25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Ponemon: 48% of Healthcare Organizations Suffered a PHI Breach in the Past Year

A study recently published by the Ponemon Institute has revealed that almost half of healthcare organizations (48%) have experienced a data breach in the past 12 months that has resulted in the loss or exposure of the protected health information of patients. The survey, conducted on behalf of software security firm ESET, asked 535 IT security professionals questions about cyberattacks on their organizations, the consequences of those data breaches, and cybersecurity concerns. The survey provides an insight into the current state of healthcare cybersecurity, the effect data breaches are having on healthcare organizations, and the seriousness of the current threat level. Cyberattacks on healthcare organizations are now taking place at a rate of one every month. Hackers were able to evade intrusion prevention systems (IPS) at 49% of organization surveyed, while 37% of respondents said cyberattackers had evaded detection by their antivirus protections and other traditional security measures. A quarter said they were unsure if that was the case. Protections against advanced persistent...

Read More
VA Information Security Report for January Released
Mar08

VA Information Security Report for January Released

The Department of Veteran Affairs has released its monthly report to congress detailing the privacy and security incidents reported in January, 2016. 44% more veterans were affected by privacy and security incidents in January 2016 than in December last year. 568 individuals were affected in January, resulting in 271 notification letters being sent. 297 individuals were offered credit protection services to mitigate risk after their personal information was accidentally disclosed. Breaches of protected health information fell slightly month on month. In December, 240 veterans’ PHI was exposed. 236 veterans had their PHI exposed or disclosed last month. The number of lost and stolen device incidents was virtually unchanged with 46 incidents reported in January compared to 47 in December, while the number of mis-mailed incidents fell by 17% with 141 incidents reported this month compared to 169 in December. There was an 18% increase in the number of lost PIV cards with 154 cards reported lost in January, and a 55% increase in the number of mishandled incidents with 121 incidents...

Read More

Patients Warned of PHI Exposure After Premier Healthcare Laptop Theft

More than 200,000 patients have been warned that their protected health information has potentially been accessed after an unencrypted laptop computer was stolen from Premier Healthcare in Bloomington, Indiana. The laptop computer was protected with a password and is not believed to have been stolen for the data stored on the device. Those data include the names of patients, Social Security numbers, and “other confidential information,” including demographic data, dates of birth, addresses, financial information, insurance details, medical record numbers, and clinical information. Documents stored on the device included PDF files, spreadsheets, and screenshot images used by the billing department. In total,  205,748 patients have potentially been affected.   Passwords offer a degree of security but they can be cracked. There is a possibility that the data stored on the device could potentially be accessed. Consequently, Premier Healthcare has sent breach notification letters to all affected patients. Under HIPAA Rules, covered entities must issue breach notification letters to...

Read More

21st Century Oncology Advises 2.2M Patients of Hacking Incident

In October, a hacker gained access to a patient database at 21st Century Oncology containing insurance data and Social Security numbers of patients. The incident is not of the order of the breaches at Anthem, Excellus BCBS, or Primera Blue Cross, but it does rank as one of the largest healthcare data breaches of 2015. On March 4, 2016, a regulatory filing was issued to the United States Securities and Exchange Commission indicating 2.2 million current and former patients were affected and potentially had their data copied and stolen. 21st Century Oncology, which operates 145 cancer treatment centers in the United States, was alerted to the hacking incident on November 13, 2015., by the Federal Bureau of Investigation. An internal investigation into the data breach was immediately launched by 21st Century Oncology; however, the FBI requested that patient notification letters be delayed so as not to interfere with its investigation. The investigation is ongoing, although the requested period of delay has now expired. Patients are now being sent notification letters to advise them of...

Read More
Nursing Home Residents’ PHI Accidentally Disclosed by Iowa DHS
Mar07

Nursing Home Residents’ PHI Accidentally Disclosed by Iowa DHS

Protected health information of 425 nursing home patients has been accidentally mailed to 12 nursing home facilities by the Iowa Department of Human Services. The HIPAA breach occurred in December 2015, although it was not discovered by Iowa DHS until January 22, 2016. Last month, all affected patients were sent a breach notification letter alerting them to the accidental disclosure of their data. According to Iowa DHS, it is unlikely that any patient data have been used inappropriately as they were sent to another HIPAA covered entity. The privacy breach occurred when Iowa DHS’ Medicaid Enterprise Medical Services department sent roster reports to the nursing homes. Those reports contained the names, Medicaid identification numbers, insurance or government program information, and the facility where each patient currently resides. Upon discovery of the breach, Iowa DHS contacted all 12 nursing facilities and instructed them to shred the data they had received. All facilities have now confirmed that the data have been securely destroyed. Medicaid Director Mikki Stier issued a...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist