25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Training for Health Services Managers
Nov14

HIPAA Training for Health Services Managers

HIPAA training for health services managers supports HIPAA compliance by preparing managers to protect protected health information (PHI) while overseeing operations, supervising workforce behavior, and making decisions that affect how patient information is used, shared, and secured across the organization. Health services managers influence policy adherence, documentation practices, vendor interactions, and incident response readiness, so training should reinforce privacy and security expectations that apply to daily management responsibilities. Why Health Services Managers need High-Quality HIPAA Training Health services managers often coordinate care delivery operations, staffing, workflow changes, quality initiatives, and performance reporting. These activities can involve PHI in meeting materials, dashboards, patient flow reports, case reviews, and communications with internal and external stakeholders. Training helps managers understand how HIPAA requirements apply to operational decisions, including how to limit disclosures, manage access, and reinforce compliant behavior...

Read More
MedQ Agrees to Settlement to Resolve Ransomware Attack Lawsuit
Nov13

MedQ Agrees to Settlement to Resolve Ransomware Attack Lawsuit

MedQ Inc., an administrative service provider serving the healthcare industry, has agreed to settle class action litigation over a December 2023 ransomware attack that affected 54,725 individuals. A ransomware group accessed its network and deployed ransomware on or around December 26, 2023. The investigation confirmed unauthorized access to its network from December 20, 2023, and the exfiltration of data from its network. The stolen data included names, dates of birth, health information, health insurance information, Social Security numbers, and driver’s license numbers. Complimentary credit monitoring services were offered, but that was not sufficient to prevent several class action lawsuits. Five lawsuits were filed in response to the data breach by plaintiffs Sharon Klepper, Shelby D. Franklin, Cheri Ramey, Jana Harrison, and Debra Everett, individually and on behalf of similarly situated individuals. The lawsuits had overlapping claims and were consolidated into a single action – Klepper, et al. v. MedQ, Inc. – in the District Court of Oklahoma County, Oklahoma, on May...

Read More
NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack
Nov12

NHS Pathology Provider Synnovis Notifies Organizations Affected by June 2024 Ransomware Attack

The UK pathology lab Synnovis suffered a ransomware attack last year. It has taken 17 months to complete the highly complex data review and notify the affected healthcare provider clients. Synnovis provides blood, urine, and specimen testing for many healthcare organizations in the United Kingdom and has a pathology partnership with Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust in London, and SYNLANB, a provider of laboratory, diagnostic, and advisory services. The ransomware attack occurred on June 3, 2024, when the Qilin ransomware group encrypted files on its network. Prior to encrypting files from its network, data was exfiltrated from its network. The ransomware attack caused massive disruption to business operations at Synnovis, interrupting many of its pathology services. Synnovis said that almost all of its IT systems were affected. NHS trusts that relied on Synnovis for blood testing and other services were forced to cancel appointments, and the lack of blood testing led to a shortage of O-negative blood. The shortage continued for...

Read More
First Choice Dental Agrees to Pay up to $1,225,000 to Settle Data Breach Lawsuit
Nov12

First Choice Dental Agrees to Pay up to $1,225,000 to Settle Data Breach Lawsuit

First Choice Dental, a network of 12 dental clinics in Dane and Madison counties in Wisconsin, experienced a ransomware attack on October 22, 2023. A settlement has recently been agreed to resolve litigation stemming from the data breach. As reported by The HIPAA Journal in January 2024, First Choice Dental issued an interim notification about the incident, alerting patients to the exposure of some of their protected health information. At the time of issuing, the investigation into the cyberattack was ongoing. The HHS’ Office for Civil Rights was provided with an interim total of 1,000 affected individuals. First Choice Dental explained that unauthorized network activity was first identified on October 22, 2023, but it had yet to be determined how many individuals had been affected or the types of data involved. On July 12, 2024, 9 months after the attack, individual notification letters started to be mailed. Patients were told that the compromised information included names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers/government ID numbers,...

Read More
HIPAA Training for First Responders
Nov12

HIPAA Training for First Responders

HIPAA training for first responders is mandatory when first responders work for a HIPAA covered entity or an organization that qualifies as a business associate to a HIPAA covered entity. In such cases, first responders need standard HIPAA training and also additional HIPAA training for emergency situations because they routinely encounter Protected Health Information during urgent care and transport, and they need clear, role specific rules for what can be shared, how it can be shared, and how to protect patient privacy and security under pressure. Why HIPAA Applies in First Response Settings First responders often learn patient names, addresses, medical conditions, medications, insurance details, and treatment notes in the course of emergency calls. Even when the priority is rapid care, the information that appears on radio traffic, ePCR systems, dispatch notes, photos, and handoff reports can qualify as Protected Health Information. HIPAA compliance is not only about avoiding improper disclosures. It is also about ensuring that patient information remains accurate, available...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist