A cardiac surgery practice in Phoenix likely wishes it had had access to this information. The federal government has fined the group $100,000 for posting patients' clinical and surgical appointments on an Internet calendar that was available to the public.
But the report published in local newspapers did not mention whether or not any patient information was compromised. Instead, the practice was taken to task for matters related more to HIPAA Compliance than leaked names:
- The practice was found to not have policies and procedures to safeguard patient information.
- The practice was found to have few safeguards to protect patient’s electronic health information.
- The practice did not document that it trained its employees on the HIPAA Privacy and Security Rules.
- The practice did not conduct a risk analysis, and had not identified a security official.
The price of all of these omissions was set when the practice agreed with the U.S. Department of Health and Human services to pay the $100,000 penalty. The practice, which has offices in both Phoenix and Prescott, AZ, further agreed to take steps to safeguard the health information of its patients.
We at the ChiroCode Institute feel that the price of this information is worth about one/tenth of one percent of that fine, and far less if you include the cost of bad Public Relations and legal expenses. If we had known that their HIPAA compliance procedures were not in place, we would have recommended that without delay they acquire a copy of our new book: Complete & Easy HIPAA Compliance, which is on sale at the InstaCode Store for just $149.00, a savings of $99,851.00 (plus shipping).
In fact, since the ChiroCode Institute also has personnel in Phoenix, for just 10% of what they spent on that fine, we would have driven it over to them ourselves.
Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress.