ONC takes stab at HIPAA training and compliance with gaming format

The ONC's chief privacy officer uploaded two game-based HIPAA training modules to prepare players for compliance. Can you get a high score?

Implementing the appropriate safeguards to protect patient's health records can be complex for health organizations.

In large healthcare facilities the availability of a compliance officer ensures the presence of professionally trained individuals who install and monitor the necessary safeguards to ensure compliance.

Many of the game scenarios ring realistic. They provide insights into common issues small healthcare provider offices face.

For smaller medical practices it can be challenging to navigate through the technical and administrative compliance requirements of HIPAA. For that reason, the Office of the National Coordinator for Health IT (ONC) developed two Web-based HIPAA training modules. Now live, ONC designed these exercises to assist small medical practices with the challenges that are often faced when responding to privacy and security concerns.

The training modules are set up in a game format that requires users to choose a response to several scenarios, with correct answers scored 10 points each. Questions vary from the technical side of HIPAA to the administrative. It's more than a tabletop brainstorm: Many of the game scenarios ring realistic. They provide insights into common issues small healthcare provider offices face.

The National Institute of Standards and Technology (NIST) also offers online resources and tools that can be downloaded and used to assist in reviewing HIPAA's many and varied requirements. The NIST tools come in the format of questions both on technical and administrative topics; each focuses on a different requirement.

While the site ONC offers provides some insights on how to handle some security challenges, it is imperative to remember that all organizations small or large must ensure that they comply with all of HIPAA's privacy and security rules. Failure to do so could put a practice at risk for financial penalties as well as legal turmoil and negative publicity arising from any breaches.

Reda Chouffani is vice president of development with Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email editor@searchhealthit.com or contact @SearchHealthIT on Twitter.

This was first published in November 2013

Dig deeper on Electronic health records privacy compliance



Enjoy the benefits of Pro+ membership, learn more and join.