Skip to main content
U.S. flag

An official website of the United States government

Return to Search

Phoenix Cardiac Settlement Landing Page

This is a settlement

Final

Issued by: Office for Civil Rights (OCR)

HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards

Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, AZ, has agreed to pay the U.S. Department of Health and Human Services a $100,000 settlement amount and a corrective action plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules. OCR’s investigation found that the physician practice was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible.

Further, Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic health information (ePHI).

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.