Avatar Game Simulates Health IT Security Scenarios - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
9/25/2012
09:49 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Avatar Game Simulates Health IT Security Scenarios

IT experts see value in training tool for smaller practices, but interactive video also an effective training tool.

Uncle Sam Shares 12 Top Health Apps
Uncle Sam Shares 12 Top Health Apps
(click image for larger view and for slideshow)
The Office of the National Coordinator (ONC), looking to gaming technology to improve training in IT security, recently introduced CyberSecure: Your Medical Practice--a Web-based security training game that uses avatars to simulate real-life security scenarios.

Laura Rosas, privacy and security professional at the ONC, said in a recent webinar that she sees the game as "a way to bring [IT security training] to people on the front line." She and Will Phelps, HIT cyber security project office, developed the game over a series of months in an effort to "address a series of dilemmas staff were having."

"The game is designed to have value for everyone, but particularly smaller practices," she said. "They don't have the budget and infrastructure. We're targeting the game toward these practices." Rosas added that ONC is planning on developing a series of games, "but this is a great first step."

[ Innovative approaches to medical data analysis can lead to better care and lower costs. Read more at Health IT's next challenge: Comparative Effectiveness Research. ]

The game addresses topics such as best practices to keep passwords secure, strategies to protect patient information, how to control access to patient information, and how to secure and encrypt information residing on mobile devices. Game players receive questions from avatars posing as medical staff and have to choose the best answer to control health information, Rosas explained.

At the beginning of the game, players are told they're part of a doctor's office, which gains and loses resources--like exam rooms--depending on how well the player does. An avatar explains the layout of the game, the rules, and the timeline at the bottom of the screen, which displays the player's score. The player selects a security "scenario" to play out, which asks him or her to answer a question at the end of each scenario. If the player answers correctly, she gains resources; if she answers incorrectly, her decision "affects the practice," said Rosas, and she loses resources.

At the end of each round, players who answer questions correctly are given access to a glossary of terms and "sticky notes." The notes provide additional tips on best practices as well as explanations of correct answers to previously posed questions.

Chad Boeckmann, president at Secure Digital Solutions, said in an interview with InformationWeek Healthcare that the rise of these gaming platforms is inevitable, especially considering the younger, incoming workforce. "...With companies like Zynga and Facebook applications, we're going to see those platforms deployed in achieving certain business objectives, like training," he said. "You can take a game like Farmville and turn it into a fun way for organizations to educate their user base, many of which don't have a background in information security or IT."

Although Boeckmann sees value in games like ONC's, he believes another training option could come to the forefront more quickly. Interactive video content, he predicts, will make a bigger splash, training-wise, than gaming. "I think it's coming sooner and is more adaptable to organizations as opposed to gaming," he said. "Gaming is going to take more time."

Mahmood Sher-Jan, vice president of product development at ID Experts, said based on his experiences, organizations are leaning more toward real-life role playing than games to train employees. "We don't call it game playing," he said. He and his team are seeing an uptick in role playing, with organizations requesting to do this type of "table-top incident response planning" to determine their biggest risks and how they would respond to certain scenarios.

"Sometimes everyone knows it's a game, but sometimes they want to do it as if it's real," he said. "This process can prevent incidents from occurring because it forces you to look at policies and procedures and to identify an incident. All aspects of that process are exercised."

InformationWeek Healthcare brought together eight top IT execs to discuss BYOD, Meaningful Use, accountable care, and other contentious issues. Also in the new, all-digital CIO Roundtable issue: Why use IT systems to help cut medical costs if physicians ignore the cost of the care they provide? (Free with registration.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
Commentary
How to Convince Wary Customers to Share Personal Information
John Edwards, Technology Journalist & Author,  6/17/2019
Commentary
The Art and Science of Robot Wrangling in the AI Era
Guest Commentary, Guest Commentary,  6/11/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Slideshows
Flash Poll