Cybersecure: Your Medical Practice, a free Flash game, is the first in a series of video games from the US Department of Health and Human Services that aims to teach medical professionals about the importance of maintaining data security, reports American Medical News.
According to the Department's Office of the National Coordinator (ONC) for Health Information Technology, many small medical practices fail to understand and uphold the Health Insurance Portability and Accountability Act (HIPAA). The act, which was passed in 1996, lays out standards for keeping patients' personal information secure as the country moves toward the use of electronic health records.
The ONC understands that small practices are limited by a lack of budgetary and personnel resources, so its Office of the Chief Privacy Officer developed Cybersecure as a cost-effective way to train medical professionals about information security. "The use of gamification by ONC is an innovative approach aimed at educating health care providers to make more informed decisions regarding privacy and security of health information," says the game's website.
Cybersecure looks like a Facebook title and is more of an interactive story than a video game per se, but the ONC hopes its virtual consequences will serve as a warning against lax information-security restrictions. The game resembles an employee safety Q&A, with a variety of questions asking medical professionals what they would do in a situation that threatens to compromise a patient's information. In one example, an employee asks to bring an office laptop home — with unencrypted patient data — to catch up on work.
For each correct answer, the modest practice expands into a new area or adds furniture, and the game provides the user with a new security tip. But an incorrect answer has serious ramifications: the office might lose an exam room. According to Laura Rosas, privacy and security professional for the ONC's Office of the Chief Privacy Officer, Cybersecure "is certainly not the entire training one needs for HIPAA privacy and security, but it is a very effective piece of that training."