25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Healthcare Email Phishing Scam Claims 946 Victims

Even robust data security controls can be easily undone, as discovered by Middlesex Hospital in Connecticut. An email phishing scam was sent to hospital employees and four members of staff responded. This potentially resulted in the perpetrator of the phishing scam being granted access to patient PHI via those email accounts. The security breach was discovered on October 9, 2015. An investigation into the incident revealed that 946 patients had been affected. No financial data or Social Security numbers were accessed as a result of the security breach, although it is possible that patient names, dates of birth, home addresses, medical record numbers, dates of service, prescription information, and medical diagnoses were accessed. According to a statement released by Middlesex Hospital, the data breach did not result in full access to patient medical records being obtained. All patients affected by the data breach have now been sent a breach notification letter advising them of the potential disclosure of their Protected Health Information, and all will be offered free credit...

Read More

UCHealth Employee Violates HIPAA Privacy Rule

The importance of conducting regular internal audits has been highlighted by University of Colorado Health (UCHealth). UCHealth regularly conducts audits of access logs to determine whether the Protected Health Information of patients is inappropriately accessed by members of staff. In its latest audit, UCHealth discovered this to be the case. An employee was discovered to have snooped on patient health records. Access logs showed the medical records of 827 patients had been inappropriately accessed since UCHealth conducted its last data access audit. The employee did not access Social Security numbers, financial or billing information, as those data were not viewable with the level of privileges the employee had been given. The privacy breach did result in patient names, phone numbers, addresses, dates of birth, health insurance information, and care/treatment plans being accessed. An investigation into the HIPAA privacy breach was conducted and the employee was questioned. It would appear that access to patient files had been gained purely out of curiosity, and not with any...

Read More

MaineGeneral Health Hacked

MaineGeneral Health has announced it has suffered a cyberattack that potentially affects patients of all of its subsidiaries, including MaineGeneral Community Care, MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care & MaineGeneral Retirement Community. Patients who received radiology services from MaineGeneral Health after being referred by a specific physician have been affected. The name of that physician has not been disclosed, although a breach report submitted to OCR indicates 500 patients have been affected. MaineGeneral Health Cyberattack Affects Patients, Employees, and Emergency Contacts The data exposed in the security breach include dates of birth and emergency contact names, addresses, and telephone numbers. Certain employees have also been affected and have had their names, addresses, and telephone numbers exposed. According to a statement released by MaineHealth, some prospective donors have also been affected. At the present moment in time, the investigation into the security breach indicates that no further data have been exposed,...

Read More
NY Attorney General HIPAA Fine for URMC
Dec08

NY Attorney General HIPAA Fine for URMC

An attorney general HIPAA fine of $15,000 has been issued to University of Rochester Medical Center for a breach of patient privacy that occurred in March, 2015. An OCR and Attorney General HIPAA Fine May Be Issued for a Breach of HIPAA Rules It is not only the Office for Civil Rights that is permitted to issue financial penalties for violations of HIPAA Rules. State attorneys general can also enforce HIPAA Privacy, Security, and Breach Notification Rules. State attorneys general were given the power to assist OCR with the enforcement of Health Insurance Portability and Accountability Act Rules following the introduction of the HITECH Act in 2009, although few state AGs have chosen to do so. Action is sometimes taken against healthcare organizations that have exposed the data of patients, but the decision is taken to prosecute under state consumer protection laws rather than HIPAA. The first attorney general HIPAA fine was issued by the Connecticut AG’s office on July, 6, 2010. HealthNet Inc. was fined $250,000 for the loss of a hard drive containing the PHI of 1.5 million...

Read More

Another HIPAA Breach Courtesy of a Printing Error

Over the course of the last three months, HIPAA covered entities have reported 54 data breaches to the Office for Civil Rights. The majority of those data breaches can be attributed to human error. 15% of the breaches have resulted from errors made when printing and mailing letters to patients and health plan members. While these privacy breaches do not affect anywhere near as many patients/plan members as hacking incidents (which have resulted in 10,134,208 records being stolen since September 9, 2015), they still require a breach response and result in considerable costs to the covered entity. The breach victims can be adversely affected, and the incidents tarnish the organizations’ reputations. They are also some of the easiest data breaches to prevent. On Friday last week, another covered entity, BlueCross Blue Shield of Nebraska, reported a printing error had been made during a patient mailing, and each month in its report to congress, the Department of Veteran Affairs lists numerous examples of errors made when sending letters/prescription information to veterans. Efforts...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist