Make HIPAA fun, make lessons memorable

HIPAA education outside the box

What do a stuffed hippopotamus and a very cool hippie have in common? Both are tools used by hospitals to reinforce patient privacy regulations stipulated by the Health Insurance Portability and Accountability Act (HIPAA). "We knew we had to think out of the box to find a way to make the dry topic of HIPAA regulations into something that makes sense and keeps employees’ attention," says Kathleen Graham, JD, LLM, HIPAA privacy officer and director of corporate compliance and privacy for Children’s Hospital in Birmingham, AL.

In order to educate all staff members in the hospital, HIPAA educational sessions were conducted as part of departmental staff meetings, as separate inservice educational sessions, within new employee orientation sessions, and through computerized lessons available to all employees, she points out. The multidisciplinary team responsible for HIPAA education at Children’s knew that it would take more than one or two educational sessions to really get employees to think about privacy on a day-to-day basis, Graham adds.

"We started educating our department heads and managers about four to five years ago, then introduced the education for all employees in the months preceding introduction of the privacy rule," says Pam Atkins, CPHIMS, HIPAA security officer and divisional director of information technology. Now the hospital is incorporating tips related to the security rule into the information.

Betsy Karr, RN, divisional director of surgical/anesthesia services, says, "Because we are a pediatric hospital, we can have fun when communicating with each other without being silly." While the original HIPAA educational session involved one day of inservice for different groups of staff, the education continued with events that reinforced the teaching, she explains. The fun included a scavenger hunt that consisted of hippo fliers posted around the hospital. Each flier contained one HIPAA-related question that the employee was to answer and return to the marketing department for prizes that included movie passes and hippo Beanie Babies, explains Graham. "Of the more than 50 fliers we hid, we only received one wrong answer," she adds.

Other fun activities enabled employees to win hippos that ranged in size from Beanie Babies to a 4-foot-tall stuffed animal. These included Family Feud-type games in meetings that focused on HIPAA questions, e-mail quizzes that went to all employees, a HIPAA holiday choir that sang a song that praised HIPAA rules, and a HIPAA safari theme for educational sessions. "We encourage employees to be on the lookout for HIPAA violations and report them immediately to the compliance department," Graham says. "In fact, we call a HIPAA concern a HIPAAspotamus."

Cartoon hippie spreads word

While Children’s Hospital in Birmingham relied upon a hippopotamus to carry their HIPAA message, the staff at Lee Memorial Health System in Cape Coral, FL, learned about HIPAA regulations from Chip, the hippie. "Chip is a cartoon character that carries our hip on HIPAA’ theme throughout our publications, inservices, videos, and meetings," says Brad Pollins, executive director of learning and performance systems. A multidisciplinary team designed an educational program that would create a cultural transformation in the way staff think about privacy, Pollins says. "The team developed a combination of videos, handbooks, and educational classes to share the information, but we needed something to tie everything together and make it memorable for employees," he adds. The cartoon character, Chip the hippie, appeared on posters and in a cartoon strip that appeared in the employee newsletter, Pollins says. "We also found an employee who dresses as Chip for meetings and special employee events." The HIPAA education program kept the hippie theme going with e-mail quizzes and contests that awarded lava lamps and tie-dyed T-shirts as prizes, he adds.

Pollins’ staff also created a HIPAA site on the hospital’s internal network that employees can access to find answers to HIPAA questions or concerns they may have, he says. The HIPAA pad, as the site is named, enables employees to submit questions or concerns to the compliance department, he explains. "Chip answers the questions with a note that starts out "Hey man," then responds to the employee’s note," he says.

Employees at Children’s Hospital also can use e-mail to report concerns or make suggestions to improve compliance with privacy regulations, says Karr. "Within the surgery areas, staff members suggested locations of whiteboards that would protect privacy, and our post-anesthesia care unit requested curtains for the cubicles," she explains.

An important part of the program at Children’s is the clear identification of who to call if you have questions, says Karr. "Because we are dealing with pediatric surgery patients, we have a larger group of family members who want information and are concerned. It’s nice to have a compliance officer that can be easily reached when we have a question," she says.

Need more information?

Kathleen Graham, JD, LLM, HIPAA Privacy Officer, Director of Compliance and Privacy, Children’s Hospital of Alabama, 1600 Seventh Ave. S., Birmingham, AL 35233. Telephone: (205) 939-9271. E-mail:

Brad Pollins, Executive Director of Leaning and Performance Services, Lee Memorial Hospital, 636 Del Prado Blvd., Cape Coral, FL 33990. Telephone: (239) 772-6734. E-mail: