HHS Settles Case with Phoenix Cardiac Surgery for Lack of HIPAA Safeguards

Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, AZ, has agreed to pay the U.S. Department of Health and Human Services a $100,000 settlement amount and a corrective action plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules. OCR’s investigation found that the physician practice was posting clinical and surgical appointments for their patients on an Internet-based calendar that was publicly accessible.

Further, Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic health information (ePHI).

• Read the Resolution Agreement and CAP
• For Information on OCR’s Enforcement Activities
• Read the HHS Press Release
• To File a Health Information Privacy or Security Complaint