Phoenix Cardiac Surgery Group Settles with HHS

When Health & Human services goes after medical institutions for HIPAA violations, ones that comes as a result of not being careful enough with patients personal health information, they’re usually going after big-time hospitals. A recent fine levied against Phoenix Cardiac Surgery, P.C. View Full Post
One April 17, 2012, the United States Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement with Phoenix Cardiac Surgery (“PSC”) for alleged violations of the HIPAA Privacy and Security Rules.  OCR initiated an investigation in February 2009 in response to a complaint that alleged that PSC had “impermissibly disclosed electronic protected health information by making it publicly available on the Internet.” View Full Post
On April 17, 2012, the HHS Office of Civil Rights (OCR) announced a settlement and corrective action plan with Phoenix Cardiac Surgery, P.C. (Phoenix), a small cardiology practice based in Phoenix and Prescott, Arizona. More specifically, Phoenix has agreed to pay $100,000 to settle allegations of HIPAA violations arising out of an investigation conducted by OCR. View Full Post
Do you think a two-physician cardiology group is too small for the feds to fine for  alleged HIPAA violations? Phoenix Cardiac Surgery, P.C.  (PCS) has learned otherwise the hard way, to the tune of $100,000. As this blog has noted, almost all enforcement to date has been against large insurers or major hospitals and not community hospitals or physician practice groups,  and  enforcement has largely been low-hanging fruit of failure to comply on a timely basis with notice requirements. View Full Post
If your company needs another reminder that policies and procedures, risk assessments, documentation and training are critical elements for HIPAA compliance programs, we have another corrective action plan – and monetary fine – that should be utilized as a “teachable moment” for health care providers and business associates alike.    View Full Post
In the past month, the Department of Health and Human Services (“HHS”) sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules to the White House Office of Management and Budget (“OMB”) and announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. View Full Post
The HHS Office for Civil Rights (OCR) received a report that a physician practice, Phoenix Cardiac Surgery (PCS), was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible.  OCR investigated and found that PCS  had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic protected health information (ePHI).  View Full Post
On April 17th, Phoenix Cardiac Surgery, P.C. agreed to pay a $100,000 fine and put in place a corrective action plan under a resolution agreement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) following an extensive investigation into the health care provider’s HIPAA privacy and security practices. View Full Post
Cardiac Surgery MD Group Agrees to Pay $100,000 Settlement to HHS for Lack of HIPAA safeguards And the HIPAA money keeps rolling to the feds. The latest settlement (announced today) is with a cardiac surgery physician group in Phoenix, Arizona, which has agreed to pay a hefty sum after someone reported to HHS that the MD group was potentially compromising patients’ PHI by posting appointments on an internet-based calendar, which prompted OCR to then investigate and find the physicians to be out of compliance with HIPAA’s safeguards.   View Full Post