Phoenix Cardiac Surgery Group Data Breach (2005)

Phoenix Cardiac Surgery of Phoenix and Prescott, Ariz., has agreed to pay HHS a $100,000 settlement for its failure to comply with HIPAA privacy and security rules. From September 1, 2005 until November 1, 2009, Covered Entity daily transmitted ePHI from an Internet-based email account to workforce members’ personal Internet-based email accounts.