25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Raleigh Orthopaedic Clinic Settles for 750K for Lack of BAA
Apr20

Raleigh Orthopaedic Clinic Settles for 750K for Lack of BAA

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced a settlement has been reached with Raleigh Orthopaedic Clinic, P.A., of North Carolina over alleged violations of HIPAA Rules. Raleigh Orthopaedic has agreed to pay OCR $750,000 for failing to enter into a business associate agreement (BAA) with a vendor before handing over the protected health information (PHI) of 17,300 patients in 2013. OCR launched an investigation into a data breach reported by Raleigh Orthopaedic on April 30, 2013. Raleigh Orthopaedic had agreed to provide a potential business associate (BA) with X-ray films in order to have images transferred to a digital format. The company was allowed to recycle the original films to recover the silver after the images had been transferred to an electronic format. However, the agreement was reached over the telephone and no BAA was obtained. Prior to providing the company with the X-Rays Raleigh Orthopaedic should have issued a BAA and obtained a signed copy. The BAA should have detailed the responsibilities the company had to ensure...

Read More

A Decade of Data Breaches: Healthcare Industry Data Breaches Have Exposed 176.5 Million Records

For more than a decade the Identity Theft Resource Center (ITRC) has been keeping track of data breaches in the United States. The ITRC data breach list has been growing steadily over the years, although in recent years the number of data breaches has grown substantially. This week a new milestone was reached. The total number of data breaches recorded by ITRC has exceeded 6,000. More than 851 million records have been exposed since ITRC first started keeping records in 2005, and the last 10 years have seen a 397% increase in data breaches. ITRC’s analysis of data breaches covers all industry sectors. The organization’s analysts determined that 32.7 percent of data breaches resulted in the exposure of Social Security numbers – or 245.2 million records. Since 2010, 142 million Social Security numbers have been exposed in data breaches. Healthcare industry data breaches accounted for 16.6% of Social Security number exposures. ITRC figures show that healthcare industry breaches have resulted in the exposure of over 176.5 million records since the organization first started tracking...

Read More

PHI of Alabama CVS Pharmacy Patients Exposed

The theft of a laptop computer from a business associate of CVS pharmacy has resulted in the exposure of customers’ protected health information. The privacy breach affects certain patients who have previously filled out prescriptions at a single CVS pharmacy in Alabama – The CVS pharmacy at 8370 Highway 31 in Calera. Data stored on the laptop computer include the names of patients along with contact telephone numbers, home addresses, details of the prescriptions provided, and numbers and dispensing dates. No Social Security numbers or financial information were exposed. The theft occurred on March 16, 2016., and CVS was notified of the data breach on March 22. All affected patients have now been notified of the privacy breach by mail. The laptop theft was reported to the Indianapolis Police Department although the laptop computer has not been recovered. CVS requires its vendors to encrypt all patient information although in this case encryption was not used. This was a breach of the vendor’s contractual obligations, although the incident was not deemed to be severe enough to...

Read More
VA Monthly Information Security Report Shows Fall in Breach Victims in March
Apr18

VA Monthly Information Security Report Shows Fall in Breach Victims in March

The Department of Veteran Affairs has sent its monthly report to Congress detailing the information security incidents affecting VA facilities in March, 2016. 522 veterans were impacted by security incidents in March, 417 of which had their protected health information compromised. This month’s report shows a substantial reduction in breach victims. In February, 707 veterans had their PHI exposed and 817 security incidents were reported. While the breach victim count was considerably lower in March, the VA report shows an increase in the number of lost PIV cards, lost and stolen device incidents, and mis-mailed incidents. Only mishandled incidents and pharmacy mis-mailings fell in March. The VA had 54 lost/stolen device incidents compared to 43 in February. There were 172 lost PIV cards compared to 154 in February, and 147 mis-mailed incidents: 16 more than the previous month. Mishandled incidents fell from 106 to 89 in March, and only 3 pharmacy mis-mailings occurred. 5 fewer than February. There was only one major security incident reported in March, which impacted 211 veterans...

Read More
Atique Orthodontics Reports Potential Breach of Patient PHI
Apr18

Atique Orthodontics Reports Potential Breach of Patient PHI

San Antonio-based Atique Orthodontics, P.A., has discovered an unauthorized person gained access to an office computer for a period of just over a month earlier this year. The unauthorized accessing of the computer first occurred on February 29, 2016., with the remote access possible until March 30, 2016., when the security breach was discovered. During the time that remote access was possible, a server containing the protected health information of orthodontics patients could potentially have been accessed. Atique Orthodontics has not discovered any evidence to suggest that the protected health information of patients was actually compromised, although the possibility exists that data may have been improperly accessed. Atique Orthodontics took action to block remote access as soon as the security breach was discovered and there is no further risk of data being accessed by the individual. Atique is in the process of enhancing security and will be implementing further technical controls to prevent similar incidents from occurring in the future. The server contained highly sensitive...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist