25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

North Carolina DHHS Reveals 524-Patient Record Data Breach
Nov15

North Carolina DHHS Reveals 524-Patient Record Data Breach

In August 2015, a member of staff employed by North Carolina Department of Health and Human Services was discovered to have sent unencrypted emails containing patient data outside of the company’s email network. The errors resulted in 1,615 patients having their personal information placed at risk of being intercepted or viewed by unauthorized individuals. On Friday, the DHHS discovered that the errors had been made again, this time resulting in the data of 524 patients being sent via unencrypted email. The emails were reportedly sent on September 14, just under a month after the first data breach occurred. This time the emails have more potential to result in patients coming to harm as Social Security numbers, insurance information, and dates of birth were included in the emails. Other data exposed in the latest breach include names, addresses, ethnicity, gender, race, Medicaid recipient numbers and provider names. When a data breach is suffered, HIPAA-covered entities are required to investigate the cause of the breach, issue notification letters to the Office for Civil Rights,...

Read More
University of Cincinnati Email Errors Result in 1,064-Patient Data Breach
Nov15

University of Cincinnati Email Errors Result in 1,064-Patient Data Breach

Email errors have been potentially exposing the Protected Health Information (PHI) of University of Cincinnati Medical Center patients, according to a recent breach report issued by the healthcare provider. The error was discovered to have been made on nine separate occasions over a period of more than a year. As a result of these errors, patient data have been inadvertently sent outside of the UC Health email network. The mistakes were simple errors that can all too easily occur, and go unnoticed if controls are not put in place to prevent the transmission of PHI outside of an organization’s network. When the emails were sent, two letters were accidentally reversed when entering the domain name. The recipient name was entered correctly, but the error entering the domain name resulted in the emails being directed to another organization. When emails are sent to an organization and cannot be delivered, a message is usually automatically sent to the sender advising them of the delivery failure. Some organizations employ a “catch-all”, which would result in an incorrectly addressed...

Read More

Senators Demand Answers from CMS and OCR About Medical Identity Theft and Fraud

Four senators have put their names to a letter sent to Jocelyn Samuels, Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), and Centers for Medicare and Medicaid Services (CMS) Acting Administrator Andy Slavitt, requesting answers about the growing issue of medical identity theft. Sen. Lamar Alexander, R-Tenn., Sen. Patty Murray, D-Wash.; Sen. Orrin Hatch, R-Utah, and Sen. Ron Wyden, D-Ore have signed the letter, which demands answers to nine questions relating to the role the HHS, OCR and CMS play in monitoring and addressing medical fraud and identity theft stemming from healthcare data breaches. Healthcare data breaches have exposed the Protected Health Information of over 105,000,000 individuals so far this year, and there are still over six weeks of 2015 to go. That figure is certain to rise. The problem is a growing concern. The total number of breach victims created over the past 6 years stands at 154 million, which equates to close to half the population of the United States. The senators point out that the situation is only likely to get...

Read More

Healthcare Provider Not Liable for Social Media HIPAA Violation

On Monday this week, a case against University of Cincinnati Medical Center (UCMC) was heard by Judge Jody Luebbers in the Hamilton County Common Pleas Court regarding the posting of Protected Health Information of a patient on social media. The incident that triggered the lawsuit concerned the posting of a patient’s medical records by a woman employed in the financial services department at UCMC. The employee had accessed the medical records of the patient, taken a screenshot of her medical records and uploaded the image to her Facebook account. The image was then shared with members of a Facebook group. The same image was also emailed to the same individuals. The group in question had been named “Team No Hoes.” The patient in question had contracted syphilis and was pregnant at the time. The naming and shaming of the patient on social media was investigated by the hospital as soon as the privacy violation was discovered, and the employee lost her job as a result. Cases involving vicarious liability are often filed by co-workers who have suffered sexual harassment in the...

Read More

16K Children’s Medical Records Potentially Stolen in East Texas

An investigation conducted by Children’s Medical Clinics of East Texas has revealed a former employee took copies of children’s medical records and disclosed them to a third party. According to the breach report posted on the healthcare provider’s website, the privacy breach was caused by an individual with “a retaliatory agenda against the clinic.” A Children’s Medical Clinics of East Texas employee was discovered to have removed business documents and taken them home, and failed to return them when requested to do so. It is not clear from the breach report when the incident occurred, but the decision was taken to report the matter to the police on August 10, 2015. Following this incident an internal investigation was conducted which revealed the employee had also accessed patient medical records without authorization, and had taken a copy of the data and gave it to another “disgruntled ex-employee,” although the identity of that individual was not disclosed to the healthcare provider. The data that were copied, by taking a screenshot, included patient names, diagnosis...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist