Ruby Gentry
07/24/2013
HS210: Medical Office Management
Project 3 part 2
Essay about Hippa :

The Health Insurance Portability and Accountability Act (HIPAA), is a nondiscrimination rule within health care or human service organizations. This rule prohibits group health plans and other organizations from discriminating against people because of factors relating to their health. The factors include but are not limited to: physical or mental conditions, medical history, past claims, prior health care received, and information pertaining to a person's genetics. The primary goal of the HIPAA regulation in 1996 was to protect a person's right regarding the release of personal information to unauthorized individuals. When this law went into effect, there were compliance deadlines that were set for all businesses that would be affected by the HIPAA law. The deadline was October of 2002. Some entities were allowed to file for a one-year extension of the deadline. Many organizations failed to do so and are now in violation of the requirements. Most organizations and businesses were given between 12 and 18 months to modify their operations and implement the changes as advised by experts. Many organizations didn't even start implementing the HIPAA rule until after the 2005 Security Standards compliance date. Congress wanted to have harsh implications for those individuals and organizations that did not take the adopting of the data transmission standards and safeguarding medical information seriously. One penalty for noncompliance with HIPAA standards for simple compliance breaches was $100 a person per violation; which could be maxed out at $25,000 per year per person. For any individual or organization that knowingly “misused” or “breached” the HIPAA standards, the penalties increased to $50,000 per person and prison time of up to one year. Any one who “misused” under false pretenses or with the intent to financially benefit could be fined a maximum of $250,000 and 10 years imprisonment. For the health care organizations and any entity that must follow the HIPAA regulations, there are numerous resources out there for them to go to so they know what they need to do, how to implement the changes and what security measures must be taken to ensure compliance with the standards. First thing the human service entity needs to do is to learn more about HIPAA. This could include looking on the internet or speaking with someone who is an expert on the standards. Next, the company should bring HIPAA to the management's attention as soon as possible. This is to make sure that the company can decide if they need to follow the HIPAA rules and try to address them before compliance dates are in effect. The management should appoint someone to be the HIPAA director. This is essential in making sure the entity is successful in satisfying all of HIPAA's requirements. A HIPAA task force should be organized to identify the areas of the company that are at the greatest exposure and to help create training plans for the employees. The next course of action would be to develop a schedule with dates for being compliant and implementing the new procedures.
This law has already been implemented by many health care or human service organizations in the United States. I don't really think there has been a big impact on the day-to-day operations of these entities. The only think I really see, is that there is more paperwork to fill out and privacy statements that have to be signed at any facility you visit if they have to abide by the HIPAA requirements. In my opinion, I do think that