25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Alliance Health Reports 30-Month Health Data Exposure

Alliance Health has discovered one of its patient databases had been misconfigured and left accessible via the Internet, resulting in the protected health information of 40,000 patients being exposed for a period of 30 months. A database configuration error was discovered on December 17, 2015., which had left it unsecured and potentially accessible by the public, although an investigation did not uncover any evidence to suggest that patient data were accessed during the time the database was unsecured. Upon discovery of the error the database was taken offline and secured, and unauthorized access is no longer possible. The investigation revealed that patient data were accessible between July 2013 and December 17, 2015. No Social Security numbers or financial data were stored in the database, although patient names, telephone numbers, addresses, and email addresses could potentially have been accessed. A limited amount of clinical information including the medications that had been prescribed to patients were also stored in the database. The only patients affected are those who...

Read More

Cyberattack Detection: Confidence High Even If Detection is Often Slow

Detecting a cyberattack promptly is critical in order to minimize the damage caused, but how quickly are cyberattacks actually detected? Tripwire, a leading provider of advanced security and compliance solutions, set out to find out whether IT professionals believed they had the technology and policies in place to enable them to identify a cyberattack rapidly. For the study, 763 IT security professionals from public sector organizations and the energy, financial services and retail industries were asked about the efficacy of seven key security controls that should be implemented to detect a cyberattack while it is taking place. Accurate hardware inventory Accurate software inventory Continuous configuration management and hardening Comprehensive vulnerability management Patch management Log management Identity and access management The results of the study have been published in the Tripwire 2016 Breach Detection Study. Confidence High in Ability to Detect a Cyberattack… The majority of respondents were confident that the measures they had put in place to detect a cyberattack...

Read More

HHS Proposes Rule Change to Facilitate Sharing of Substance Abuse Data

On Friday February 9, 2016., a proposed rule change was published in the federal register by the Department of Health and Human Services. The proposed rule change aims to improve the sharing of health information of patients diagnosed with or seeking treatment for alcohol and drug dependency. The proposed rule change applies to 42 CFR Part 2: The Confidentiality of Alcohol and Drug Abuse Patient Records regulations. New integrated health care models will incentivize healthcare providers who put patients at the center of their care; however current restrictions on the sharing of health data of patients seeking treatment for drug and alcohol abuse does not fit in with the new models. The rules covering the privacy of patients suffering from drug and alcohol abuse were first promulgated in 1975, and while they were updated in 1987, little has changed since. Patients covered by “Part 2” rules receive stronger privacy protections than are stipulated in HIPAA. When the regulations were introduced there was concern that the sharing of drug and alcohol abuse data could potentially...

Read More

Magnolia Health Victim of Spoofed Email Scam

Magnolia Health Corporation is the latest healthcare provider to report a data breach caused by an employee responding to a spoofed email, which appeared to have been sent by the CEO. The data breach affects employees of Magnolia Health Corporation as well as those employed at facilities managed by MHC subsidiaries Kaweah Manor, Inc., Merritt Manor, Inc., Porterville Convalescent Inc., Twin Oaks Assisted Living, Inc., and Twin Oaks Rehabilitation and Nursing Center Inc. No patients have reportedly been affected, although all active employees have had their personal information compromised. The exposed data include the full names of employees, their address, employee number, date of birth, gender, hire date, seniority date, Social Security number, salary and hourly rate, job title, department, and last worked date. Employee Falls for Email Request for Employee Data An employee responded to an email that appeared to have been sent by Magnolia Health CEO Kenny Moyle and included a spreadsheet containing the details of active employees on February 3, 2015., as requested. However, a...

Read More

Cyberattackers Demand $3.6M Ransom from Hollywood Hospital

Hollywood Presbyterian Medical Center has declared an internal emergency and is suffering significant IT issues after ransomware was installed on its computer system. $3.6 Million Ransom Demanded to Unlock Hollywood Presbyterian Medical Center Computers Hollywood Presbyterian Medical Center (HPMC) has suffered a ransomware attack that has forced it to take part of its computer network offline as a precaution to prevent the lateral spread of the infection. The ransomware attack took place on February 5, and many of the hospital’s computers have now been out of action for over a week. No healthcare data have been encrypted, although the ransomware infection is affecting day-to-day healthcare operations. HPMC claims that healthcare patients have not been put at risk although the emergency room has been impacted. Some of the computers essential for CT scans, laboratory work, and pharmacy operations to take place have been taken out of action, reduc8ing the efficiency of the provision of healthcare services. One physician reportedly told CBS news that the hospital’s email system is...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist