DQ2, Week 4:Do you think the Health Insurance Portability and Accountability Act (HIPAA) has worked? Explain.Overall, my personal and professional opinion supports that HIPAA has worked. In my profession, HIPAA is a huge barrier to obtain information that we are legally allowed as the workers compensation carrier. Workers Comp. is excluded from having to obtain written or verbal permission from the injured worker to access his or her records, as long as the information pertains to the work related injury. However, numerous times through-out the day we must fax a request in writing with the HIPAA disclaimer which shows the exclusion. I do not become mad or frustrated with the person on the other line as I know they are doing their job. I would want them to protect my information if I were the patient. I also, see a huge difference in medical offices. Before when you checked in your name would be on the clip board and the time you arrived (for anyone to see). Now, the receptionistpulls the information off as soon as you are finished. I have also witnessed facilities have youcheck in and take a number; then your number is called out instead of your name. In most areas I see a positive impact in the application of HIPAA. As with any rule or regulation there will always be those who break the law and as such, face the consequences by means of fines or in some cases punishment with imprisonment. Response 2Initially the HIPAA act was geared toward portability, meaning that if an employee lost their position or moved to another organization that did not offer insurance they could take their insurance benefits with them. The outcome of the final HIPAA act only included the COBRAbenefit, which is linked to employment separation.I think that in some ways the HIPAA act has worked while in others it has created more of a policing burden through its numerous forms and policies that are required for both the patientand the organization. HIPAA has also increased organizational costs related to education, administrative costs, implementation, and legal fees.Certainly, HIPAA has improved patient privacy and health information. Unfortunately, we have no way to measure the successes and benchmark with pre-implementation data since it does not exist. In 2009, HIPAA law was expanded to include covered entity business associates, definition of security breach and disclosure requirements, new restrictions on use and disclosure of protected health information, new patient rights, mandatory compliance audits and heightened HIPAA enforcement. From a personal work related experience, we continue to struggle with ensuring compliance through external communications. I had communicated unsecured email receipt to one health plan for several months (we are requiredto report all violations) and until an auditor during an annual audit physically took my example back to the health plan and showed them the repeated violations did something finally occur to rectify the violation. More challenging is working with the individual physician offices who continually email patient information that in unsecured.In 2009, the penalties for HIPAA violations became more severe and include increased monetary penalties from $1,000 to 1.5 million dollars. The penalties are divided based on the violation being known or unknown. The penalties, which were previously geared toward onlythe organization, were changed to include the individual worker. This further burdened the health care organization by ensuring HIPAA compliance through internal monitoring, policy creation and training. Though we have policies, training and internal auditing, we still are challenged by daily violations. Is this a threat to the patient? Potentially yes. However when you have 75 employees using a copy machine and one accidently takes a record that does not belong to them and then places it back on the copy machine after the owner has left for the day, this is still a HIPAA violation. Another example is where a voice mail indicated they continued to receive faxes that were not theirs. These had patient billing information and were sent to fax the health plan had provided in error. Errors happen. There will be a continual need for efforts to monitor and train and enforce HIPAA but it will never be a challenge to keep all employees current with HIPAA accountability and