My Account

Two-Owner Physician Practice Pays $100,000 to Settle Claims of HIPAA Violations


A recent case indicates that the government is looking into HIPAA violations by small medical practices as well as large institutional providers, and the results can be expensive.

Following an investigation by the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) into potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), HHS recently entered into a $100,000 settlement with Phoenix Cardiac Surgery, P.C. (Phoenix) that required Phoenix to take corrective action to implement policies and procedures to safeguard protected health information of its patients. Phoenix is a two-owner medical practice.

The OCR initiated its investigation of Phoenix based on a report that Phoenix was posting clinical and surgical appointments for patients on a public calendar on the Internet. Such information is considered electronic protected health information under HIPAA. The investigation showed that Phoenix had not implemented adequate policies and procedures to comply with the HIPAA Privacy and Security Rules, based on the following findings:

The settlement agreement required Phoenix to pay $100,000 and enter into a corrective action plan to ensure compliance with the HIPAA Privacy and Security Rules. This settlement highlights the fact that the OCR will investigate even small medical practices for HIPAA violations and that all practices must be aware of their obligations under the HIPAA Privacy and Security Rules.

If you would like more information about the information discussed in this Alert, please contact a member of the Health Care Practice Group at Flaster Greenberg P.C.

Practice Areas

In light of recent changes to data protection laws, we have updated our Privacy Policy and Terms & Conditions, which explain how we collect, use, maintain, and secure your information. By using this site, you agree to our updated Privacy & Terms of Use Policies