HIPAA violations; one of those things you watch happen to others, but never see happening to yourself… and then it does. This is the current reality for a small cardiothoracic practice in Prescott, Arizona. While this penalty ($100,000) may shy in comparison to 2011’s $4.3 million HIPAA penalty assessed to Cignet Health in Maryland, this is no fine any organization would wish to incur.

The U.S. Department of Health and Human Services (HHS) certainly has administrators and physicians alike walking on eggshells with the passage of The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the amendments which have followed. As Social Media grows and patients feel a greater desire to interact with their physician’s online, the risk of a breach increases. In this case, Phoenix Cardiac Surgery created an online appointment calendar for patients to view; the problem with their idea to create an easy portal for patients was the fact they were openly exposing scheduled individuals to the public. Within HIPAA, it is stated that any “covered entity” cannot release protected health information; anything that identifies the patient (name, birthdate, address).

Like every good story, we must take away a moral, or lesson learned. As healthcare professionals, we are all aware of HIPAA and the regulations placed upon us. To avoid substantial penalties such as the one discussed, we must simply be prepared. Policies and procedures must be in place to protect patients’ private information and a valiant effort must be made to remain consistent with our moderation. As an administrator or physician, steps must be taken to ensure all members of the practice are aware of HIPAA guidelines and that boundaries are not crossed. Take the time to understand what regulations are placed upon your practice and revise policies and procedures accordingly. It’s also critical that you work with vendors who understand our industry’s regulations and how to keep you HIPAA compliant. These third party vendors make decisions on your behalf and as this practice found out, can open you up to major liabilities and fines if they do not understand how to best protect patient privacy. What may take your valuable time to correct could save your practice from incurring massive fines.