to rely solely on what providers told them, and often they were denied access to their own records. Areas of ImprovementWhile HIPAA has proven itself to be a useful tool for protecting patient data, it should be remembered that the P in HIPAA does not stand for privacy, rather it stands for portability. The privacy part was a result of that portability. It was understood that while allowing for easier movement of patient data, security must be in place to ensure the privacy of that data (Butler, 2017). An area of improvement would be to include language specifically around protection of privacy. For example, currently HIPAA only applies to those providers who accept insurance, those who do not, are not subject to the HIPAA guidelines and penalties. Another area of improvement would be to periodically review HIPAA to ensure it is keeping up with all the new and updated technologies out there that could possibility result in a data breach. When HIPAA was created, breaches were mostly paper based, and the future of health information management was not taken into consideration. This could be achieved by requiring data encryption, which is currently voluntary. Currently, only 59% of all healthcare organizations utilize a full-disk or partial encryption software to protect their data (HIPAA Journal, 2015).