25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Buffalo Medical Group Patients Notified of Alleged HIPAA Violation

When a HIPAA violation occurs, the covered entity is required to notify patients that their protected health information has been exposed. However, in a bizarre turn of events, a number of patients of the Buffalo Medical Group have received breach notification letters that have been sent without Buffalo Medical Group’s knowledge. The letters have been printed on the Buffalo Medical Group’s letterhead and details of the physicians employed in the Department of Dermatology have also been included in the letter. Patients have been advised that a member of staff has disclosed their names and details of medical conditions to a new boyfriend. The member of staff concerned is named in the letter, and it is claimed that the HIPAA violations took place in the office, starting around August 2015. Confidential data was allegedly disclosed over the staff member’s cell phone within earshot of other workers. After the relationship ended the ex-boyfriend is alleged to have contacted Buffalo Medical Group by letter explaining that HIPAA violations had occurred. No response was allegedly received,...

Read More
Anthem’s Request to Access Breach Victims’ Computers Denied
Apr13

Anthem’s Request to Access Breach Victims’ Computers Denied

Following any significant breach of protected health information HIPAA covered entities can expect breach victims to file lawsuits to recover damages. Last year’s 78.8 million-record data breach at Anthem Inc., is no exception. Over 100 lawsuits have been filed by plaintiffs to recover damages. Some of the suits are speculative, with plaintiffs attempting to recover damages for the increased risk of harm now faced, although some breach victims are claiming to have suffered actual losses as a result of the Anthem data breach. It is not surprising that the insurer’s legal team has attempted to determine whether the victims have actually suffered losses as a direct result of the Anthem breach. In 2015, over 113 million healthcare records were exposed or stolen. The majority of those records were stolen in the Anthem data breach, but it is conceivable that identity theft could have resulted from another healthcare – or non-healthcare – data breach, from a lack of basic security measures applied by the victims, or from the inadvertent installation of malware on victims’...

Read More
Florida Department of Health Notifies Palm Beach County Patients of PHI Breach
Apr12

Florida Department of Health Notifies Palm Beach County Patients of PHI Breach

The Florida Department of Health in Palm Beach County has discovered approximately 1,000 patients have had their protected health information inappropriately disclosed, although at this stage little information has been released on the exact nature of the data breach. In February, the DOH was informed by law enforcement officers that there had been a potential breach of patients’ protected health information. A list containing the names, dates of birth, phone numbers, Social Security numbers, Medicaid numbers, and medical record numbers had been recovered. Florida DOH was asked to verify that the individuals on the list were DOH patients. The patients were identified as having visited DOH facilities in Palm Beach County. At this stage no information has been released to indicate how the list was obtained by law enforcement. No employees have been implicated at this point in time and an investigation into the breach is ongoing. All affected patients have been contacted by mail and informed that their PHI has been exposed. They have been advised to obtain a free credit report, review...

Read More

OptumRx and Einstein Health Network Inform Patients of Recent PHI Breaches

OptumRx is in the process of notifying patients about a breach of their Protected Health Information after an unencrypted laptop computer was stolen from one of its vendors. An employee of an unnamed company which provides prescription delivery services on behalf of OptumRx left a laptop computer in a vehicle from where it was stolen. The theft occurred on March 16, 2016 and OptumRx was notified of the theft by its vendor on March 22, 2016. The laptop contained patient data including names, addresses, drug prescription information, prescription providers, and health plan names. No Social Security numbers or financial information were stored on the laptop, although some patients had their date of birth exposed. The breach notice submitted to the California Attorney General does not mention whether the laptop was password protected. Additional security measures have now been implemented on laptop computers used by OptumRx’s vendor. Further staff training will be conducted to reinforce policies and procedures already put in place by the vendor. All affected patients have been offered...

Read More

California, Kentucky and Vermont Health Exchange Security Flaws Placed Data at Risk of Exposure

An investigation conducted by the Government Accountability Office revealed “significant” cybersecurity vulnerabilities existed in all three state health exchanges studied: California, Kentucky, and Vermont. Those vulnerabilities could have potentially been exploited by hackers to gain access to the sensitive data of hundreds of thousands of Americans. Only three state health insurance marketplaces were investigated out of the 12 states that run their own health insurance exchanges, although with all three found to have serious vulnerabilities it is likely that the other 9 states may also be vulnerable to cyberattacks. The GAO report was compiled following an investigation conducted between October 2013 and March 2015. While the report was published last year in an abbreviated form, the states that were investigated were not named. This week the GAO revealed the states to the Associated Press after a request was filed under the Freedom of Information Act. Some of the security vulnerabilities have now been addressed but a number still remain. The report did not disclose details of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist