HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards
Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, AZ, has agreed to pay the U.S. Department of Health and Human Services a $100,000 settlement amount and a corrective action plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules. OCR’s investigation found that the physician practice was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible.
Further, Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic health information (ePHI).
See source: http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html