HIPAA, the Health Insurance Portability and Accountability Act, was instituted by the U.S. Congress in 1996 as a means of amplifying the protection and privacy of patient health care information. The U.S. Department of Health and Human Services states that HIPAA standards must be adopted by organizations providing medical and health-related services to patients and their families. And integrating HIPAA games into employee training at organizations that provide medical and health-related services can be a fun way to educate employees.

Role Play Demonstrations

Role play is a popular HIPAA training game that teaches employees how to identify HIPAA violations. To play the game, a few trainees are asked to act out a scenario in front of a group. During the demonstration the audience has to observe whether or not the performers adhered to or violated HIPAA rules. At the end of the performance, the audience is asked to summarize which HIPAA rules were followed or ignored. This interactive game gives employees the chance to experience right from wrong, which develops their understanding of HIPAA.


HIPAA relay is a competitive game that tests employees’ knowledge of HIPAA. Line up the training class into two teams. Both teams will be asked a trivia question related to HIPAA, and only the individuals at the front of the line can answer. Whoever answers the question first scores a point for her team. Play continues with the next person in line answering a question. The team with the most points at the end wins. If neither team can answer a question, the players being questioned must step to the back of the line and forfeit the point for that round.

HIPAA Treasure Hunt

HIPAA treasure hunt is a game played to teach trainees how to identify HIPAA breaches. Instruct the trainees to leave the training room and reconfigure the room to resemble a medical office. Divide trainees into small teams before they re-enter the room and provide each team with a piece of paper with one clue written on it. Teams must follow the first clue that leads to a second clue, and so on. A sample clue might say “Someone left me on,” which represents a computer that was not locked or password-protected. Locking and protecting computers with passwords is an example of technical safeguarding, which the U.S. Center for Disease Control states is a requirement under HIPAA’s privacy rule. Teams who are familiar with the HIPAA rules will have an easier time playing this game, which helps trainees avoid common office violations and maintain a HIPAA-compliant work environment.