You know that working in or around the healthcare space means you have to comply with the Health Insurance Portability and Accountability Act (HIPAA). You also know that there’s a section within the regulation that recommends HIPAA training to take place. That’s not a surprise.

But, like most laws, there’s a lot up for debate as to what is and isn’t required from a training perspective.

However, there is one aspect we’re certain about. If your organization faces a breach and the Department of Health and Humans Services (HHS) finds that you didn’t implement a training program. You’ll have a massive fine on your hands.

On the other hand, maybe you have a HIPAA training process implemented for new hires but it only happens once throughout their tenure. Let’s say one of your employees accidentally leaks patient information on their social media because they forgot that it wasn’t allowed. If this happens, the HHS will fine you. Not due to the breach itself, but because of the lack of training your employees received.

So with that scenario in mind, it’s important to understand that although annual training isn’t spelled out as a requirement within the law, it’s critical to implement.

OK, we now all know that it’s important to implement consistent trainings for your healthcare employees. The next most important piece is the content and how it’s presented.

HIPAA has three main segments within it…

• Privacy Rule

• Security Rule

• Breach Notification Rule

Each of those sections contain detailed standards, rules and legal terminology within them. In other words, most people won’t understand the content within each segment without simplification. Another aspect to keep in mind is that the content is dry. Topic these standards cover aren’t exciting to most people.

The point I’m trying to make is that going through 50 overly-detailed slides about HIPAA and calling it a training session isn’t effective. Doing this type of training won’t benefit anyone, cost your employees time, and won’t decrease your chances of facing a breach.

The best way to boost retention of employee training is to blend together all three types of learning…

• Visual

• Auditory

• Kinesthetic

If you can achieve that in your training sessions, your employees will retain 90% of the information you go over.

So what’s the best way to create a comprehensive and interactive training program that keeps your employees engaged so they retain the information you give them? Turn the content into fun HIPAA training games.

• Game 1: HIPAA Violation Role-Playing

• Game 2: Spot The Errors

• Game 3: Match The Standard

• Game 4: The Fine is Right

• Game 5: HIPAA Jeopardy!

• Conclusion

Roleplaying is one of the most effective training styles, period. It’s already widely used by managers when training their new sales employees. It’s common in this particular field because it’s heavily scenario-based.

Luckily, so is HIPAA.

The content housed within the law’s standards presents a perfect opportunity for you to act out different scenarios that may or may not be a violation of the law.

For this activity, write out a few scenarios in a narrative format that include characters, actions and dialogue. You could create a scene based on something that’s happened to other companies in your industry like when a celebrity checks into a regional hospital or make them up on your own. Either way, have them ready beforehand. 

During the training session, ask for two or three volunteers out of the group and give them each a character. Then start the scenes.

After each scene, ask the audience whether or not it was a HIPAA violation and for their explanation. Encourage everyone to come together on a decision as a group. Once they’ve come to a conclusion, tell to them whether they were right or wrong.

Then, replay the scene line by line with the volunteers and breakdown what was right or wrong.

Role-playing different scenarios gives your employees hands-on experience. That way they’ll know what not to do if they face a similar situation from this exercise while on the job.

Remember those activity books you used to play with when you were a kid? Between all of the crossword puzzles and word searches, you’d occasionally stumble across a hidden object puzzle.

If my description above didn’t jog your memory, let me describe these activites. An image canvased the entirety of the page and, at the top, the directions read something like, “The image below contains 30 different animals. Can you find them all?” You’d then dart your eyes all around the image trying to make outlines into animals and point them out to your friends.

So how can you turn something like this into a HIPAA training game? It’s a similar concept to the first activity I mentioned in this blog post.

However, instead of having different scenes with gaps in between them you combine everything into one narrative.

Before the scene starts tell the audience that they’ll need to make note of everything that they think is a violation in the upcoming skit. Once its over, discuss with them what they noticed and their reasonings.

Now, not every volunteer you have will be a natural actor. They’re not expected to be, but this could make it harder for the audience to understand what’s going on. To avoid any issues, you could pre-record the scene. This way, you’ll always have it ready for future training.

As an example, Emtrain did a similar exercise within a 60-second video. They go through an entire, seamless scene. Once the scene ends they break down each instance of a HIPAA violation.

As I mentioned in the introduction, each HIPAA rule contains a series of standards.

To better explain the concept of this activity I’ll give you an example; within the Security Rule contains the Person or Entity Authentication standard. This standard states that healthcare organizations need to implement procedures that authenticate users before granting access.

