HIPAA Tabletop Exercise Script
A facilitated tabletop exercise script for small medical clinics covering three HIPAA incident scenarios: lost device, misdirected fax, and unauthorized EHR access — with participant roles, discussion questions, and an after-action review template.
Short answer
A complete 90-minute HIPAA tabletop exercise for small clinic teams. Three scenario scripts — lost staff device, fax sent to wrong number, unauthorized EHR access — with facilitator prompts, discussion questions by role, and an after-action review template that turns findings into compliance tasks.
What is inside
- Three scenario scripts: lost clinic device, misdirected fax with patient data, unauthorized EHR access by a former employee
- Facilitator guide — how to run the exercise, timing by section, and how to handle participants who 'know the right answer'
- Participant role assignments — who plays the Privacy Officer, the clinical staff, the front desk, and the administrator
- Discussion questions for each scenario — surface the real gaps in your team's response capability
- After-action template — convert exercise findings into assigned compliance tasks with owners and deadlines
We publish the same practical templates and decision tools that clinics use to structure recurring HIPAA work. No enterprise gate. No resource-library gimmicks. Just practical material delivered quickly.
Editorial details
Written by: Angel Campa
Reviewed by: PHIGuard Compliance Research
Updated: April 25, 2026
Best next step: Open the matching product path
Verified: April 25, 2026
Sources