Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.
The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:
• Failure to implement adequate policies and procedures to appropriately safeguard patient information;
• Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
• Failure to identify a security official and conduct a risk analysis;
• Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.
More Articles on HIPAA:
HIMSS: Improved HIPAA Compliance Has Not Increased Data Security
Going “Social”: Monitoring and Addressing HIPAA violations on Social Media
CMS to Hold Off Enforcement of HIPAA Version 5010 Standards Until March 2012
At the Becker's 23rd Annual Spine, Orthopedic and Pain Management-Driven ASC + The Future of Spine Conference, taking place June 11-13 in Chicago, spine surgeons, orthopedic leaders and ASC executives will come together to explore minimally invasive techniques, ASC growth strategies and innovations shaping the future of outpatient spine care. Apply for complimentary registration now.
