On the heels of its $1.5 million settlement with a large payor, Blue Cross Blue Shield of Tennessee, the Department of Health and Human Services Office for Civil rights (OCR) announced on April 17, 2012, that it settled with a small physician practice for HIPAA violations. Phoenix Cardiac Surgery, P.C., a practice owned by two physicians, entered into a settlement agreement [PDF] and agreed to pay $100,000 after OCR found the practice lacked adequate HIPAA safeguards.
Over a year-and-a-half period, the practice posted 1,000 entries of ePHI on a publically accessible, Internet-based calendar. In addition, over three years the practice transmitted ePHI on a daily basis over an Internet-based email account to workforce members' personal Internet-based email accounts. OCR, after investigation of a complaint, found that the physician practice failed to...
Please see full publication below for more information.