Abstract:

The increasing prevalence of cyberattacks in the healthcare sector underscores the urgent need to improve information security skills among healthcare professionals (Ponemon Institute, 2023). Despite the implementation of security education, training, and awareness (SETA) programs, many interventions fail to promote secure behaviors due to a lack of domain-specific content and motivational engagement (Rampold et al., 2024). Healthcare professionals often prioritize patient care over cybersecurity and perceive security measures as secondary to their main professional responsibilities (Moyo et al., 2016).

This study examines the effectiveness of a tailored, video-based SETA training that integrates motivational framing strategies to enhance skill acquisition by aligning security behaviors with core professional values such as patient safety, integrity, and ethical responsibility. With this aim, the study tested two motivational framing strategies:
(1) a self-oriented framing that emphasized the protection of the participants' own data and
(2) an other-oriented framing that emphasized the ethical responsibility to protect patient data, thus linking information secure behaviors to the professionals’ commitment to ensure patient safety and trust. By establishing this link, the framing aimed to increase motivation and engagement with the training content. To evaluate the effectiveness of each framing strategy, a randomized controlled trial was conducted with 130 participants from three university hospitals.

The intervention consisted of job-specific training videos designed for three professional groups – physicians, nurses, and administrative staff. Thus, every training video addressed the unique safety risks inherent in their respective workplaces. The videos were structured along a seven-step problem-solving model (Keller et al., 2024). Participants were randomly assigned to one of three conditions:
(1) a control group receiving job-specific videos without additional framing,
(2) a self-oriented framing group that was sensitized to the protection of personal information, and
(3) an other-oriented framing group focusing on the protection of patient information. Pre- and post-training assessments were conducted using Situational Judgment Tests (SJT; Christian et al., 2010) tailored to each job profile.

Across all job profiles, participation in the training led to significant skill improvements (t(129) = 5.58, p < .001, d = 0.52), confirming the effectiveness of the video-based intervention. However, motivational framing strategies showed differential effects. While the self-oriented framing was not significantly superior to the control condition, the other-oriented framing led to significantly higher skill gains (F(2,126) = 5.92, p = .0035, η² = 0.22).

The results highlight the importance of job-specific SETA programs that integrate problem-based learning and motivational framing strategies. Aligning security measures with core professional values, particularly patient safety, markedly increases the impact of training content. By establishing information security as an ethical and professional demand rather than a mere compliance requirement, this approach fosters a deeper commitment to secure workplace behaviors. Future research should explore long-term retention effects and applicability across different professional settings.

Keywords:

Information Security Awareness, Healthcare Data Protection, Motivational Framing, Training Effectiveness.