Phoenix Cardiac Surgery has also agreed take corrective action to implement policies and procedures to safeguard patient information. The HHS Office for Civil Rights investigated Phoenix Cardiac Surgery after a report surfaced that the physician practice was posting clinical and surgical appointments for its patients on a publicly accessibly Internet-based calendar.
The investigation found that Phoenix Cardiac had implemented limited policies to protect patient electronic health information violating HIPAA privacy and security rules in the following ways:
• Failure to implement adequate policies and procedures to appropriately safeguard patient information;
• Failure to document training of employees on policies and procedures in the HIPAA privacy and security rules;
• Failure to identify a security official and conduct a risk analysis;
• Failure to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage and access to its electronic patient health information.
More Articles on HIPAA:
HIMSS: Improved HIPAA Compliance Has Not Increased Data Security
Going “Social”: Monitoring and Addressing HIPAA violations on Social Media
CMS to Hold Off Enforcement of HIPAA Version 5010 Standards Until March 2012
At the Becker’s 32nd Annual Meeting: The Business and Operations of ASCs, taking place October 29-31 in Chicago, ASC leaders, surgeons and healthcare executives will explore strategies to drive growth, enhance operational performance, navigate reimbursement challenges and prepare for the future of ambulatory surgery. Apply for complimentary registration now.