Now that we know what that standard does, I’ll explain how to set up the game.

1. Make three different sets of cards; one for each rule.

2. Write down the name of a standard on individual cards, label “Standard” on the backside of these cards.

3. Write down the definition of the standards on separate, individual cards and label “Definition” on the back of these cards.

Once you have all of the cards set up, shuffle them and deal each face down in an even rectangle. Choose who goes first. Each player turns over one standard card and one definition card.

The overall objective is to match the standard cards with their definition. A player’s turn ends when they don’t make the correct match.

This game takes a concept we’re all familiar with and turns it into a fun activity that will help train your employees.

This one isn’t much of a study tool but rather it can serve as an informative icebreaker. If you’re a healthcare organization, you don’t budget for huge prizes like popular game shows.

Instead, you have access to a ton of reports about other companies in your industry who faced fines due to their lack of compliance. Choose a wide range of violations from those related to cybersecurity to ones that happened on review websites.

No matter what you choose, divide your employees into even groups and read them a report from a recent HIPAA violation. Don’t let anyone know the fine the organization involved in the breach had to pay. After you’ve read what happened, let the teams discuss amongst themselves how much they think HHS fined the organization. Once all teams are ready, have them all guess one at a time. The team with the closest guess to the actual amount wins the round.

This game will help get your employees ready for your fun training session while informing them of the severity of violations. 

One of the most classic and easier activities to set up for training sessions is Jeopardy! We’ve all played a version of this at some point.

Come up with six different categories related to HIPAA. Within each category list five questions ranging in difficulty and value. Divide your employees into equal teams and let them choose questions. Reveal the questions only when they’re selected. The team with the most points at the end gets bragging rights.

This style of training game is popular because it actually improves understanding and satisfaction at the same time.

At this point, you’re probably like me and also have an affinity for game shows.

They’re just too addicting, right? Well…they’re designed to be that way. I mean, there’s a reason why they’re broadcasted on national television. Could you imagine watching an entire game of Monopoly? No.

Anyway, HIPAA Feud is a take on Family Feud…but with a healthcare twist (duh).

Here’s how you play…

1. Divide your workforce into two teams

2. Have each team select a starting team captain. Captains rotate every round.

3. Fire off multiple trivia questions related to HIPAA while impersonating Steve Harvey (impersonation optional)

4. Have your teams write down their answers to each question

5. Call up the two captains

6. Select one team captain and have them give you all of their teams answers

7. Each correct answer counts as 1 point

8. Any incorrect answer given by the first selected captain

Ask anyone who was around during the 90’s and they’ll remember the classic game show Beyond Belief: Fact or Fiction with Jonathan Flakes

Throughout each episode, the audience would watch a series of different bizarre scenarios play out. The catch? One of the several re-enacted scenarios wasn’t fiction, it actually happened. Although that show only aired for four seasons, it left its mark on an entire generation.

Anyway, you can recreate the premise of this show and turn it into a fun HIPAA training game.

1. Look up and find some of the most disastrous HIPAA violations. The more outlandish the scenario that occurred, the better. 

2. Come up with equally outlandish scenarios that never happened and sprinkle them in with the ones that actually happened.

3. Read a handful of scenarios aloud to your team. At the end of each scenario, ask your team to vote if it was real or fake.

4. Each correct guess is a point. The team that got the most answers right wins.

Yes, you can also call this game HIPAA: Fact or Fiction.

This is an easy, fun game to incorporate into your annual HIPAA training. It helps your team understand that breaches aren’t always cut and dry.

By now you’ve noticed that a lot of these games are similar to ones you played at some point during your traditional schooling, usually right before a test. Teachers create games like this to engage their students in the content they’re testing on.

Well, HIPAA training is not that much different than the material learned during school.

Sure, it’s comprehensive and can get a little confusing at times. But you can teach each rule within the regulation as its own section. Then, choose a game for each section that touches on the standards within them.

Sure, there’s a little more effort that needs to happen on the front-end of these training sessions. You’ll need to make each lesson plan on your own, ensuring that the content you provide during these games is comprehensive. But once it’s done, you’ll only have to make updates to it every now and then.

Regardless, making these annual sessions more engaging for your employees by creating fun HIPAA training games will definitely be more effective than a long PowerPoint presentation or dull video.

Etactics has a managed HIPAA training program that not only keeps your employees engaged, but also ensures 100% retention. Achieving HIPAA compliance requires more than checking a box. If your team doesn’t retain the information that’s covered during your training sessions, they’re still the biggest risk to your organization from a compliance standpoint.