Surgery practice fined $100K for posting patient appointments online

After posting patient appointments in an unsecured calendar online, Phoenix (Ariz.) Cardiac Surgery was fined $100,000 by the U.S. Department of Health & Human Services. Leon Rodriguez, director of the Office for Civil Rights, called the case as a multi-year and continuing failure to comply with HIPAA. Additionally, according to HHS, the facility had no documentation of HIPAA training for its employees. "We hope that healthcare providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity," Rodriguez said. Announcement