HIPAA Privacy Rule

By Anna Kraus

The Department of Health and Human Services (HHS) announced on Tuesday that Phoenix Cardiac Surgery, P.C. (Phoenix) agreed to pay $100,000 and implement a corrective action plan to come into full compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  HHS had been investigating the Arizona physician practice for potential violations of the HIPAA Privacy and Security Rules.

The investigation began when HHS received a report that Phoenix was posting clinical and surgical appointments for patients on an Internet-based calendar that was accessible by the public.  Upon further investigation, HHS determined that the physician practice had, among other things, failed to:

  • implement appropriate and reasonable administrative and technical safeguards to protect the privacy of protected health information (PHI)
  • identify a security officer and conduct the risk assessment required by the HIPAA Security Rule
  • enter into business associate agreements with its Internet-based calendar provider and Internet-based public e-mail provider
  • document that it trained any employees on HIPAA policies and procedures

Continue Reading HHS Settles HIPAA Case With Heart Surgery Center

By Anna Kraus

The Department of Health and Human Services (HHS) has submitted to the Office of Management and Budget (OMB) the long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act. 
Continue Reading Final HIPAA/HITECH Rule Expected by July