Interesting article about the need for practices of all sizes to review their patient information practices, whether it’s through e-mail, posted on patient portals or within the office.  LightEdge can help your practice with secure hosted infrastructure, e-mail encryption and IT consulting to ensure that your practice complies with HIPAA standards.

 

$100,000 HIPAA fine designed to send message to small physician practices

After avoiding levying fines to small groups for patient privacy and security violations, the government issues its first penalty against one.

By Pamela Lewis Dolan, amednews staff. Posted May 2, 2012.

In announcing a resolution settlement with a cardiac surgery practice, the Dept. of Health and Human Services’ Office for Civil Rights issued a warning to doctors: No matter the size of your practice, you will be held accountable for HIPAA violations.

On April 17, Phoenix Cardiac Surgery, a five-physician practice with offices in Phoenix and Prescott, Ariz., became the first small practice to enter into a resolution agreement that included a civil money penalty over charges that it violated the Health Insurance Portability and Accountability Act Privacy and Security Rules (hhs.gov/ocr/privacy/hipaa/enforcement/examples/
pcsurgery_agreement.pdf
). The practice agreed to pay $100,000 and take corrective actions.

The HHS Office for Civil Rights launched an investigation after a complaint was filed alleging that the practice was posting surgery and appointment schedules on an Internet-based calendar that was publicly accessible. Susan McAndrew, the HHS office’s deputy director of health information privacy, said when the office started working with the practice to resolve the issue, it became clear that the practice, owned by two of the five practicing surgeons, had done little to comply with HIPAA Privacy and Security Rules since the regulations were implemented in 2003 and 2004, respectively.

Read the Full Article