25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

St. Luke’s Cornwall Hospital Notifies 29K Patients of Data Exposure

St. Luke’s Cornwall Hospital has issued a media announcement providing further information on the 29,156-record data breach that occurred on October 31, 2015. The hospital has explained that the breach occurred when an unidentified individual entered a restricted area of the hospital and stole a thumb drive containing a limited amount of patient data. The device was unencrypted and contained patient names, medical record numbers, details of imaging services provided, and the dates of patient visits. Some administration information was also stored on the thumb drive, although no financial information, insurance details, health information, or Social Security numbers were compromised. While the incident was discovered quickly, the hospital had to conduct an investigation to determine the exact data that were stored on the thumb drive and which patients were affected. The investigation has now been completed and patients have been notified by mail of the breach of their protected health information. The Department of Health and Human Services’ Office for Civil Rights was informed of...

Read More

Franciscan St. Francis Health Patients Targeted by Phone Scammers

Franciscan St. Francis Health, a health system serving patients in Indianapolis and south-central Indiana, has been alerted to a new telephone scam targeting its patients. St. Francis was recently contacted by a patient who had been contacted by telephone and told she was required to pay an outstanding debt for a pacemaker provided by the hospital. The call appeared to emanate from within Franciscan St. Francis. The telephone number used for the call appeared to be from the hospital’s internal phone system. The patient, a 78-year old woman, was given two choices. Pay the debt or return the pacemaker if it had not been used. Fortunately, the woman felt that something wasn’t right and contacted the hospital and discovered the call was a scam. It is unclear how the scam artist obtained the phone number of the patient, or how that person was aware of the medical device used by the woman. According to a statement issued by the hospital to CBS, the caller ID of the hospital had been spoofed to make the call appear to have come from the hospital. The matter has now been reported to...

Read More

Six Missing Hard Drives Reported by Centene: 950,000 Members Affected

Wisconsin-based health insurer, Centene Corporation, has announced the loss of six unencrypted computer hard drives containing the protected health information of approximately 950,000 of its members. The hard drives were being used for a project to improve the health outcomes of plan members. The individuals impacted by the security breach had all received laboratory services between 2009 and 2015. The data stored on the devices included names, addresses, dates of birth, member ID numbers, Social Security numbers, and laboratory test results. An initial search was conducted after it was discovered that the devices were missing, although a more comprehensive search of Centene facilities in now being conducted. That search is ongoing according to the company’s breach notice. It is possible that the hard drives will be found, although Centene has now taken the step of alerting its members to the potential exposure of their PHI out of an abundance of caution. Also out of an abundance of caution, all 950,000 members have been offered a year of credit monitoring services without charge....

Read More

Patients of Alaska Orthopedic Specialists Advised of PHI Breach

Anchorage-based healthcare provider, Alaska Orthopedic Specialists, has alerted 553 patients about a breach of their protected health information. The healthcare provider is no longer in business, having closed its doors in March 2015. While closing the business, it was discovered that a former non-physician member of staff had emailed the data of 553 patients to a personal email account, against company policy and without authorization. According to the defunct company’s breach notice, efforts have been made to secure the stolen data. It is not clear whether those data have now been securely, and permanently deleted. The theft of data was reported to the Department of Health and Human Services’ Office for Civil Rights on November 19, 2015., although it has not been made public exactly what data were stolen or when the email was sent. The data were presumably emailed to the personal email account prior to the closure of the business. The breach notice states that no evidence of disclosure of the data has been found and neither any evidence that those data have been used...

Read More

Californian Oncologist Announces PHI Theft

In November, 2015, the offices of Californian oncologist/hematologist, Michael S. Benjamin, M.D., were burgled. The thieves stole a number of paper charts which contained a limited amount of protected health information of his patients. Patients have now been notified of the data breach by mail, and the Department of Health and Human Services’ Office for Civil Rights (OCR) was alerted to the security breach on December 28, 2015. The breach report listed on the OCR breach portal indicates 1,300 individuals were impacted by the breach. When a data breach is suffered that impacts more than 500 individuals, in addition to issuing individual breach notification letters to the victims, HIPAA-covered entities are obliged to provide a notice to “prominent media outlets serving the State or jurisdiction.” As with the issuing of the individual notices, covered entities have up to 60 days following the discovery of a breach in order to do this. According to the media notice, a number of data were contained in the charts, which included names of patients, dates of birth, addresses, phone...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist