Storyline 360 · Compliance

HIPAA in Practice: Scenario-Based Compliance

A Storyline 360 module built to close the gap between knowing the HIPAA rules and applying them correctly under pressure — designed after a clinic with a 94% quiz pass rate saw incident reports climb 22%.

DesignerGretchen Lautenschlager

ToolsStoryline 360, Canva, Google Forms

Duration30–45 minutes

AudienceMid-level healthcare clinic staff

TypePortfolio Demonstration

EvaluationKirkpatrick L1–4

Project Artifact

Upload your Storyline screenshots or exported demo

Add Storyline screenshots, scenario maps, or demo PDF

PNG, JPG, PDF, ZIP — max 20MB

The Problem

A 94% quiz pass rate was hiding a compliance failure.

Northgate Family Clinic ran annual HIPAA training. Staff could define protected health information, recite the minimum necessary standard, and identify the six patient rights under the Privacy Rule. Quiz scores averaged 94%. On paper, it looked like success.

Then the incident reports came in — a 22% increase in the quarter following the most recent training cycle.

"Employees knew the rules. What they didn't know was what to do in the thirty seconds when the rule collides with a real person standing in front of them."

The problem wasn't knowledge — it was judgment under pressure. The training measured recall. The job required decision-making in ambiguous, real-world situations. Those are not the same skill.

The Process

I designed for the moment of decision, not the moment of recall.

The module opens directly in scenario — no welcome slide, no definitions page. Learners are immediately placed in a situation: a patient's family member is asking for information at the front desk, the phone is ringing, and someone is waiting behind them. What do you do?

Six branching scenarios were developed from real incident report categories, each following three layers:

The situation — realistic context with the ambiguity that makes it hard
The decision branch — three plausible choices, none of them obviously labeled "wrong"
The consequence + coaching — what actually happens, and why one choice protects both the patient and the clinic

A Kirkpatrick L1–4 evaluation plan was embedded from the start: L1 (reaction survey), L2 (scenario performance scores), L3 (manager observation checklist 30/60/90 days post-training), L4 (incident report trends quarter-over-quarter).

Design Artifacts

Upload your scenario map, branching script, or evaluation plan

Add scenario map, branching script, or evaluation plan PDF

PDF, DOCX, PNG — max 20MB

The Result

Learners leave knowing what to do when the rule gets complicated — not just when it's simple.

The finished module gives healthcare staff six practiced scenarios covering the situations most likely to generate an incident report — conversations in hallways, at the front desk, on the phone, and with family members in waiting rooms. Each scenario ends with a coaching layer that explains the reasoning, not just the answer.

The performance support card (designed in Canva) gives staff a quick-reference guide that fits in a badge holder: three scenarios with approved language for the most common HIPAA gray areas.

Branching scenarios from real incident categories

L1–4

Full Kirkpatrick evaluation plan

Decision paths per scenario

What I'd do differently

The six scenarios cover the most common incident types, but not the most severe. In a revision, I'd add a seventh scenario focused on a serious breach situation — not to make the training more alarming, but because the stakes of those decisions are high enough to warrant a separate treatment. I'd also explore whether a brief reflection prompt between the consequence and coaching layer increases engagement over passive reading.