Health Data Management, April 17, 2012
BEI Commentary: For those of you who think that the HIPAA police are only after hospitals and payers, think again. This article states that an Arizona based cardiology practice was fined $100,000 for sloppy HIPAA practices related to their IT infrastructure.
Phoenix Cardiac Surgery, P.C, with offices in Phoenix and Prescott, Ariz., will pay a $100,000 fine and implement a corrective action plan under a resolution agreement with the HHS Office for Civil Rights following HIPAA privacy and security rule violations.
OCR began an investigation after learning that the physician practice was posting clinical and surgical appointments on an Internet-based calendar that was publicly accessible, according to an April 17 announcement from the agency. The investigation found that the practice had few policies and procedures to comply with the privacy and security rules.
“This case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” OCR Director Leon Rodriguez said in the announcement. Read More