April 19th, 2012
Arizona Cardiac Surgeons Pay $100,000 to Settle HIPAA Violations
Larry Husten, PHD
An Arizona cardiac surgery group has agreed to pay $100,000 to resolve an investigation into potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In the agreement, the surgical group did not offer an admission of liability but did agree to implement a corrective action plan in addition to the payment.
According to the Health and Human Services Office for Civil Rights (OCR), the investigation of Phoenix Cardiac Surgery, PC, which is owned by two cardiac surgeons, Pierre Tibi and H. Kenith Fang, began when OCR received a report that the group’s clinical and surgical appointments were available to the public on an internet-based calendar. As part of its investigation, OCR discovered that the group had failed to implement policies and procedures to comply with HIPAA and “had limited safeguards in place to protect patients’ electronic protected health information (ePHI).”
OCR listed a number of specific problems:
Phoenix Cardiac Surgery failed to implement adequate policies and procedures to appropriately safeguard patient information;
Phoenix Cardiac Surgery failed to document that it trained any employees on its policies and procedures on the Privacy and Security Rules;
Phoenix Cardiac Surgery failed to identify a security official and conduct a risk analysis; and
Phoenix Cardiac Surgery failed to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage of and access to its ePHI.
“This case is significant because it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules,” said Leon Rodriguez, director of OCR, in an HHS press release. “We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.”
One of the co-owners of the group, Pierre Tibi, is a former president of the Phoenix Board of Directors of the American Heart Association and has been a principal investigator in several large clinical trials, including Primo CABG II and EVEREST II.
One Response to “Arizona Cardiac Surgeons Pay $100,000 to Settle HIPAA Violations”
NEJM Journal Watch — Recent Cardiology Articles- Strategies and Criteria for the Diagnosis and Management of Myocarditis
- Sex-Based Disparity in CABG Outcomes: Are We Moving Toward Parity?
- Can Genetic and Social Risk Scores Improve Cardiac Risk Prediction?
- Extensive Ablation vs. Pulmonary Vein Isolation in Persistent Atrial Fibrillation
- Can a Novel Stent Design Improve Long-Term Outcomes of Percutaneous Coronary Intervention?
total chickenpoop government minutiae…..