The U.S. Department of Health and Human Services (HHS) announced this week that Arizona-based Phoenix Cardiac Surgery, P.C. has agreed to pay a $100,000 settlement and implement corrective actions to protect patient information.
An extensive investigation by the HHS Office for Civil Rights was launched because the practice was reportedly posting patients’ appointments on a publicly available Web-based calendar. It was determined that the physician practice had few procedures, policies, and safeguards in place to protect patients’ health information and comply with the privacy and security rules of the Health Information Portability and Accountability Act of 1996 (HIPAA). Failures included the lack of an identified security official and risk analysis, and no documentation of employee training on HIPAA-related policies and procedures, among others.
Using a HIPAA-ready medical billing solution like the latest versions of Medisoft, Lytec, or Allscripts MyWay is an important step toward compliance with HIPAA, but other factors need to be considered and other procedures and policies need to be in place. Contact a Microwize Technology healthcare technology consultant for more information.