25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Compliance Assistance Provided to Mobile Health App Developers by FTC
Apr07

Compliance Assistance Provided to Mobile Health App Developers by FTC

A new interactive tool has been released by the Federal Trade Commission (FTC) to help mobile health app developers determine whether their apps need to comply with federal regulations. The new web-based tool was developed with assistance from the U.S. Department of Health and Human Services (HHS), the Office for Civil Rights (OCR), the Office of the National Coordinator for Health Information Technology (ONC), and the Food and Drug Administration (FDA). By answering a series of 10 questions, mobile app developers can determine whether their healthcare products are covered under the Health Insurance Portability and Accountability Act (HIPAA), Federal Food, Drug, and Cosmetic Act (FD&C Act), Federal Trade Commission Act (FTC Act) or need to comply with the FTC’s Health Breach Notification Rule. In many cases, app developers will be required to comply with more than one set of federal laws. According to Jessica Rich, FTC Bureau of Consumer Protection director, “Mobile app developers need clear information about the laws that apply to their health-related products.” The tool aims...

Read More

Unpatched 2007 Vulnerability Exploited in MedStar Ransomware Attack, Says AP

The ransomware attack on MedStar Health could easily have been avoided had its software been patched according to a recent AP article, although this has been denied by MedStar Health. The vulnerability in the Red Hat-supported JBoss application server was first uncovered in 2007. A further warning about the problem was issued by Red Hat in 2010, with another warning issued earlier this month. A patch to correct the vulnerability has existed for almost a decade. The patch removes two lines of code that enables the JBoss system to be accessed remotely. The flaw existed as a result of a common JBoss application server misconfiguration. According to an Ars Technica report, more than 2.1 million installations around the world are vulnerable to this type of attack. The failure to implement the 2007/2010 patches allows attackers to exploit the vulnerability and gain access to Internet facing servers. Once access has been gained attackers are able to use a host of security tools to gain access to other parts of a network and deploy ransomware. As media reports circulate claiming it was...

Read More

Rogue Employee Steals PHI of 2,000 Pointe Medical Services Patients

A former employee of Pointe Medical Services has been accused of stealing the protected health information of patients and disclosing the data to her new employer. The data theft came to light when a patient complained to Pointe Medical Services that contact had been made by another healthcare service provider in an attempt to solicit business. The patient was concerned that PHI had been compromised and contacted Pointe Medical Services around February 11, 2016. An internal investigation was launched and Pointe Medical Services discovered patient information had been downloaded and copied by Kimberly Hunt, ARNP, who was previously employed by the company. That information was subsequently shared with L.A. Quinn M.D., P.A. and Carter’s Ortega Pharmacy, Inc. Hunt is alleged to have downloaded the PHI of 2,000 patients and copied their names, phone numbers, dates of birth, appointment status, reason for appointments, insurer’s name, health plan name, and insurance account type. To prevent further harm, Pointe Medical Services took legal action and obtained an injunction from the...

Read More

7,500 Patients Notified of Indian Health Service PHI Theft

The medical records of approximately 7,500 patients of an Indian Health Service medical center have been recovered from storage units in Waterflow in New Mexico, at least 5 months after they were stolen by a former employee. Back in October, the records of 470 patients of the Northern Navajo Medical Center in Shiprock were found in a public storage facility by a community member. The matter was reported to the Navajo Area Indian Health Service on October 5, 2015, and staff were sent to recover the documents. According to the IHS breach notice, the Department of Health and Human Services Office of Inspector General Investigator investigated the breach and discovered that files had been taken by a former employee. Some of the employee’s personal items were also located in the storage facility. The investigation revealed that the data breach was much more extensive than initially thought. A further 7,000 documents were also recovered from storage facilities and have now been returned to the medical center. Now that the files have been recovered, patients are being notified of the...

Read More

Phishing Attack Reported by Metropolitan Jewish Health System Inc.

Metropolitan Jewish Health System, Inc., (MJHS) is the latest healthcare organization to announce it has fallen victim to a phishing attack. The incident appears to have resulted in one email account being compromised, although an investigation is still ongoing to determine if any other email accounts were also affected. An employee of MJHS responded to a phishing email on January 18, 2016., but the breach was not discovered until January 22, giving the attacker access to the email account for four days. As soon as MJHS learned of the incident the email account was shut down and an investigation was launched. An analysis of the data contained in the employee’s email account revealed 2,483 patients’ protected health information had potentially been compromised. MJHS did not disclose whether emails had been accessed by the attacker, but no reports have been received to suggest any PHI has been used inappropriately. Patients affected by the data breach had previously received medical services from Menorah Center for Rehabilitation and Nursing Care; MJHS Home Care; MJHS Hospice and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist