Phoenix Cardiac Surgery Group Pays $100K in HIPAA Violation Settlement

Phoenix Cardiac Surgery of Phoenix and Prescott, Ariz., has agreed to pay HHS a $100,000 settlement for its failure to comply with HIPAA privacy and security rules.

Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.

The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:  

•    Failure to implement adequate policies and procedures to appropriately safeguard patient information;
•    Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
•    Failure to identify a security official and conduct a risk analysis;
•    Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.

More Articles on HIPAA Violations:

Text Message Use Among Providers Raise HIPAA Concerns
Titus Regional Medical Center Nurse Fired Over HIPAA Violation
HIPAA Violations Abounded in 2011

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars