25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

5 EHR Vendors Agree to Carequality Interoperability Framework
Jan29

5 EHR Vendors Agree to Carequality Interoperability Framework

Following the publication of the Carequality Interoperability Framework last month, five major EHR vendors have signed up and agreed to adopt the Sequoia Project’s Carequality initiative. The Sequoia Project has announced that athenahealth Inc., eClinicalWorks, Epic Systems Corporation, NextGen Healthcare, and Surescripts have all agreed to adopt the new framework. Universal interoperability may be some way off, but the addition of the EHR vendors is seen as a major step in the right direction. Thanks to the comprehensive framework, the companies will reap a number of connectivity benefits that were previously difficult to attain until the Framework put an end to the need to enter into separate legal agreements with organizations before data sharing was possible. The announcement confirms that EHR vendors are committed to making total interoperability a reality for both patients and healthcare providers, and shows that universal interoperability could soon become a reality. Sequoia Project’s CEO Mariann Yeager recently said in an interview with EHRIntelligence, “We know there...

Read More
NCH Healthcare System Cyberattack Announced
Jan28

NCH Healthcare System Cyberattack Announced

The NCH Healthcare System cyberattack resulted in the compromising of two data center servers. Employee data were potentially accessed, but no patient health data were exposed. The NCH Healthcare System cyberattack took place on Wednesday last week. The intrusion detection alarm was triggered, allowing the cyberattack to be rapidly identified. Access to the servers was rapidly shut down. The Naples-based healthcare system operates the NCH Baker Hospital, formerly known as the NCH Downtown Naples Hospital, and the NCH North Naples Hospital, along with numerous clinics and outpatient centers in Naples, Florida. The affected servers were located in a data center in Kansas City, MO. The two Cerner Data Center servers were not used to store any patient data, although they did house a medical staff credentialing database and an employee information database. According to statements released by a representative of the Cerner Data Center and the Director of Marketing for NCH, no patient information was stored on the servers so none of the health systems patients have been affected by the...

Read More

9 Out of 10 Data Breaches Could Have Easily Been Avoided

Take a look at the healthcare data breach entries in the OCR web portal for 2015 (or any year) and you will notice the same types of data breaches are repeated time and again. The vast majority of those data breaches are avoidable. A large percentage involve the loss of portable storage devices such as zip drives and hard drives. Many cite stolen devices, with laptop theft particularly common. Then there are mistakes made with the configuration of servers and firewalls that have accidentally been switched off. Patches are not installed promptly leaving security vulnerabilities that can all too easily be exploited. Passwords are set that are too easy to guess, default logins are not changed, and risk assessments are not being conducted regularly. It may not always be possible to prevent a successful cyberattack, but it is possible to prevent the vast majority of data breaches. Study Finds 9 out of 10 Data Breaches Could Easily Have Been Avoided In fact, 9 out of 10 data breaches could easily have been avoided according to a study published by the Online Trust Alliance (OTA). The...

Read More

Happy Data Privacy Day

October is National Cybersecurity Awareness Month, but today – January 28 – is Data Privacy Day: An international day conceived as a way of improving awareness of privacy issues. It is a day when organizations in Europe and the United States recognize the importance of safeguarding data, protecting privacy, and building the trust of consumers (and patients). Given the volume of healthcare records exposed in 2015 and the number of data breaches still being suffered by HIPAA-covered entities, this year Data Privacy Day is more important than ever before. Happy Data Privacy Day – May the Next 24 Hours be Free of Privacy Breaches!   Data Privacy Day started in 2007 across the pond in Europe, where it is known as European Data Protection Day. 47 European countries honor the day and are involved in campaigns to raise awareness of data privacy issues and share information that can help corporations and individuals better protect stored and shared data. With a unanimous vote of 402-0, the House of Representatives followed suit two years later and also chose to use January 28 as a day to...

Read More
Community Mercy Health Partners Notifies Patients of November Data Breach
Jan27

Community Mercy Health Partners Notifies Patients of November Data Breach

In late November, a member of the public discovered a number of documents at a recycling center that appeared to have come from hospitals run by Community Mercy Health Partners. The documents contained detailed information about patients who had received medical services between 2005-2013. The information in the documents included patient names, accession numbers, guarantor information, types of study they were involved in, medical diagnoses, health insurance details, physician names, as well as driver’s license details, Social Security numbers, and some clinical information. LeRoy Clouser discovered the files in a number of dumpsters and alerted the Springfield Police of his find. Community Mercy Health Partners was subsequently advised by law enforcement officers about the dumped records and sent staff to retrieve the documents. The matter was reported in the media at the time, although it has taken some time for an investigation to be conducted and for all patients to be identified. That investigation is now complete and patients started being notified of the data breach on...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist