled maintenance, the JMIR Publications website will be unavailable from Wednesday, July 01, 2020 at 8:00 PM to 10:00 PM EST. We apologize in advance for any inconvenience this may cause you.

Who will be affected?

Accepted for/Published in: JMIR Formative Research

Date Submitted: Aug 4, 2023
Date Accepted: Feb 8, 2024

The final, peer-reviewed published version of this preprint can be found here:

Usability and Feasibility Evaluation of a Web-Based and Offline Cybersecurity Resource for Health Care Organizations (The Essentials of Cybersecurity in Health Care Organizations Framework Resource): Mixed Methods Study

O'Brien N, Fernandez Crespo R, O'Driscoll F, Prendergast M, Chana D, Darzi A, Ghafur S

Usability and Feasibility Evaluation of a Web-Based and Offline Cybersecurity Resource for Health Care Organizations (The Essentials of Cybersecurity in Health Care Organizations Framework Resource): Mixed Methods Study

JMIR Form Res 2024;8:e50968

DOI: 10.2196/50968

PMID: 38603777

PMCID: 11046383

Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.

Usability and feasibility evaluation of an online and offline cybersecurity resource for healthcare organizations (the ECHO framework resource): A mixed methods study

  • Niki O'Brien; 
  • Roberto Fernandez Crespo; 
  • Fiona O'Driscoll; 
  • Mabel Prendergast; 
  • Deeph Chana; 
  • Ara Darzi; 
  • Saira Ghafur

ABSTRACT

Background:

Cybersecurity is a growing challenge for health systems globally as the rapid adoption of digital technologies has led to increased cyber vulnerabilities with implications for patients and health service providers. It is critical to develop workforce awareness and training as part of a safety culture and continuous improvement within health care organisations. However, there are limited open access, healthcare-specific resources to help organisations at different levels of maturity develop their cybersecurity practices.

Objective:

To assess the useability and feasibility of the ECHO framework resource and evaluate the strengths, weaknesses, opportunities, and threats associated with implementing the resource at the organisational level.

Methods:

A mixed-methods, cross-sectional study of acceptability and useability of the ECHO framework resource was undertaken. The research model was developed based on the Technology Acceptance Model. Members of the Imperial College Leading Health Systems Network and other health care organizations identified through the research teams’ networks were invited to participate in the research. Study data was collected via online surveys 1-month and 3-months from the date the ECHO framework resource was received by the participants. Quantitative data were analysed using R (v.4.2.1). Descriptive statistics were calculated using the mean and 95% confidence intervals. T-tests were used to determine significant differences between the distribution of answers from comparing results from the two survey time points. Qualitative data were analysed using Microsoft Excel. Thematic analysis used deductive and inductive approaches to capture themes and concepts.

Results:

A total of 16 healthcare organizations participated in the study. The ECHO framework resource was well accepted and useful for healthcare organizations improving understanding of cybersecurity as a priority area in healthcare organisations, reducing threats, and enabling users to develop organisational planning. Although not all participants were able to implement the resource as part of ICT cybersecurity activities, those who did were positive about the process of change. Learnings from the implementation process included usefulness of resource for awareness raising, as a reference guide, and ease of use based on familiarity with other standards, guidelines, and tools. Participants noted that several sections of the framework were difficult to operationalise due to costs/budget constraints, human resource limitations, leadership support, stakeholder engagement, and limited time.

Conclusions:

The research identified the acceptability and utility of ECHO framework resource as a health-focused cybersecurity resource for health care organizations. As cybersecurity in health care organizations is everyone’s responsibility, there is potential for the ECHO framework resource to be used by staff with varied job roles. Future research should explore how the resource can be updated for ICT staff and how educational snapshots on aspects of the framework could be developed as an educational tool for other staff groups.


 Citation

Please cite as:

O'Brien N, Fernandez Crespo R, O'Driscoll F, Prendergast M, Chana D, Darzi A, Ghafur S

Usability and Feasibility Evaluation of a Web-Based and Offline Cybersecurity Resource for Health Care Organizations (The Essentials of Cybersecurity in Health Care Organizations Framework Resource): Mixed Methods Study

JMIR Form Res 2024;8:e50968

DOI: 10.2196/50968

PMID: 38603777

PMCID: 11046383

Download PDF


Request queued. Please wait while the file is being generated. It may take some time.

© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.