25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

California Patient Privacy Law Enforcement is Inconsistent

Last week, California’s enforcement of data privacy rules was criticized after the Department of Public Health was found to be inconsistently enforcing state laws. Numerous healthcare organizations have committed serious privacy violations, yet have escaped fines. Two privacy bills were passed in California in 2008 in an effort to better protect the privacy of state residents. One of the aims was to make healthcare organizations more accountable when privacy violations occurred. The laws were introduced following a number of high profile privacy breaches involving hospital employees snooping on the medical records of celebrities (Britney Spears, Farrah Fawcett and Maria Shriver). Since the bills were passed, healthcare organizations in the state can receive heavy fines for privacy violations, although relatively few fines are issued. California Patient Privacy Laws Being Violated with Few Consequences The state of California has some of the strictest laws on data privacy in the country. While action is taken against healthcare organizations by the Department of Public Health when...

Read More
No Action Over Patient Privacy Violation Due to HIPAA Loophole
Jan03

No Action Over Patient Privacy Violation Due to HIPAA Loophole

Recently, a New Jersey lawyer discovered that confidential information classed as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) is not necessarily kept private by providers of healthcare services. Under certain circumstances, the holder of those data may disclose the information publicly without penalty, as recently happened in his case. The lawyer had received treatment for mental health issues at Short Hills Associates in Clinical Psychology between 2012 and 2014. Some of the meetings had not been paid for, and Short Hills Associates filed a lawsuit for non-payment of $4,400 last year. Short Hills Associates is within its rights to take legal action against individuals who do not pay for chargeable medical services; however, in the lawsuit the organization listed the lawyer’s diagnosis and services he had received. That information was detailed in publicly filed court documents. The HIPAA Privacy Rule does permit the disclosure of PHI under certain circumstances, but this should be limited to the minimum necessary...

Read More

Online Medical Record Access Not Possible for the Majority of Patients

A recent survey commissioned by personal clinical engagement platform vendor, HealthMine, indicates patients are still finding it difficult to gain online access to their healthcare data, even though the majority of healthcare providers store healthcare data in digital form. 2013 data suggest that 78% of healthcare providers use EHRs and could therefore conceivably provide online access to patient medical data. The recent survey was conducted on 502 consumers who intended to enroll in a 2016 health plan. The survey took place between October and November 2015. The results of that survey show that over half of consumers (53%) do not yet have online access to their medical records, and almost a third (32%) of Americans have difficulty accessing their medical records. 31% of respondents indicated they have trouble accessing biometric information, and 29% said they struggled to gain access to lab records and insurance information. A quarter of respondents had trouble accessing their prescription history. 74% of Americans believe that having access to all of their clinical notes and...

Read More

Child Welfare Agency Employee Emails 970 Records to Personal Email Address

Hillsides, a child welfare agency based in Pasadena, CA, has discovered that a former employee emailed highly confidential patient and employee data to a personal email address over the course of a year, in breach of Health Insurance Portability and Accountability Act Rules. The HIPAA breach was discovered on December 8, 2015, and an investigation into the incident was immediately launched. That investigation revealed confidential data had been sent to the employee’s email account on five separate occasions. The first incidence occurred on October 10, 2014. No information has been released to indicate why the information was emailed. When data is taken or emailed to personal email accounts, the individuals responsible usually do so with a view to using the information when they change employer, to sell data to identity thieves, or to personally use the information to commit fraud or identity theft. The latter would be possible in this case as the information contained in the files attached to the emails included patient names, addresses, dates of birth, genders, Social Security...

Read More

Potential VA PHI Breach Impacts 1,000 Oregon Veterans

This week, the Oregon Department of Veterans’ Affairs announced it suffered a major privacy breach that could impact 967 Oregon veterans. Copies of DD 214 forms are believed to be in the possession of an unauthorized individual. The DD 214 form is a Certificate of Release or Discharge from Active Duty and contains veterans’ full names, addresses, dates of birth, and Social Security numbers. Data which could potentially be used to steal the identities of veterans and commit fraud. It is not clear at this stage how the individual came to be in possession of the documents, or the reason why that information was taken. According to a statement released by an ODVA spokesperson, there is no reason to suggest that any of the data have been used inappropriately. However, “ODVA is treating this compromise with critical importance.” In order to protect affected veterans from identity theft and fraud, affected veterans have been offered a year of credit monitoring services without charge and notifications of the breach have now been mailed. In order to prevent similar privacy incidents...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist