Beyond stock photos: Developing flexible, creative, and low-cost HIPAA training videos

Ensuring data security is critical, as improper disclosure of data can cost organizations their creditability, future access to data, and significant financial repercussions. Organizations invest heavily in data security technology to meet HIPAA's administrative, physical, and technical requirements. However, as the healthcare system has become more computer-dependent and integrated, the number of people with access to protected health information has grown, leading to more opportunities for data to be disclosed, lost, or stolen. Therefore, data security depends as much on raising staff awareness as on installing security technology. A well-designed data security training program impacts staff behavior and increases the ability to hold them accountable. Training materials, usually presented via videos, are one component. They need to increase awareness of HIPAA's background, purpose, and standards, cover key provisions of the Privacy rule, identify sanctions for violations, and describe actions an individual can take to improve security. In addition to clear and well-explained information, they must visually capture the participants' interest so that critical concepts are internalized and retained. Since technology and rules can change, the process must be flexible enough to be easily adapted. The process must also be relatively low-cost both in development and implementation. To aid in training staff and consultants in data security, the authors created deliberately low-tech awareness videos. Instead of depending on stock photos of attractive businesspeople, the security information is conveyed using a whiteboard, cartoons, humor, and easily remembered images. The videos were designed to be inexpensive and easily updated to meet changing technological, staffing, and federal requirements. The entire process is accomplished in-house and can be used to meet other organizational training needs. This presentation will review the steps taken in designing, implementing, and evaluating the video process, so that attendees can develop their own trainings tailored meet their organizational needs.