25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Conn. OIG Reaches $90K Settlement with Hartford Hospital and BA Over 2012 Laptop Theft

Hartford Hospital and one of its Business Associates, EMC Corporation (EMC), have agreed to a settlement with the Connecticut Office of the Inspector General over the 2012 theft of a laptop computer containing the unencrypted data of 8,883 Connecticut residents. Hartford Hospital and EMC have agreed to a settlement of $90,000 to resolve the incident.  The agreement was reached voluntarily, and no admission of liability has been accepted by either party. EMC was contracted by Hartford Hospital to assist with the completion of a quality improvement project in late December 2011. The aim of the project was to ultimately reduce avoidable hospital admissions for patients suffering from congestive heart failure. The project required EMC to conduct an analysis of patient data, and EMC was provided with the Protected Health Information of patients for this purpose. However, on June 25, 2012, an unencrypted laptop computer containing patient data was stolen from the home of an EMC employee. The data does not appear to have been used inappropriately according to Hartford Hospital. After...

Read More

Experian Third Annual Data Breach Preparedness Study Released

A huge number of data breaches have been suffered over the past few years. The severity of data breaches has similarly increased. This has forced organizations to beef up security protections and develop policies and procedures to prepare for data breaches when they occur. Progress has been made, but there is still some ground to cover, according to the latest data breach preparedness study from Experian. Third Annual Data Breach Preparedness Study Released   The Experian-sponsored Third Annual Study on Data Breach Preparedness was published last month. The study explored the efforts that have been made by companies to deal with the increased risk of cyberattacks and breaches by malicious insiders.  The results show many companies have yet to respond to current threat levels. 19% of respondents said their employers do not have a data breach response plan in place. Half of the 604 companies surveyed revealed they had suffered a data breach involving the exposure of more than 1,000 records in the past 12 months, while 63% reported having suffered two or more breaches in the past...

Read More
OIG Releases 2016 Work Plan: Expect Greater Oversight of OCR, Medical Devices and Emergency Planning
Nov06

OIG Releases 2016 Work Plan: Expect Greater Oversight of OCR, Medical Devices and Emergency Planning

Over the course of the next year, OIG is expecting to increase oversight of the Department of Health and Human Services’ Office for Civil Rights. OIG will also be looking closely at a specific area of HIPAA compliance: How hospitals are complying with the HIPAA Security Rule requirement for contingency planning for emergencies. HIPAA Requirements for Coping in Emergencies The administrative safeguards of the HIPAA Security Rule (45 CFR, Part 164 § 308(7)(i)) require all covered entities to be able to continue to function during emergency situations. Access to Protected Health Information (PHI) must be maintained at all times. Should access be lost, it must be restored as a priority.  In order for covered entities to be able to do this, proactive steps must be taken. It is essential that policies and procedures are developed that can be implemented in case of disaster. Rapid action is required, and every individual must be aware of his or her responsibilities in case of emergency. This applies to emergency situations such as natural disasters, as well as at times when EHR systems or...

Read More

Huntington Medical Research Institutes Discovers Two HIPAA Breaches

Nonprofit biomedical research company Huntington Medical Research Institutes (HMRI) has announced two HIPAA breaches in the space of a month: One involving the improper disposal of records, the other an alleged theft of patient data by a former employee. Insecure Disposal of Laboratory Slides and Medical Files Discovered   On August 6, 2015, HMRI discovered paper records and glass laboratory microscope slides had been disposed of in a way that did not comply with HIPAA regulations. The incident is believed to have occurred at some point in the two weeks prior to HMRI becoming aware of the HIPAA breach. The incident resulted in sensitive material potentially being exposed including some diagnosis and treatment data, the source of the tissue being tested, specimen information, and details of the tests that had been ordered. The name of the referring physician, patient names, dates of birth, and potentially other demographic information was also contained in physical files. No Social Security numbers, credit card details or insurance information was exposed, although some...

Read More

Healthcare Fraud and HIPAA Violations: Warner Chilcott to Pay $125 Million

A unit of pharmaceutical company Warner Chilcott has agreed to plead guilty to healthcare fraud, and will be required to pay $125 million to resolve civil and criminal liability, according to the Boston US Attorney’s Office. The case against the pharmaceutical company is concerned with the illegal promotion of seven drugs. Payments were made to physicians to prescribe pharmaceuticals to patients over other drugs. This is of course not the first time such allegations have been made against drug firms, and nor is it the first time that pharmaceutical companies have been found to be liable. What makes this case different is the fact that charges have been filed against employees of Warner Chilcott and Warner Chilcott U.S. Sales LLC under HIPAA Rules. The case was possible under the False Claims Act, which permits private individuals to sue companies on behalf of the government under the Act’s whistleblower provisions. Two whistleblowers brought the case against the company and are being represented by law firms MoloLamken, Seeger Weiss, and the Simmer Law Group. The criminal charges...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist