25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

IU Health Arnett Security Breach Impacts 29K Patients
Jan07

IU Health Arnett Security Breach Impacts 29K Patients

Indiana University Health’s Arnett Hospital has alerted 29,324 patients about the potential exposure of their Protected Health Information after an unencrypted flash drive disappeared from its emergency department. The flash drive was discovered to be missing on November 20, 2015, and an investigation was immediately launched. Efforts are continuing to try to locate the missing flash drive, which was lost in an area of the hospital not accessible to the public. Consequently, hospital officials do not believe patient data have been acquired or viewed by an external third party. IU Health Arnett Hospital started sending breach notification letters to affected patients last week to inform them that some of their PHI has potentially been compromised. However, no reports of inappropriate use of the data have so far been received by the hospital. The flash drive was not used to store Social Security numbers, financial information, or credit card numbers, although spreadsheets saved on the device included patient names, medical record numbers, dates of birth, and medical diagnoses. Norma...

Read More
OCR Website Receives Long Awaited Upgrade
Jan07

OCR Website Receives Long Awaited Upgrade

The Department of Health and Human Services’ Office for Civil Rights website has been redesigned and upgraded and features a responsive design and a more user-friendly interface. The redesign was part of the Reimagined HHS.gov initiative. The aim was to create a website that is faster, easier to use, and makes content sharing and syndication much more straightforward. The HHS site-wide overhaul has taken well over a year so far, with the OCR the first HHS department to receive its site upgrade. The upgrade and redesign was conducted in phases, with phase 1 of the project completed in May 2015. OCRs overhaul was finished on schedule and was made live this week in time for the January 6 launch. The new crisp, clean, and simplistic design presents information clearly, while a fast and powerful search function has been incorporated to ensure visitors can quickly and easily gain access to the information they need. Typing in a search term will offer numerous suggestions based on the most common searches of the site, ensuring the most relevant information can be quickly retrieved. In...

Read More

Exposure of PHI Grounds to Sue for Damages, Rules Mass. Judge

A data breach that exposes sensitive Protected Health Information may not necessarily result in patients coming to harm, or suffering an injury or loss. However, breach victims do face an elevated risk of suffering harm and losses. Many will even incur costs as a result of actions taken to reduce the risk of losses being suffered. It is not uncommon for data breach victims to attempt to recover damages from healthcare providers who have exposed their sensitive health data, but it is rare for those lawsuits to succeed or even be heard. In order to successfully sue a healthcare provider or health insurer for a data breach, the plaintiff must be able to produce evidence that losses have been suffered, or at the very least, that data have actually been viewed by unauthorized individuals. However, a Mass. Superior Court judge has recently ruled that a plaintiff does actually have grounds to sue for damages, even if evidence of harm or loss cannot be produced. The exposure of PHI alone can be grounds to claim damages. The ruling came on the case of Walker et al v. Boston Medical Center...

Read More

Breach of Washington Township Health Care District Data

Almost three months after suffering a breach of personal information, Washington Township Health Care District has submitted a breach notice to the California Attorney General’s Office detailing a breach of personal information of California residents. The data breach was discovered on October 8, 2015, and involved the potential accessing of a Washington Community Health Resource Library computer by an unauthorized individual. A library identification card database was potentially compromised in the incident. The database contained names, addresses, and driver’s license numbers. No other data were accessed or compromised in the security breach. An investigation was launched upon discovery of the security breach and an external computer forensics firm was contracted in this regard. While no evidence was uncovered to suggest the database file was accessed, it remains a possibility. In response to the breach, information security policies are being reviewed and will be updated, as necessary, to strengthen security. It is not clear at this point in time how many individuals were...

Read More

HIPAA Privacy Rule Updated to Permit NICS Reports

The Department of Health and Human Services has issued a final rule permitting certain covered entities to disclose specific elements of Protected Health Information (PHI) to the National Instant Criminal Background Check System (NICS), changing the HIPAA Privacy Rule. At the time of writing, the HIPAA Privacy Rule prevents healthcare providers from disclosing PHI, except in a very limited number of circumstances, without first having obtained permission from a patient. The rule change, which will become effective 30 days after publication in the federal register, will allow certain information about individuals to be divulged and entered into NICS by some HIPAA-covered entities. NICS is maintained by the FBI and is used by Federal Firearms Licensees (FFLs) to determine whether an individual is permitted to purchase a firearm. When an FFL starts a NICS background check on an individual, the system will search three separate databases: The Interstate Identification Index (III), The National Crime Information Center (NCIC), and the NICS Index. NCIC and III contain information on...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist