Focus Groups

Anticipated Outcomes
The anticipated outcome of this focus group phase of the research project will be to validate the preliminary information security governance framework. Further, the focus groups aim to gain expert opinion on whether the preliminary framework is considered to be complete, useful and valid based on industry best practice.

It is considered important to address whether such a framework can be developed and verified. Achievement of this outcome may contribute to


mitigating information security breaches and thereby minimise the risk of legal and ethical repercussions associated with health information being unintentionally lost or misused. Further, given the exponential increase in the computer security threat environment, this governance framework may provide an effective mechanism to mitigate and manage information security breaches and incidents. Further, measuring and assessing governance enables accurate and timely feedback on information security practice and provides the opportunity to predict and correct ineffective security practices based on outcome indicators and changing environments. The development of the proposed framework will further be innovative in that it will identify the different staff responsibilities for information security within the practice, thereby promoting accountability for security practice.

A total of approximately 32 participants from Western Australia, will be invited to participate in this phase of the research. Participants will be adults over the age of 18, and their age could range up to 70 years of age.

Information security experts will be recruited from all industries for participation in the focus groups. Two focus groups will comprise of identified industry and academic information security experts. Expert participants will be identified industry security experts identified from publically available information.

The second set of focus group participants will be recruited from key healthcare organisations such as the GPCG, RACGP and other healthcare computing groups. Relevant industry healthcare experts identified by the researcher and supervisor from conferences and public appearances will be invited to participate. Additionally, relevant healthcare organisations identified for inclusion in this research will be invited to participate in the research. It is considered to be important to gain the opinion of healthcare industry security experts.

The participants will be invited to participate in approximately four focus groups comprising of a maximum of 8 participants in each focus group. Information security experts will be invited to participate in the focus groups from a wide range of organisations, including healthcare organisations. Healthcare information security participants will be placed in separate focus groups to the general information security participants.

If there is a requirement for further focus group discussions, then more security experts will be recruited to participate, and further focus groups may be conducted until the outcomes for the focus group discussions are met.

The student researcher, Rachel Mahncke, will recruit all participants for this phase of the research.

Potential benefits of this research project to the wider community
This research has significance to the community at large. As general practices improve their computer security practices fewer threats and breaches are likely to occur, meaning that patient health information is better protected from intrusion or attack. Implementation of an information security governance process may provide an effective mechanism to mitigate and manage information security breaches and incidents. This may benefit the wider community in that confidential health information is likely to be better protected. Patients too may feel a greater degree of assurance that their confidential health information is securely protected.

Further, the final governance outcome may benefit a large number of general practices. Improvement in security practices within general practice may positively contribute towards the protection of electronic patient information and therefore timely information resulting in improved patient care. The ability to have accurate and timely information available when and where it is required could help to avoid incorrect diagnoses, incorrect prescription of medications, or even the loss of life (GPCG, 2004). Further applied research into effective information security governance within general practice is required.

Should you wish to participate in this stage of the research, please Contact Rachel.