ONC released its second Web-based security training module, “CyberSecure: Your Medical Practice” for healthcare providers and staff. This latest game focuses on disaster planning, data backup and recovery and other elements of contingency planning. Contingency planning helps providers and staff prepare for power outages, floods, fires or weather related events such as hurricanes or tornadoes. These events can damage patient health information or make it unavailable. Planning for these events can help ensure that patient health information is protected and that patient information can be accessed when the disaster is over.
October is National Cyber Security Awareness Month and is an opportunity for ONC to remind providers about the need to create contingency plans to assure a safe and secure cyber environment. Contingency Planning is also required by the HIPAA Security Rule.
“We know from recent experiences such as Hurricane Sandy, that these events can very adversely impact the delivery of health care,” said ONC Chief Privacy Officer Joy Pritts. “We hope that this video game will raise awareness of contingency planning and help practices begin to develop their own disaster plans, backup and recovery processes and other vital activities.” This new online resource is available at: http://www.healthit.gov/providers-professionals/privacy-security-training-games
About the Video Game
The security training module, which was developed with the assistance of the Regional Extension Center Program’s Privacy and Security Community of Practice, uses a game format that requires users to respond to privacy and security challenges often faced in a typical small medical practice. Users choosing the right response earn points and see their virtual medical practices flourish. But users making the wrong security decisions can hurt their virtual practices. In this version, the wrong decisions lead to floods, server outages, fire damage and other poor outcomes related to a lack of contingency planning.
The use of gamification by ONC is an innovative approach aimed at educating health care providers to make more informed decisions regarding privacy and security of health information.