25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Compliance Training Programs
Nov14

HIPAA Compliance Training Programs

HIPAA compliance training programs are foundational training courses that ensure every member of the workforce understands basic HIPAA provisions to better protect patient information, follow internal policies and procedures, recognize privacy and security risks, and respond appropriately to incidents. The purpose of HIPAA compliance training programs is to fill gaps in workforce knowledge that are attributable to organizations applying the HIPAA training requirements to the letter of the law. For example, the HIPAA Privacy Rule training standard (45 CFR 164.530(b)(1)) states: “A covered entity must train all members of its workforce on policies and procedures […] as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity”. When this requirement is complied with literally, staff may understand the organization’s policies and procedures, but not the underlying principles. This can lead to confusion in new or ambiguous situations, and unintentional violations of HIPAA when the connection between policy and behavior is absent....

Read More
Warning Issued About Akira Ransomware as Attacks on Critical Infrastructure Accelerate
Nov14

Warning Issued About Akira Ransomware as Attacks on Critical Infrastructure Accelerate

A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense Cyber Crime Center (DC3), Department of Health and Human Services (HHS), and international law enforcement partners about the Akira ransomware group, which has accelerated its attacks on critical infrastructure in recent months. According to the FBI, Akira has been paid more than $244 million in ransoms since the group was first identified in March 2023. While Akira primarily targets small- to medium-sized organizations, the group has also attacked larger organizations, favoring sectors such as manufacturing, education, information technology, healthcare, financial services, and food and agriculture. The group’s tactics are constantly evolving. While the group initially targeted Windows systems, a Linux version of its encryptor has been developed that is used to target VMware Elastic Sky X Integrated (ESXi) virtual machines (VMs), and recently the group has been observed encrypting Nutanix AHV VM disk files....

Read More

HIPAA Compliance for Pediatricians

HIPAA compliance for pediatricians means following established privacy and security policies to protect children’s protected health information at every touchpoint, including verifying a parent or guardian’s authority before disclosures, applying the minimum necessary standard in communications with schools and caregivers, safeguarding records across EHRs, portals, and mobile devices, and promptly reporting potential incidents so privacy or security risks are contained quickly. HIPAA compliance for pediatricians is complicated by the provisions of the Privacy Rule relating to personal representatives of unemancipated minors and the data sharing requirements of the 21st Century Cures Act Interoperability Final Rule. Most pediatricians, or the organizations they work for,  are Covered Entities under HIPAA if they transmit health information electronically in connection with a transaction for which the Department of Health and Human Services (HHS) has developed standards. These transactions include (but are not limited to): Payment and remittance advice Claims status Eligibility...

Read More
Which Aspect of HIPAA Most Affects EMS Personnel?
Nov14

Which Aspect of HIPAA Most Affects EMS Personnel?

The HIPAA Privacy Rule most affects EMS personnel because field care requires rapid decisions about when protected health information may be used or disclosed for treatment, when disclosures to family, bystanders, and public safety officials are permitted, and how to apply the HIPAA Minimum Necessary Rule while operating in uncontrolled environments. EMS personnel manage protected health information during dispatch, radio traffic, on-scene assessment, transport, and handoff to emergency department staff. The operational pressure point is disclosure control. Patient details can be overheard by neighbors, other patients, media, and law enforcement. EMS personnel need to use reasonable safeguards such as lowering voices when possible, limiting identifiers in public areas, and avoiding disclosures of clinical details to bystanders who are not involved in care. Treatment disclosures usually support EMS operations without patient authorization. Information may be shared with hospitals, other responding units, and receiving facilities to coordinate care. The HIPAA Privacy Rule also...

Read More
Urgent Patching Required to Fix Actively Exploited Cisco Flaws
Nov14

Urgent Patching Required to Fix Actively Exploited Cisco Flaws

Threat actors are actively exploiting multiple Cisco vulnerabilities for which patches were previously issued in August; however, attacks are ongoing, including attacks on devices that have been improperly patched. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity alert this week about two critical Cisco vulnerabilities – CVE-2025-30333 and CVE-2025-20362 – affecting Cisco Adaptive Security Appliances (ASA) and Firepower devices. The vulnerabilities affect devices running Cisco Secure ASA Software or Cisco Secure FTD Software and have CVSS v3.1 base scores of 9.9 and 9.8. The vulnerabilities can be exploited by sending specially crafted HTTP requests to a vulnerable web server on a device. Cisco issued patches to fix the vulnerabilities in August this year, warning that hackers could exploit the flaws to execute commands at a high privilege level. The flaws allow threat actors to access restricted URL endpoints that should be inaccessible without authentication. By exploiting the flaws, attackers can execute code on vulnerable devices. If the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist