25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Survey Indicates Law Firms are not Complying with HIPAA Rules

The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare providers, health insurers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Breach Notification Rules. HIPAA also applies to vendors and other companies doing business with covered entities, which are classed as HIPAA Business Associates (BAs). If a BA is supplied with the Protected Health Information (PHI) of health plan members or patients, or their software or systems are capable of touching PHI/PII, those entities are also required to comply with HIPAA Rules. Are Attorneys Classed as Business Associates of HIPAA-Covered Entities? According to Legal Workspace, healthcare attorneys may fall under the classification of Business Associate, and as such, they must comply with HIPAA Rules.  If a healthcare attorney is provided with healthcare data, it is necessary for that attorney – or his or her law firm – to ensure the necessary technical, administrative, and physical controls are implemented to protect PHI supplied by...

Read More

How to Retain Patients After a Data Breach

Last year, 1 in 3 Americans had their healthcare data exposed. Many Americans will have had their personal information exposed more than once. While no one wants to have their personal or healthcare information exposed in a data breach, these days it is inevitable that an individual will be affected by a data breach if they allow their data to be stored by a third party such as a healthcare provider or retailer. Sooner or later someone employed by that company will make a mistake that results in data being exposed, or a determined cybercriminal will break through security defenses and steal their sensitive information. According to a survey recently conducted by data privacy and security firm Morrison and Foerster, American consumers are becoming used to their data being exposed. While they are still very concerned about their privacy, many now understand that no company is perfect. Fewer people are now changing company after a data breach has been suffered, but a significant percentage of individuals will do just that. What is the Likelihood of Losing Patients/Customers after a...

Read More

Wayne Memorial Hospital Fires Nurse Aide for Inappropriate PHI Access

390 patients of Wayne Memorial Hospital, Honesdale, Penn., are in the process of being notified of a breach of their protected health information after it was discovered a nurse aide had accessed patient health records without authorization. The information accessed included personally identifiable information along with Social Security numbers, insurance information, and medical diagnoses. The incident was brought to the attention of hospital managers on December 8, 2015, when a member of staff came forward and reported patient health information may have been accessed by the nurse aide. An investigation was immediately launched, which involved a forensic review of file access attempts, to determine whether data had been inappropriately viewed. After determining restricted data had been inappropriately viewed, the nurse aide was fired and the incident was reported to law enforcement. The former employee had received training on the HIPAA Privacy and Security Rules, and was fully aware that data access was not permitted unless necessary as part of the provision of patient care....

Read More

Data Threat Report: PII Theft and Brand Reputation Damage Biggest Concerns

Over 1,100 senior security executives were recently polled by Vormetric for the company’s 2016 data threat report. Respondents were asked about the security incidents they had suffered over the previous 12 months, the measures they had put in place to secure data, their spending intentions for the next 12 months, and what they perceived the biggest data security threats in 2016. 2015 saw numerous major data breaches reported and an increase in the volume of breaches suffered. Unsurprisingly, given the current threat levels, the majority of respondents felt that they were vulnerable to attack. 91% said that they felt more vulnerable to attacks: a 4% increase from last year’s survey. A third of respondents said they felt very vulnerable or extremely vulnerable to attack. Even though more data breaches have been reported in the past 12 months than in previous years, only 39% of respondents said they had suffered a data breach or failed a compliance audit in the past year: a similar figure to previous surveys conducted by Vormetric. Spending Increased to Protect Brand Reputation and...

Read More

98 Percent of Compromised Healthcare Records Due to Hacking

2015 was the worst ever year for healthcare data breaches. The top three largest data healthcare data breaches were all discovered in 2015, including the massive cyberattack on Anthem Inc., that exposed a staggering 78.8 million healthcare records. The mega data breach at Anthem made the breaches at Premera Blue Cross and Excellus look small by comparison, yet they too were larger than any healthcare data breach previously reported to Office for Civil Rights. Just those three data breaches alone exposed almost 100 million healthcare records. Add in the 4.5 million-record data breach at UCLA Health, the 3.9 million-record breach at Medical Informatics Engineering and the one suffered by CareFirst BlueCross BlueShield and the total number of breached records rises to 110 million. Something all the major healthcare data breaches of 2015 had in common was they were the result of the actions of hackers. Human error may have played a part in the exposure of data, and the majority of breaches reported to OCR last year involved errors of judgement or negligence (loss of devices, theft of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist