25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Phishing Attack Suffered by Brigham and Women’s Hospital
Jan20

Phishing Attack Suffered by Brigham and Women’s Hospital

Boston’s Brigham and Women’s Hospital has alerted patients to a security breach after a phishing attack compromised the email account of a hospital employee. 1,009 patients have been affected by the cyberattack. Phishing Attack Suffered by Brigham and Women’s and Brigham and Women’s Faulkner Hospitals   Late last year, a Brigham and Women’s Hospital employee fell victim to a phishing attack that resulted in the login credentials of an email account being divulged to the attacker. The email account contained a limited amount of PHI of a small percentage of patients of both the Brigham and Women’s and Brigham and Women’s Faulkner Hospitals in Boston. According to a breach notice posted on the Brigham and Women’s Hospital website, only one email account was compromised and the electronic health record system was unaffected. Financial account information, Social Security numbers and health insurance numbers were not compromised in the attack, although affected patients have potentially had the following information disclosed: Name, medical record number, date of birth, date of service,...

Read More
EHR Incentive Program to Come to an End in 2016
Jan19

EHR Incentive Program to Come to an End in 2016

Andy Slavitt, acting administrator for the Centers for Medicare & Medicaid Services, has announced the HITECH Act’s Meaningful Use incentive program is soon to be retired. 2016 will see the program finally come to an end now that the vast majority of healthcare providers have made the transition to electronic health records, although an end date for the incentive program has not yet been announced. The program has by and large been successful in encouraging healthcare providers to make the transition to EHRs, but it is now time to move to a new regime according to Slavitt. He recently announced at the J.P. Morgan Annual Health Care Conference that “The Meaningful Use program as it has existed, will now be effectively over and replaced with something better.” That ‘something better’ will be a new regime that rewards healthcare providers for the value they offer and the outcomes they manage to achieve with patients, marking a substantial shift of emphasis from Meaningful Use that provided incentives based on the use of technology. Slavitt pointed out the Meaningful Use has...

Read More

Department of Veteran Affairs 2015 Privacy Violations

The U.S. Department of Veteran Affairs (VA) is the largest integrated health system in the United States, operating 1,700 hospitals, clinics, domiciliaries, counselling centers, and community living centers. Those facilities include 1,203 outpatient sites, 300 Vet Centers, and 144 hospitals, with the VA serving approximately 5.8 million patients each year. Each month, the VA submits a report to congress containing a summary of privacy and security violations that have been suffered by VA hospitals and clinics. The VA has come under increasing criticism in recent months for the number of privacy violations and security incidents it suffers. In 2015, an average of 833 veterans had their privacy violated each month. The privacy and security incidents were often serious enough to warrant the provision of credit monitoring services to address risk. On average, 452 veterans are offered these services each month to protect their identities and credit after errors have been made by VA staff. 2015 has been a bad year for privacy violations, with almost 10,000 veterans affected by security...

Read More

Medical Device Manufacturers Receive New FDA Cybersecurity Recommendations

On January 15, 2015, the Food and Drug Administration (FDA) released draft guidance on the Postmarket Management of Cybersecurity in Medical Devices. The guidance has been released for public comment and will be open for a comment period of 90 days. The aim of the guidance is to help manufacturers of medical devices develop and implement controls to ensure their devices are secure to better protect patients. The guidance contains a number of steps manufacturers should follow to address cybersecurity vulnerabilities after devices have come to market to ensure the continuing safety of patients. These include the monitoring of devices, and conduction of risk assessments to identify security vulnerabilities after devices have come to market. Manufacturers of medical devices must ensure cybersecurity protections are built into devices and are a central part of the design. It is not possible to eliminate all cybersecurity risks at the design phase. Cybersecurity risks may arise at any point in the lifecycle of the products. It is therefore essential that medical devices are constantly...

Read More

Calculating the Cost of Spear Phishing

Spear phishing attacks are on the increase and healthcare providers have had to increase spending considerably to deal with the threat and mitigate risk. A recent survey conducted by Cloudmark/Vanson Bourne has helped to quantify the current level of spending on anti-phishing precautions and has produced an estimate of the cost of spear phishing. Spear Phishing: A growing problem for healthcare providers The sending of mass spam emails has long been a tactic used by cybercriminals to get individuals to reveal their login credentials, often indirectly after being fooled into installing malware on their computers. The vast majority of these email campaigns have been poorly written and ill conceived. That said, they have still proved to be effective way of delivering malware, although spam filtering technology has improved considerably in recent years and many of these emails are now being blocked. Cybercriminals have realized that more targeted phishing emails have a much better chance of not only getting past spam filters, but are also more likely to elicit the desired response....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist