25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Data Breach Discovered by the Eye Institute of Corpus Christi
Mar03

Data Breach Discovered by the Eye Institute of Corpus Christi

The Eye Institute of Corpus Christi, a full service eye care, diagnosis, and treatment clinic in Texas, has discovered that individuals gained access to the records of all of its patients, downloaded their protected health information from the EHR, copied those data, and provided them to two physicians formerly employed by the eye clinic. The disclosed data include the names of patients, their addresses, contact telephone numbers, Social Security numbers, dates of birth, medical diagnoses, details of treatment, and health insurance details. The Eye Institute became aware of the patient privacy breach on January 6, 2016., and has since discovered that data provided to the physicians have been used to contact patients in an attempt to solicit business. The physicians in question had been employed at The Eye Institute of Corpus Christi until recently. The Eye Institute of Corpus Christi has been in touch with the physicians concerned and has instructed them to return the stolen data. It is not clear from the breach report whether the data have been returned and are now secured. While...

Read More

Investigation Launched into Main Life Health Spear Phishing Attack

Main Line Health has fallen victim to a spear phishing attack that has resulted in the data of employees being sent to a scammer. This is the fourth such case discovered in the past two weeks that has resulted in a breach of employee data. The spear phishing attack was discovered on Tuesday this week, although the spear phishing email was sent to a Main Line Health employee on February 16, 2016. The employee responded to the email request for data in the belief that the email was genuine. The incident went unnoticed until Main Line was made aware of the spate of recent healthcare phishing attacks when an alert was issued by the IRS. The attack prompted Main Line to conduct a review of internal policies and procedures to reduce the risk of future spear phishing attacks being successful, and the company will be enhancing its security procedures. All affected employees have been advised of the exposure of their data and are being offered credit monitoring and identity theft protection services to protect against fraud. Main Line Health CEO, Jack Lynch, issued a warning about the spear...

Read More

FHN Memorial Hospital Announces Hard Drive Theft and PHI Exposure

FHN Memorial Hospital in Freeport, IL., has announced that a computer hard drive was stolen from the hospital in December, 2015. Spreadsheets and internal reports were stored on the drive which contained the protected health information of many of its patients. No medical records were stored on the drive although a considerable amount of PHI was detailed in the reports and spreadsheets. Those data include patients’ name, address, telephone number, ethnicity, date of birth, medical record number, patient encounter number, patient ID number, dates of service, medical diagnoses, details of procedures and examinations performed at the hospital, prescription information, referring physician name, insurance details, and discharge date. Patients are in the process of being notified of the exposure of their PHI and are being advised of the procedures they can follow to reduce the risk of harm or loss as a result of the data exposure. It is not clear at this stage how many patients have been affected or if credit monitoring and identity theft protection services are to be offered to...

Read More
Cost of the Excellus BlueCross BlueShield Data Breach Reaches $17.3M
Mar03

Cost of the Excellus BlueCross BlueShield Data Breach Reaches $17.3M

The cost of the Excellus BlueCross BlueShield data breach has reached $17.3 million, according to its latest financial filings. The Rochester-based health insurer suffered the third largest healthcare data breach of last year; more than twice the size of the largest reported healthcare data before the Anthem cyberattack was discovered. More than 10 million plan member and vendor records were exposed in the cyberattack discovered on September 9, 2015. The bulk of the initial cost has gone on providing all affected members with credit monitoring and protection services. That cost the insurer $13.5 million in the final quarter of 2015. All affected individuals were offered two years of complimentary credit monitoring and identity theft protection services following the exposure of their PHI. The data breach exposed highly sensitive data including Social Security numbers, medical data, and financial information. It has now been over 5 months since the discovery of the cyberattack, although Excellus has yet to uncover any evidence to suggest that the hackers responsible for the attack...

Read More
Deven McGraw Gives Update on OCR HIPAA Compliance Audits
Mar03

Deven McGraw Gives Update on OCR HIPAA Compliance Audits

Office for Civil Rights deputy director of health information privacy, Deven McGraw, has provided an update on the OCR’s planned HIPAA compliance audits, saying the revised protocol for the long awaited second round of compliance audits will be published next month. Late last year, OCR Director Jocelyn Samuels announced that the next round of audits would be taking place in early 2016. With the announcement of the planned publishing of the audit protocol in April, the next round of audits could start in Q2, although this seems unlikely. Once the audit protocol has been published there will be a period allowed for public comments. Those comments will need to be assessed, and may require changes to be made to the audit protocol. According to McGraw, the new protocol will be based on that used for the 2011/2012 round of audits, with amendments made to account for the changes to HIPAA following the introduction of the Omnibus Rule in 2013. Previously, OCR indicated the next round of compliance audits would be conducted in modules. A module would be developed to assess Privacy Rule...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist