25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

$3.5 Million Mindpath Health Data Breach Settlement Gets First Nod
Dec01

$3.5 Million Mindpath Health Data Breach Settlement Gets First Nod

A California Superior Court judge has given preliminary approval to a settlement to resolve litigation against Community Psychiatry Management, LLC, operating as Mindpath Health, to resolve a class action lawsuit stemming from two email data breaches in 2022 that affected 193,947 individuals. Mindpath Health is a California-based mental health service provider serving patients in seven U.S. states. In March 2022 and again in June 2022, unauthorized individuals gained access to Microsoft Office 365 business accounts that contained the protected health information of Mindpath Health patients and other individuals. The breach was discovered in June during a routine audit of its email environment, which identified suspicious account activity. The investigation confirmed that two email accounts had been subject to unauthorized access in March and June 2022, exposing names, addresses, Social Security numbers, dates of birth, medical diagnoses, prescriptions, treatment information, and health insurance information. Notification letters were sent to the affected individuals on January 10,...

Read More
Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products
Dec01

Health Plan Members’ PHI Exposed in Cyberattack on Fieldtex Products

Data breaches have been announced by Fieldtex Products in New York State and the Utah ear, nose & throat specialists, Cache Valley Ear ENT. Fieldtex Products, New York Fieldtex Products, a medical supply fulfillment organization based in Rochester, New York, has announced a data security incident involving unauthorized access to its computer systems. The intrusion was identified on August 19, 2025, and action was immediately taken to secure its network and prevent further unauthorized access. A third-party digital forensics team was engaged to investigate the incident, which confirmed that a limited amount of protected health information had been exposed and may have been accessed or stolen in the attack. The exposed data related to the over-the-counter healthcare-related products provided by Fieldtex to members of its health plan clients. In order to provide those products, health plans provided Fieldtex with protected health information such as patient names, addresses, dates of birth, insurance member identification numbers, plan names, effective terms, and gender. The...

Read More
HIPAA Compliance for Urgent Care Clinics
Nov29

HIPAA Compliance for Urgent Care Clinics

Due to the emotions that can manifest during emergency events, HIPAA compliance and urgent care do not go hand-in-hand, providing a challenge for urgent care clinics. It can also be the case that shortcuts are taken with compliance during emergency events in order to administer urgent care as quickly as possible. These factors can lead to multiple HIPAA violations, and staff dealing with emergencies need standard HIPAA training and also additional HIPAA training for emergency situations. There has been an increasing amount of research done into the role of emotions in clinical decision-making and patient safety in urgent care settings. The conclusions tend to be that more needs to be done via training initiatives “to promote awareness of emotional influences and consider strategies for managing these influences”. While HIPAA compliance does not have the same importance as optimizing patient safety, it too can be influenced by emotions. This is especially true in the context of HIPAA compliance and urgent care due to the serious nature of injuries treated in urgent care environments...

Read More
Main Line Fertility Center Settles Tracking Technology Lawsuit
Nov28

Main Line Fertility Center Settles Tracking Technology Lawsuit

Main Line Fertility Center in Pennsylvania will pay cash payments to individuals whose sensitive data may have been disclosed to third parties via website tracking technologies. Like many healthcare providers, Main Line Fertility Center deployed third-party tracking tools and analytics code on its public website, including Meta Pixel. While these tools can provide valuable data to website owners, their use is problematic in healthcare due to the potential for sensitive data to be transferred to the providers of those tools. Depending on how and where these tools are deployed, they can potentially transfer personally identifiable and health information to those third parties. In the case of Main Line Fertility Center, it was alleged to have used these tools without patients’ knowledge or consent, resulting in individually identifiable information being transferred to third parties, such as Meta. Anonymous plaintiff Jane Doe filed a lawsuit – Jane Doe v. Main Line Fertility, Ltd. – in the Court of Common Pleas of Philadelphia County, Pennsylvania, alleging the use of these...

Read More
Data Breaches Announced by Ennoble Care & Circa Health; Dermatology Associates of Concord
Nov28

Data Breaches Announced by Ennoble Care & Circa Health; Dermatology Associates of Concord

Data breaches have recently been announced by Ennoble Care & Circa Health in New Jersey and Dermatology Associates of Concord in Massachusetts. Ennoble Care/Circa Health, New Jersey Ennoble Care & Circa Health, LLC, a Hackensack, NJ-based provider of primary care, palliative care, and hospice services to individuals in Georgia, Kansas, Maryland, New York, New Jersey, Oklahoma, Pennsylvania, Virginia, and Washington, D.C., has announced an email account breach that was identified on April 17, 2025. Ennoble Care said the investigation into the incident is ongoing; however, it has been determined that patient information has been exposed and may have been obtained by an unauthorized individual. The types of information involved include names, addresses, dates of birth, hospice status, status dates, and orders status (CTI, SN, MSW, CH, HHA, etc.). No evidence was found to indicate that its cloud-based electronic health record was compromised. While no evidence has been found to indicate misuse of the exposed data, the affected individuals have been advised to remain vigilant...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist