25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Lawsuit Filed Against Facebook and Cancer Sites for Alleged HIPAA Violation

A lawsuit has been filed in Federal Court in San Jose, California by cancer patients who allege they have had their privacy violated after visiting the websites of cancer institutes. The plaintiffs claim that the websites of some cancer institutes contain secret code that captures data and passes the information to Facebook for marketing purposes. After visiting the websites, the plaintiffs claim they have been served advertisements relating to very specific types of cancer. It is alleged that in order for those advertisements to be served, Facebook must have been provided with site search data and the specific webpages that were visited. Lead plaintiff in the case, Winston Smith, claims to have visited cancer.org, a website of the American Cancer Society. Smith conducted searches on the site for information on lung cancer and claims those searches, and information about the webpages he visited, were provided to Facebook which used the information to serve him targeted adverts. Smith claims that Facebook’s privacy policy does not specifically mention that highly sensitive medical...

Read More

Healthcare Organizations Prioritizing Compliance Over Data Breach Prevention

A recent survey conducted by 451 Research on behalf of security firm Vormetric indicates 96% of IT managers expect their organizations to be attacked by cybercriminals. The survey was conducted on 1,100 IT managers including over 100 working in healthcare organizations. One in five organizations have experienced a data breach in the past 12 months, while 63% of respondents said they have experienced a data breach in the past. Even though the threat of a data breach is considerable, a majority of healthcare IT managers say their organizations are prioritizing compliance over data breach prevention. 61% of healthcare IT managers said compliance was their main priority, compared to just 40% that said it was data breach prevention. Other priorities were preventing reputation and brand damage and implementing security best practices, rated as the main priorities by 49% and 46% of respondents respectively. More than Two Thirds of Respondents Said Achieving Compliance Was an Effective Way of Protecting Data   69% of healthcare IT managers said achieving compliance with EPCS, FDA CFR...

Read More
California Ransomware Bill Passed by State Senate Committee
Apr15

California Ransomware Bill Passed by State Senate Committee

Californian Senator Bob Hertzberg introduced a new bill (Senate Bill 1137) in February which proposes an amendment to the penal code in California to make it a crime to knowingly install ransomware on a computer. The bill has now been passed by the senate’s Committee on Public Safety, taking it a step closer to being introduced into the state legislature. The bill must now go before the state Senate Appropriations Committee; after which it will be considered by both houses. Currently, state law in California covers crimes relating to computer services including “knowingly introducing a computer contaminant,” as well as extortion, the latter being defined as “obtaining the property of another, with his or her consent, induced by a wrongful use of force or fear.” Under existing laws, extortion is punishable with a prison term of 2,3, or 4 years. Ransomware is covered under current laws, although Senator Hertzberg believed an update was necessary given the extent to which ransomware is now being used to extort money from businesses. FBI figures suggest that in the first 3 months of...

Read More

Federal Court Rules Data Breach Covered by CGL Insurance Policy

A federal appeals court ruled this week that Travelers Insurance has a duty to defend Portal Healthcare Solutions in a class-action lawsuit filed by patients whose medical records were exposed on the Internet in 2013. The lawsuit was filed following the exposure of 2,300 patients’ medical records in 2012/2013. The records were stored on computer server that could be accessed over the Internet, and the data of some patients had been indexed by the search engines. Two patients filed a class-action lawsuit after discovering their data could be accessed via Google. The patients claimed they both searched for their own names on Google and the first links that appeared were for their medical records. Both were patients of Glen Falls Hospital in New York. The lawsuit was filed against Portal Healthcare Solutions, which was contracted by Glen Falls Hospital to store patients’ medical records. The server on which doctors’ notes were stored should have been secured; however, a configuration error resulted in data being left unprotected. The files were accessible due to a misconfigured...

Read More
1400 Healthcare Organizations Notified of American College of Cardiology Privacy Breach
Apr14

1400 Healthcare Organizations Notified of American College of Cardiology Privacy Breach

1,400 organizations have been notified that patient data supplied to the American College of Cardiology (ACC) via the national cardiovascular data registry has been inadvertently disclosed to a third party vendor. While the total number of affected patients has not yet been disclosed, almost 100,000 individuals are understood to have been affected. Participating healthcare organizations enter patient data into the ACC-maintained registry and use the database to measure and improve the cardiovascular care provided to patients. The ACC employed a software development company to redesign the registry and supplied 250 tables of fabricated patient data to populate the database for testing purposes. However, one of the tables supplied to the vendor contained real patient data including names, dates of birth, internal patient ID numbers, and Social Security Numbers. The data were supplied to the vendor at some point between 2009 and 2010, although the improper disclosure was not discovered until December 2015. The ACC notified all affected institutions in February and supplied them with...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist