25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Mail Delivery Truck Stolen: 2400 Inland Empire Health Plan Members’ PHI Exposed
Apr25

Mail Delivery Truck Stolen: 2400 Inland Empire Health Plan Members’ PHI Exposed

Kaiser Permanente is in the process of notifying 2,400 members of the Inland Empire Health Plan of the theft of Evidence of Coverage handbooks from a mail delivery truck. The names and addresses of plan members were also exposed. The data, which are classed as Protected Health Information under the Health Insurance Portability and Accountability Act, were stolen from a mail delivery truck at some point between March 12 and March 14, 2016. In a breach of Kaiser Permanente’s vendor mail delivery policies, the truck containing the handbooks was left unattended in a non-secure area. It would appear that the delivery truck had been left in a parking lot in the city of Santa Clarita, CA., over the weekend. Thieves gained entry to the vehicle and drove it to an unspecified location where they robbed the vehicle of its contents. The theft was reported to law enforcement in Santa Clarita and the vehicle was subsequently recovered, but not the Evidence of Coverage handbooks. The handbooks were for California Medi-Cal members in Southern California. Kaiser Permanente does not believe the...

Read More

Flash Drive Theft Exposes PHI of 2700 Oneida Health Center Dental Clinic Patients

An unencrypted flash drive containing the protected health information of 2,700 patients of the Oneida Health Center Dental Clinic has been discovered to be missing. The portable storage device is believed to have been stolen internally and an investigation into the theft is still being conducted by the dental clinic. Local law enforcement was also notified and an investigation was conducted, although the flash drive has not been recovered. The drive was stolen from the Oneida Health Center on the Oneida Reservation at 525 Airport Drive on February 17, 2016. The device contained a limited amount of patient data including patient names, patient identification numbers, and dental insurance identification numbers. Patients affected by the breach had visited the dental clinic between February 2, 2015 and February 17, 2016. No Social Security numbers, dates of birth, or financial information were stored on the device. Patients have now been notified of the breach by mail in accordance with Health Insurance Portability and Accountability Act Rules. Oneida Health Center has no reason to...

Read More

Wyoming Medical Center Phishing Attack Exposes PHI of 3,184 Patients

A phishing attack on Wyoming Medical Center of Casper in February has resulted in the exposure of 3,184 patients’ protected health information. Two employees clicked on links contained in phishing emails and compromised their accounts. The first employee to fall for the phishing scam clicked on the link on February 22, 2016, with the second employee falling for the scam three days later. Wyoming Medical Center quickly became aware that email accounts had been compromised because the accounts were used by the attackers to send spam emails to other hospital employees. According to a statement released by hospital spokeswoman Kristy Bleizeffer, access to the email accounts was gained for 15 minutes only. As soon as the intrusion was discovered, IT staff started updating passwords to lock out the attackers. An investigation into the breach did not uncover any evidence to suggest emails were accessed by the attacker. Due to the limited time that the email accounts were compromised it is unlikely that the attackers succeeded in gaining access to the PHI of patients. An investigation into...

Read More
New York Hospital Fined $2.2 Million for Unauthorized Filming of Patients
Apr22

New York Hospital Fined $2.2 Million for Unauthorized Filming of Patients

The Department of Health and Human Services’ Office for Civil Rights (OCR) has fined New York Presbyterian Hospital (NYP) $2.2 million for allowing patients to be filmed for a TV show without obtaining prior permission from the patients. In 2011, an ABC crew was permitted to film inside NYP facilities for the show “NY Med” featuring Dr. Mehmet Oz. A number of patients were filmed including a dying man and another patient who was seriously distressed. The footage was aired in 2012. Authorization to film had been given by NYP, although not all patients gave their consent to be filmed. One of the patients was Mark Chanko. He had been rushed to hospital after being hit by a sanitation truck. He was filmed receiving treatment from chief surgery resident Sebastian Schubl. Despite the best efforts of Schubl, Chanko died from the injuries sustained in the accident. Chanko had not given NYP permission to film him. To hide his identity ABC used blurring and voice alteration software. This did not prevent the crew from viewing Chanko’s PHI and it was not sufficient to hide his identity from...

Read More

Patient Treatment Centers of America Notifies Patients of Hacking Incident

Patient Treatment Centers of America (PTCOA) and Interventional Surgery Institute (ISI) are notifying patients of a security breach suffered by third party vendor Bizmatics. Bizmatics operates PrognoCIS; an electronic health record and practice management tool used by a number of large number of healthcare organizations including PTCOA. PTCOA uses PrognoCIS to store and organize patient medical files. Earlier this year PTCOA/ISI were notified by Bizmatics of a cyberattack that resulted in hackers gaining access to the company’s data servers. Data stored by PrognoCIS EHR software were potentially compromised in the attack. The information potentially accessed includes patients’ medical records (visit information, diagnoses, treatment data etc.), personal information such as names and addresses, health insurance information, Driver’s License numbers, other ID numbers, and in some cases, Social Security numbers. According to the breach notice submitted to the Department of Health and Human Services’ Office for Civil Rights, 19,397 PTCOA patients have been affected by the Bizmatics...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist