25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Cyberattack Simulation Exercise Tests Incident Response Readiness

It is no longer a case of whether a data breach will be suffered, it is now just a matter of time as to when it will occur. It is therefore essential that covered entities have a data breach response plan that can be put into action as soon as a cybersecurity incident is discovered. If cyberattack simulation exercises are conducted prior to a breach being suffered, the ability of an organization to respond appropriately, and conduct an efficient breach response, will be greatly improved. Breach Response Plan Testing Must Include Rigorous Cyberattack Simulation Exercises It is essential that HIPAA-covered entities are able to respond quickly after discovering a cybersecurity incident has been suffered. The first few hours after an attack are critical. Key decisions must be made, personnel mobilized and third parties involved. Under HIPAA Rules, HIPAA-covered entities must conduct a breach investigation, which can be complex and longwinded. A full risk assessment must also be conducted, notices must be issued to victims, breach reports issued to the OCR, the media must be alerted,...

Read More
Guidance on Patient Rights Under HIPAA Due this Month
Dec04

Guidance on Patient Rights Under HIPAA Due this Month

This December, OCR expects to issue a new document clarifying patient rights under HIPAA to access their own healthcare data, as part of the White House Precision Medicine Initiative. Clarification Due on Patient Rights Under HIPAA to Access their Own PHI The Health Insurance Portability and Accountability Act’s Privacy Rule introduced a number of new rules aimed at protecting the privacy of healthcare patients and health insurance subscribers. The Privacy Rule dictates when HIPAA-covered entities are permitted to disclose Protected Health Information (PHI) to third parties, and also makes provision for patients to access their own medical data. While most covered entities have now got to grips with the intricacies of the HIPAA Privacy Rule, not all appear to be certain about when medical records can be supplied to patients, and the extent of data that must be disclosed upon request. Consumers are similarly unsure about their data access rights under HIPAA. Office for Civil Rights (OCR) intends to clarify the situation, and will be issuing new guidance on patient rights under...

Read More

Californian Health Plan Administrator Announces 35K-Record Data Breach

Californian health plan administrator, Keenan & Associates, has announced a breach of Protected Health Information that has impacted 35,000 health plan subscribers. An error was made by a vendor with the configuration of a web portal. The server security settings had been misconfigured resulting in a number of confidential documents being inadvertently indexed by search engines. A search of the Internet would have resulted in the documents being displayed in the search results. Clicking on the links would have opened up the documents and a number of data fields would have been viewable. The data contained in the documents was mostly limited to personal information. Subscriber names, addresses, dates of birth, contact telephone numbers, health plan identifiers, and medical plan names were stored in the documents. Some Social Security numbers were also exposed, although Keenan & Assoc., reports that no financial information was detailed in the documents, neither any clinical or medical information. An investigation into the data breach has not uncovered any evidence to...

Read More

Santa Barbara Public Health Dept. Announces HIPAA Privacy Rule Violation

It’s been a bad week for healthcare patients in Santa Barbara. First came the news that 11,000 patients of Cottage Health System had their Social Security numbers, medical data, and personal information exposed in a data breach. Now follows news that the Santa Barbara Public Health Department has suffered a privacy breach involving 260 individuals. The breach occurred when an employee accessed the Protected Health Information of 260 individuals as part of a research project, but had not obtained prior authorization to access the data. Consequently, the employee violated the HIPAA Privacy Rule. The research project had not been authorized by the Public Health Dept., and the accessing of patient data was therefore illegal. Credit monitoring services have been offered to a limited number of those patients as a precaution against identity theft and fraud. The member of staff in question has been disciplined, and access to PHI has now been denied. The Public Health Department does not believe that any of the data that were accessed were shared with any individuals from outside the...

Read More

Cottage Health System Security Audit Reveals 11K-Record Data Breach

Cottage Health System notified 11,000 of its patients on Tuesday to advise them that some of their Protected Health Information (PHI) was exposed as a result of a server incident that occurred in late October, 2015. For 14 days, patients had their Social Security numbers, details of medical diagnoses and procedures, and their names and addresses exposed as a result of protections being removed from a server. A statement released by Cottage Health indicates no financial information or Driver’s license numbers were exposed in the incident The security breach was discovered on 8th November and resulted in the affected server being taken offline and secured. Upon investigation, Cottage Health determined that patient data first became accessible on October 26, 2015. An external computer forensics firm has been contracted to conduct a full audit into the security breach to determine whether any of the data were accessed during the period they were accessible. At this present moment in time, no information has been released to indicate whether the security breach was caused by an external...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist