Phoenix Cardiac Surgery — $100,000
In February 2009 the U.S. Office for Civil Rights (OCR) began a Health Insurance Portability and Accountability Act (HIPAA) investigation of Phoenix Cardiac Surgery, a small Arizona-based physician group, after receiving a notice that the group was publicly posting doctors’ appointments on its website. What had most likely started out as a matter of convenience for the practice soon became a hassle, as the investigation lasted three years.
The OCR found that the group had failed to perform a risk assessment, appoint a security official, create a plan for protecting patient information and inform employees of that plan. Phoenix Cardiac ultimately received a $100,000 monetary sanction.
Don't miss Part 3 next month!