HHS Reaches $100 K Settlement with Provider for HIPAA Violations
HEALTHCARE PRIVACY—U.S.April 18, 2012
According to an HHS press release, Phoenix Cardiac Surgery, P.C., has agreed to pay the U.S. Department of Health and Human Services (HHS) $100,000 and implement corrective measures and policies after an investigation revealed a number of HIPAA violations. An HHS Office for Civil Rights (OCR) probe uncovered HIPAA breaches that included the posting of clinical and surgical data to publicly accessible Internet calendars and limited electronic health record safeguards. OCR Director Leon Rodriguez said, "This case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rule...We hope that healthcare providers pay careful attention to this resolution agreement...and OCR expects full compliance no matter the size of a covered entity."