Phoenix Cardiac Surgery of Phoenix and Prescott, Ariz., has agreed to pay HHS a $100,000 settlement for its failure to comply with HIPAA privacy and security rules.
Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.
The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:
• Failure to implement adequate policies and procedures to appropriately safeguard patient information;
• Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
• Failure to identify a security official and conduct a risk analysis;
• Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.
Titus Regional Medical Center Nurse Fired Over HIPAA Violation
HIPAA Violations Abounded in 2011
Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.
The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:
• Failure to implement adequate policies and procedures to appropriately safeguard patient information;
• Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
• Failure to identify a security official and conduct a risk analysis;
• Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.
More Articles on HIPAA Violations:
Text Message Use Among Providers Raise HIPAA ConcernsTitus Regional Medical Center Nurse Fired Over HIPAA Violation
HIPAA Violations Abounded in 2011