News & Views

Breaking Benefits News

$100,000 HIPAA Violation.

A failure to have adequate HIPAA policies, train staff, appoint a security officer or conduct even a rudimentary risk analysis are all factors that led to the Department of Health and Human Services’ Office of Civil Rights (OCR) settlement with a Phoenix Cardiac Surgery group for $100,000 and a corrective action plan. This matter had its genesis in a complaint filed with the OCR because the Cardiac Surgery group posted patient appointments on an on-line publicly accessible calendar. This settlement demonstrates both the vigor with which the OCR is investigating matters, as well as the urgent need for even smaller medical groups to maintain HIPAA compliant policies and procedures that would allow for the defense of an OCR investigation.

Printable PDF