DQ2 Week 4 Do you think the Health Insurance Portability and Accountability Act HIPAA has worked Explain Overall my personal and professional opinion supports that HIPAA has worked In my profession HIPAA is a huge barrier to obtain information that we are legally allowed as the workers compensation carrier Workers Comp is excluded from having to obtain written or verbal permission from the injured worker to access his or her records as long as the information pertains to the work related injury However numerous times through out the day we must fax a request in writing with the HIPAA disclaimer which shows the exclusion I do not become mad or frustrated with the person on the other line as I know they are doing their job I would want them to protect my information if I were the patient I also see a huge difference in medical offices Before when you checked in your name would be on the clip board and the time you arrived for anyone to see Now the receptionist pulls the information off as soon as you are finished I have also witnessed facilities have you check in and take a number then your number is called out instead of your name In most areas I see a positive impact in the application of HIPAA As with any rule or regulation there will always be those who break the law and as such face the consequences by means of fines or in some cases punishment with imprisonment Response 2 Initially the HIPAA act was geared toward portability meaning that if an employee lost their position or moved to another organization that did not offer insurance they could take their insurance benefits with them The outcome of the final HIPAA act only included the COBRA benefit which is linked to employment separation I think that in some ways the HIPAA act has worked while in others it has created more of a policing burden through its numerous forms and policies that are required for both the patient and the organization HIPAA has also increased organizational costs related to education administrative costs implementation and legal fees Certainly HIPAA has improved patient privacy and health information Unfortunately we have no way to measure the successes and benchmark with pre implementation data since it does not exist In 2009 HIPAA law was expanded to include covered entity business associates definition of security breach and disclosure requirements new restrictions on use and disclosure of protected health information new patient rights mandatory compliance audits and heightened HIPAA enforcement From a personal work related experience we continue to struggle with ensuring compliance through external communications I had communicated unsecured email receipt to one health plan for several months we are required to report all violations and until an auditor during an annual audit physically took my example back to the health plan and showed them the repeated violations did something finally occur to rectify the violation More challenging is working with the individual physician offices who continually email patient information that in unsecured In 2009 the penalties for HIPAA violations became more severe and include increased monetary penalties from 1 000 to 1 5 million dollars The penalties are divided based on the violation being known or unknown The penalties which were previously geared toward only the organization were changed to include the individual worker This further burdened the health care organization by ensuring HIPAA compliance through internal monitoring policy creation and training Though we have policies training and internal auditing we still are challenged by daily violations Is this a threat to the patient Potentially yes However when you have 75 employees using a copy machine and one accidently takes a record that does not belong to them and then places it back on the copy machine after the owner has left for the day this is still a HIPAA violation Another example is where a voice mail indicated they continued to receive faxes that were not theirs These had patient billing information and were sent to fax the health plan had provided in error Errors happen There will be a continual need for efforts to monitor and train and enforce HIPAA but it will never be a challenge to keep all employees current with HIPAA accountability and awareness