HIPAA Enforcement Comes To Small Providers

Law360, New York (April 24, 2012, 1:41 PM EDT) -- The U.S. Department of Health and Human Services' Office for Civil Rights action arose from allegations that the covered entity, Phoenix Cardiac Surgery PC, did not implement proper safeguards to protect the privacy and security of protected health information (PHI) and electronic PHI (ePHI), failed to provide proper training to its workforce, and failed to obtain proper assurances from business associates to ensure privacy and security.

In particular, the resolution agreement noted that the covered entity posted over 1,000 entries of ePHI on a publicly accessible...
To view the full article, register now.