News | April 19, 2012

Cardiac Surgery Center Pays $100,000 for HIPAA Violations Due to Patient Scheduler


April 19, 2012 - Phoenix Cardiac Surgery P.C., of Phoenix and Prescott, Ariz., has agreed to pay the U.S. Department of Health and Human Services (HHS) a $100,000 settlement and take corrective action to implement policies and procedures to safeguard the protected health information of its patients.

The settlement with the physician practice follows an extensive investigation by the HHS Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

The incident giving rise to OCR’s investigation was a report that the physician practice was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible. On further investigation, OCR found that Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic protected health information (ePHI).

“This case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements
of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR. “We hope that healthcare providers pay careful attention to
this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”

OCR’s investigation also revealed the following issues:

  • Phoenix Cardiac Surgery failed to implement adequate policies and procedures to appropriately safeguard patient information;
  • Phoenix Cardiac Surgery failed to document that it trained any employees on its policies and procedures on the Privacy and Security Rules;
  • Phoenix Cardiac Surgery failed to identify a security official and conduct a risk analysis; and
  • Phoenix Cardiac Surgery failed to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage of and access to its ePHI.


Under the HHS resolution agreement, Phoenix Cardiac Surgery has agreed to pay a $100,000 settlement amount and a corrective action
plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules.

Individuals who believe that a covered entity has violated their (or someone else’s) health information privacy rights or committed another violation of the HIPAA Privacy or Security Rule may file a complaint with OCR at: www.hhs.gov/ocr/privacy/hipaa/ complaints/index.html

The HHS Resolution Agreement can be found at: www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/pcsurgery_agreement.pdf

For more information: www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/index.html.


Related Content

Feature | Information Technology | By Melinda Taschetta-Millane

​The Healthcare Information and Management Systems Society (HIMSS) Global Health Conference and Exhibition brought ...

Home May 01, 2024
Home
Feature | Information Technology

Providing exceptional cardiovascular care for patients to achieve the best possible outcomes is the number one goal for ...

Home March 21, 2024
Home
News | Information Technology

March 7, 2024 — Siemens Healthineers has launched an app designed for Apple Vision Pro that enables users such as ...

Home March 07, 2024
Home
News | Information Technology

November 14, 2023 — To help provide clinicians a comprehensive workflow, GE HealthCare is working towards the seamless ...

Home November 14, 2023
Home
Feature | Information Technology | By Melinda Taschetta-Millane

Healthcare is constantly evolving, finding new ways to innovate and advance digital tools and technology. With this ...

Home July 14, 2023
Home
Videos | Information Technology

HIMMS is working to bring empirical knowledge and evidence of value and impact of digital maturity measured by the HIMSS ...

Home May 17, 2023
Home
Videos | Information Technology

Healthcare is constantly evolving, finding new ways to innovate and advance digital tools and technology. With this ...

Home May 11, 2023
Home
Feature | Information Technology

Many cardiology departments face significant challenges meeting regulatory requirements, quality metrics, and ...

Home February 10, 2023
Home
Case Study | Information Technology

This case study from Change Healthcare presents the following: Customer: Washington Health System Washington, PA ...

Home January 10, 2023
Home
News | Information Technology

February 24, 2022 — Imagine that you are admitted to hospital. A smart scheduling system ensures you have a bed; you ...

Home February 24, 2022
Home
Subscribe Now