Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.
The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:
• Failure to implement adequate policies and procedures to appropriately safeguard patient information;
• Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
• Failure to identify a security official and conduct a risk analysis;
• Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.
More Articles on HIPAA:
HIMSS: Improved HIPAA Compliance Has Not Increased Data Security
Going "Social": Monitoring and Addressing HIPAA violations on Social Media
CMS to Hold Off Enforcement of HIPAA Version 5010 Standards Until March 2012
Phoenix Cardiac Surgery Group Pays $100K Settlement for HIPAA ViolationWritten by Kathleen Roney | April 18, 2012
Phoenix Cardiac Surgery of Phoenix and Prescott, Ariz., has agreed to pay HHS a $100,000 settlement for its failure to comply with HIPAA privacy and security rules.
© Copyright ASC COMMUNICATIONS 2011. Interested in LINKING to or REPRINTING this content? View our policies here.