Electronic Health Records and Cyber Hygiene: A Qualitative Study of the Awareness, Knowledge, and Experience of Physicians in Kuwait

ABSTRACT Threats against electronic medical and health records are on the rise. These threats include phishing attacks, malware and ransomware, encryption blind spots, cloud threats, and most important one is the internal threat caused by gaps in the level of awareness and knowledge of the employees and health practitioner of handling sensitive healthcare data. Cyber hygiene is a term used to describe both the technical and non‐technical threats. In the same way, personal hygiene practices are used to maintain one's own health and protect against diseases, cyber hygiene security practices are important in protecting and preserving sensitive electronic health information systems. In this paper, we report on the findings of a cyber hygiene study carried out in Kuwait with the objectives of assessing the level of awareness, knowledge and experience of physicians and healthcare professionals. The study identified seven different areas or barriers that impacted the cyber hygiene and the adoption of electronic health medical records in Kuwait. The seven areas include financial barriers, time, difficulty of using technology, lack of management support, negative attitude toward the use of electronic medical records, legal and ethical issues, as well as cultural barriers. Most of the physicians interviewed lacked the awareness and basic knowledge needed to practice cyber hygiene. Most physicians were not aware of regulation or standards pertaining to the use of electronic medical records.