Intellectual Property, Information Technology & Cybersecurity

By: Brian C. Vick
Williams Mullen (North Carolina and Virginia, USA)

On April 17, 2012, the U.S. Department of Health and Human Service (“HHS”) announced that it had entered a Resolution Agreement with Phoenix Cardiac Surgery (“Phoenix”)

– a four-physician practice based in Arizona – following an investigation of alleged breaches of the HIPAA Privacy and Security Rules. Under the agreement, Phoenix will have to pay $100,000 and comply with a corrective action plan (“CAP”). Although neither the amount of this payment nor the scope of the CAP are particularly noteworthy standing alone, the settlement is significant in that it highlights the care that organizations must take in their handling of electronic protected health information (“ePHI”). Click here to read entire article.