25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

911 Dispatcher Fired for Privacy Violation

The unauthorized sharing of private health information on Facebook has resulted in a 911 dispatcher losing her job, but that may not be the end of it. The patient whose privacy was violated believes loss of employment is not punishment enough for the privacy violation, and wants criminal charges to be filed for the privacy breach. Any information provided over the telephone by a patient to a 911 dispatcher should be treated as confidential,  The information must be entered into the dispatch database, and while that information should be shared for the purpose of providing treatment, or for other healthcare functions, the privacy of patients must be respected. The the incident in question involved a 60-year old Catoosa County resident who called 911 reporting a blood clot that had come loose. The 911 dispatcher recorded the clients name, address, and details of the medical problem as was required by the job. However, 911 dispatcher Holly Dowis took a photograph of the dispatch screen using her mobile phone and sent the image to family members via a private chat on Facebook. The...

Read More

Cybersecurity Companies Be Found Liable for Healthcare Data Breaches

When a cybersecurity company is contracted to investigate a data breach, that company is expected to conduct a thorough investigation, ensure the breach is contained, and make sure backdoors are found and removed. However, what happens if a security company fails to deliver on its promise? Cybersecurity Firm Sued for Failing to Remedy a Data Breach Chicago-based cybersecurity firm Trustwave was sued late last year by a company that had contracted it to investigate and remedy a data breach. The lawsuit was filed for the company’s alleged failure to adequately investigate and remedy the breach, leaving the computer system open to a further attack. The lawsuit was filed by Affinity Gaming in the U.S. District Court in Nevada with the lawsuit stating that Trustwave’s investigation and remediation efforts were “woefully inadequate.” The investigation into the suspected hacking of the company’s payment card system failed to prevent individuals from gaining access to payment system data two months later. According to the lawsuit, Trustwave had reported to Affinity Gaming that the breach...

Read More
OHSU Hard Drive Stolen: PHI of Neonatal Patients Exposed
Feb13

OHSU Hard Drive Stolen: PHI of Neonatal Patients Exposed

Oregon Health & Science University (OHSU) has reported the theft of a computer hard drive containing the protected health information of neonatal intensive care unit patients. The hard drive was stolen from the vehicle of a research student on December 6, 2015. Contact information was not stored on the hard drive, only patients’ names, dates of birth, medical record identification numbers, physicians’ names, medical diagnoses, and clinical data relating to the research study the patients were participating in. The data were being used for a study on the potential effect of aminoglycoside antibiotics on hearing. The patients affected were those who enrolled in the study in 2013. Since no Social Security numbers, insurance information, or financial data were stored on the laptop, OHSU does not believe there is a risk of financial harm being suffered by either the patients or their families. OHSU has not announced how many individuals have been affected by the hard drive theft and the incident has yet to be posted on the Office for Civil Rights breach portal. A substitute breach...

Read More

OCR Issues Further Guidance on Health App Use

The Department of Health and Human Services’ Office for Civil Rights has issued new guidance to help mobile health application developers get to grips with HIPAA and determine whether they fall under the classification of a HIPAA Business Associate. Last fall, OCR launched a new developer portal to improve understanding of how the Health Insurance Portability and Accountability Act applied to mobile health app developers. The aim was to improve understanding of HIPAA rules among mhealth app developers. The portal was also used by OCR to anonymously gather information that it could use to direct its focus for future guidance and determine which aspects of HIPAA were proving problematic or confusing for app developers. The new guidance was deemed necessary after OCR assessed the comments and questions that had been submitted via the app developer portal. It is hoped that the new guidance, which has also been posted on OCR’s mHealth Developer Portal, will help app developers avoid falling afoul of HIPAA rules and will help answer some of the questions that are frequently asked. There...

Read More
Rogue Employee Steals 24000 Jackson Health System Patient Records
Feb11

Rogue Employee Steals 24000 Jackson Health System Patient Records

A Jackson Health System employee stands accused of stealing around 24,000 patient records over a period of 5 years. The hospital unit secretary has been placed on administrative leave pending the conclusion of an internal investigation into the extended HIPAA breach. The suspected theft of patient information has also been reported to law enforcement. Interestingly, the employee has been named but not yet fired. This suggests that the evidence already collected against the individual is substantial. The employee in question is Evelina Reid. She has been employed by Jackson Health since 2005 as a hospital unit secretary for the main operating room in the Miami-Dade public hospital network. An initial review of the privacy breaches indicates Reid accessed 24,188 patient health records over a period of 5 years without a legitimate reason for doing so. Reid is understood to have inappropriately accessed and viewed patient data, including names, dates of birth, addresses, and Social Security numbers. South Florida is well known for identity theft and has had more than double the number...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist