HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards

Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, AZ, has agreed to pay the U.S. Department of Health and Human Services a $100,000 settlement amount and a corrective action plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules. OCR’s investigation found that the physician practice was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible.

Further, Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic health information (ePHI).

Read the Resolution Agreement and CAP
For Information on OCR’s Enforcement Activities
Read the HHS Press Release
To File a Health Information Privacy or Security Complaint

Content created by Office for Civil Rights (OCR)
Content last reviewed June 7, 2017

HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards

Subscribe to Email Updates