25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

FTC Data Breach Case Against LabMD Dismissed
Nov22

FTC Data Breach Case Against LabMD Dismissed

The Federal Trade Commission’s case against healthcare service provider LabMD has been dismissed by a Chief Administrative Judge due to a lack of evidence that patients were exposed to a significant risk of suffering a substantial injury as a result of their personal information being exposed. This is the first time a decision has gone against the FTC after a data breach case has been challenged. The initial decision on November, 13, went against the FTC, although the FTC can lodge an appeal in the next 30 days. At the present time, the FTC is currently considering the matter and deciding whether to appeal and send the case against LabMD to federal court to be decided. Judge Michael Chappell ruled that the FTC “failed to prove its case” that affected individuals were placed at a considerable risk of suffering harm or losses as a result of the incidents. Consequently, they were unlikely to constitute unfair trade practices. The case was originally filed against LabMD in August 2013. The security breaches cited in the case occurred in 2008 and 2012. In 2008, a document containing...

Read More

VA Privacy and Security Incidents Decreased in October

The Department of Veteran Affairs’ October Information Security Report to congress makes for easier reading than last month’s report, when the personal information of 1,135 veterans were exposed in security incidents. VA privacy and security incidents decreased in October, with 648 veterans affected. Aside from August when just 431 records were exposed, this was the best month for the VA since March 2015. 453 veterans were reported to have had their Protected Health Information exposed as a result of VA privacy and security incidents last month. 285 incidents were serious enough to warrant credit protection services being offered to reduce the risk of harm or loss, and 363 beach notification letters were mailed to veterans. VA Privacy and Security Incidents Reported in October   Security Incident October 2015 September 2015 Difference Percentage Inc/Dec Lost/Stolen Devices 49 64 -15 -23.43% Lost PIV Cards 158 134 +24 +17.91% Mishandled Incidents 81 115 -34 -29.57% Mis-Mailed Incidents 123 137 +14 -10.22% Pharmacy Mis-Mailings 8 5 +3 +60%   The month saw a considerable...

Read More

Boxes of PHI Left Unprotected at Former Children’s Psychiatric Facility

In Farmingdale, NJ, a former children’s psychiatric facility that was closed after an investigation into the mistreatment of patients, appears to now be mistreating patients’ records as well, in breach of HIPAA regulations. The Arthur Brisbane Child Treatment Center has been closed for 10 years, yet medical records were still being stored in the facility. The center was closed, shuttered, and locked, and the records were protected from prying eyes; however, during the past month the door to the facility was found open on numerous occasions. The property could have been entered by any number of individuals during this time, who would have been able to gain access to medical files containing highly sensitive information on particularly vulnerable individuals. Any individual to discover the boxes of files would be able to easily locate information, as the boxes had been conveniently labeled. Some were marked “medical” and “payroll”, the former containing detailed medical information on employees/patients and the latter containing banking information of former employees of the...

Read More

Even HHS Involvement Did Not Stop Months of Fax Privacy Breaches

A simple mistake can lead to the exposure of hundreds of private and confidential medical records, as discovered by Brooklyn marketing firm, APS Marketing Group. The company started receiving faxes containing the medical information of patients of an unnamed medical clinic in April 2015. Despite efforts to contact the sender, the intended recipient, and the Department of Health and Human Services, the faxes kept on arriving. APS ended up receiving faxed medical documents for months on end and hundreds of patients had their medical records exposed. The information contained in the documents included patient names, contact information, the medical test that had been requested, and in some cases, Social Security numbers. The error was caused as a result of a member of staff entering a fax number incorrectly. That simple mistake resulted in documents being sent to the wrong company, exposing the data of hundreds of patients. However, it is not the error that is worrying in this case, but how long it took for the HIPAA breaches to stop, even after the HHS got involved. The faxes were...

Read More

Major Data Exfiltration Discovered at Muhlenberg Community Hospital

Patient, employee, and contractor data have potentially been obtained by unknown third parties as a result of a multi-computer malware infection at Owensboro Health Muhlenberg Community Hospital, KY. According to the breach notice submitted to the Office for Civil Rights, 84,681 individual have been affected by the cyberattack. The security breach was discovered by the FBI after unusual third party network activity was noticed on the hospital’s servers. An alert was issued on September 16, 2015, and the hospital immediately brought in external computer forensics experts to determine the cause of the activity. That investigation revealed a number of computers had been infected with a type of malware that logs all keystrokes on the affected computers. This type of malware then communicates those keystrokes to the hacker’s command and control server. All data entered on the infected computers have therefore potentially be transmitted to the hacker(s) responsible for the attack.  The suspicious network activity was only recently discovered, but the investigation revealed that the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist