US Dept. of Health and Human Services video game teaches information security

Cybersecure: Your Medical Practice, a free Flash game, is the first in a series of video games from the US Department of Health and Human Services that aims to teach medical professionals about the importance of maintaining data security, reports American Medical News.

According to the Department's Office of the National Coordinator (ONC) for Health Information Technology, many small medical practices fail to understand and uphold the Health Insurance Portability and Accountability Act (HIPAA). The act, which was passed in 1996, lays out standards for keeping patients' personal information secure as the country moves toward the use of electronic health records.

The ONC understands that small practices are limited by a lack of budgetary and personnel resources, so its Office of the Chief Privacy Officer developed Cybersecure as a cost-effective way to train medical professionals about information security. "The use of gamification by ONC is an innovative approach aimed at educating health care providers to make more informed decisions regarding privacy and security of health information," says the game's website.

Cybersecure looks like a Facebook title and is more of an interactive story than a video game per se, but the ONC hopes its virtual consequences will serve as a warning against lax information-security restrictions. The game resembles an employee safety Q&A, with a variety of questions asking medical professionals what they would do in a situation that threatens to compromise a patient's information. In one example, an employee asks to bring an office laptop home — with unencrypted patient data — to catch up on work.

For each correct answer, the modest practice expands into a new area or adds furniture, and the game provides the user with a new security tip. But an incorrect answer has serious ramifications: the office might lose an exam room. According to Laura Rosas, privacy and security professional for the ONC's Office of the Chief Privacy Officer, Cybersecure "is certainly not the entire training one needs for HIPAA privacy and security, but it is a very effective piece of that training."

More from Polygon

Dark Souls 2: Crown of the Old Iron King Overview

  • Spacecom: a fast 4X built for multiplayer

  • Pillars of Eternity builds on role-playing classics

  • Tour the 1 KB hard drive built inside Minecraft

  • Diablo 3 - Xbox One vs. PC comparison

Latest Discussions

Log In Sign Up

Log In Sign Up

Please choose a new Polygon username and password

As part of the new Polygon launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Polygon going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Polygon username and password

As part of the new Polygon launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Polygon going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.