25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Buffalo Medical Group Says Alleged HIPAA Violations Are Unfounded

Last month, a breach notification letter was received by media outlets and at least one patient of the Buffalo Medical Group (BMG) warning that the protected health information (PHI) of certain patients had been impermissibly disclosed to an unauthorized individual. The letters were sent on BMG headed paper, and the letter indicated that it had been authored by three members of the BMG staff who chose to remain anonymous. The letter claims that the PHI of certain patients had been impermissibly disclosed and the privacy violations had been brought to the attention of a dermatologist at BMG, yet nothing had been done. The letter claimed that the privacy of patients was violated by a licensed practice nurse who had been disclosing patients’ PHI to a boyfriend. The offenses, which if true would have violated the Health Insurance Portability and Accountability Act (HIPAA), had allegedly taken place some years previously. According to the letter, when the nurse broke off the relationship in August 2015 the ex-boyfriend notified a dermatologist of the privacy violations. No action...

Read More
HIPAA Business Associate Notifies Patients of Data Breach
May03

HIPAA Business Associate Notifies Patients of Data Breach

EqualizeRCM Services, an Austin, TX-based vendor of billing services, is in the process of sending breach notification letters to patients to alert them to the potential exposure of their Protected Health Information after an employee’s laptop computer was stolen. At this stage it is unclear how many individuals have been impacted as the security breach has not yet been added to the Department of Health and Human Services’ Office for Civil Rights breach portal. Patients of the following healthcare facilities have been impacted by the data breach: Central Dallas Surgery Center Hermann Drive Surgical Hospital Kirby Surgical Center Microsurgery Institute (Houston, Dallas) Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas) Plano Surgical Hospital Southwest Freeway Surgery Center Victory Medical Center Houston The laptop computer contained a number of unencrypted documents which could potentially be accessed by unauthorized individuals. The documents did not contain any Social Security numbers or financial account numbers, although personally identifiable information and...

Read More
Review of Medicare Administrative Contractors Shows 8pc Annual Rise in Data Security Gaps
May02

Review of Medicare Administrative Contractors Shows 8pc Annual Rise in Data Security Gaps

An annual review of Medicare administrative contractors (MAC) conducted by Pricewaterhouse Coopers (PwC) on behalf of the Office of Inspector General revealed 129 data security gaps existed in 2014, representing an increase of 8% from the previous year. The Social Security Act requires the information security programs of all MACs to be assessed by an independent entity on an annual basis. This year PwC was contracted to assess all nine MACs on the eight major requirements of the Federal Information Security Management Act of 2002 (FISMA) in addition to the Centers for Medicare and Medicaid Services (CMS) core security requirements. Data security gaps are defined as the incomplete implementation of FISMA or CMS core security requirements. Each data security gap is rated as high risk, medium risk, or low risk. For high and medium risk data security gaps, each MAC must develop an action plan to address the issues and the CMS is required to follow up and ensure that those data security gaps have been addressed. PwC discovered 18 high risk, 45 medium risk, and 66 low risk gaps. The...

Read More

Verizon: Human Error the Main Cause of Security Incidents

The Verizon 2016 Data Breach Investigations Report was released this week. The biggest cause of security incidents over the past 12 months has been what Verizon calls “miscellaneous errors,” a category which includes misconfigured IT systems, improper disposal of company data, lost and stolen devices and email errors. In the case of the latter, 26% of breaches were caused by individuals emailing data to incorrect individuals. Weak passwords continue to cause organizations problems. 63% of confirmed data breaches were attributed to either poor passwords, default login credentials that had not been changed, or the use of stolen login credentials. Cyberattacks are often made possible due to the failure to install patches promptly. In the majority of cases, hackers exploit vulnerabilities that have existed for months, even though patches have been made available. Verizon reports that 85% of successful exploits of took advantage of the top 10 known vulnerabilities. The biggest cause of data breaches this year is web application attacks, which have increased by 33% since the 2015 report....

Read More

American Dental Association Mails Malware-Infected USB Drives to Members

A recent mailing sent to American Dental Association (ADA) members included a USB stick containing malware. The USB drive contained a file with code that directed users to a domain which could enable cybercriminals to install malware, potentially allowing them to gain control of computers. The USB stick sent by the ADA was a credit card-sized drive that can be plugged into a laptop computer or a desktop. The device was used to send an electronic copy of the 2016 CDT manual containing dental procedure codes. One recipient of the device decided to check the contents of the USB stick on a spare machine as he was wary of using the device on a machine that contained sensitive data. He discovered the drive contained an HTML launcher in a hidden iframe that contained a potentially malicious URL with a Chinese ccTLD. An autorun file was also included on the device according to his DLS Reports post. ADA was informed about the malware infection and an investigation was launched. ADA informed Krebs on Security that the infection was introduced on certain devices during production in China....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist