25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

St. Francis Health Employee Fired for 20 Month Privacy Violation

An employee of the Bon Secours St. Francis Health System has had her employment contract terminated after the healthcare provider became aware of privacy violations and numerous cases of medical fraud. The employee in question is alleged to have accessed the private and confidential records of fellow employees, and potentially patients, over a period of 20 months. The data accessed appears to have been used to file claims against co-workers’ insurance policies for expensive prescription creams. The privacy violations came to light in July, 2015, when employees of St. Francis Health started noticing their insurance company had billed them for “high dollar value” prescription creams, and the matter was brought to the attention of managers at St. Francis Health. When fraudulent claims are made to insurance companies, it can be difficult to determine the person responsible. With the volume of data breaches now occurring, it is possible that insurance data and other information could have potentially be obtained from any number of sources. In this case, since a number of employees from...

Read More

Hack Discovered by Emergence Health Network: 11K Records Exposed

Emergence Health Network has discovered one of its network servers has been accessed by a third party without authorization. 11,000 patient records have potentially been compromised. The incident came to light when suspicious activity was noticed on one of the healthcare provider’s servers. The activity was investigated and it was determined that an external party had gained access via the internet. The breach investigation revealed that highly sensitive data may have been accessed by the third party, which included patient names, dates of birth, addresses, case numbers and Social Security numbers, in addition to the name of the center where medical services were provided to patients. No medical data were compromised at any point as this information was not stored on the server. Access to the EHR system or other parts of the network was not gained. After hiring a third party security expert to investigate the extent of the data breach, it was discovered that the first time data on the server were accessed by an unauthorized individual was in 2012. Because Social Security numbers...

Read More

September VA Information Security Report Shows Increase in Privacy Incidents

Each month the Department of Veteran Affairs issues an Information Security Report to congress, in which it details the privacy and security incidents that have affected U.S veterans during the month. The past two months have seen privacy incidents fall, with the August figures the lowest since January. However, the report for September has seen the trend reversed, with a substantial increase in both incidents and the number of individuals affected. In total, 455 separate privacy/security incidents were reported during the month. The VA reported 1,135 veterans were affected by security breaches in the month of September, which resulted in 739 breach notification letters being issued and 396 individuals placed at a high enough level of risk of identity theft and fraud to warrant the provision of credit protection services. In August, only 431 individuals were affected by privacy and security incidents. In fact, September was the second worst month so far this year, with only June seeing more veterans affected (2076). This is only the fourth month that has seen the number of affected...

Read More

Aspire Home Care and Hospice Cyberattack Announced

Aspire Home Care and Hospice Cyberattack Exposes 4,278 Patient Records. One of Oklahoma’s largest providers of home health services has announced it has become the victim of a cyberattack, after being targeted by criminals looking to take advantage of the terminally ill. The Aspire Home Care and Hospice cyberattack has resulted in the perpetrators obtaining highly sensitive Protected Health Information of 4,278 patients; information that used to steal identities and rack up debts in the victims’ names. Aspire Home Care and Hospice, the new name for Indian Territory Home Health and Hospice, provides a range of home health and hospice services to state residents. The organization’s nurses, therapists, and social workers are committed to helping patients live with dignity and independence in their own homes. Hackers First Gained Access to Email Accounts in July 2015 The perpetrator of the attack first gained access to email accounts in late July, and potentially obtained patient names, dates of birth, Social Security numbers and insurance information, placing the victims at a...

Read More

Unencrypted Device Theft Continues to Plague HIPAA CEs

Device theft continues to expose the PHI of healthcare patients, and the past three months have seen a high volume of security incidents reported to the Office for Civil Rights which have involved the loss and theft of portable devices used to store the confidential Protected Health Information (PHI) of patients. The latest case involves Johns Hopkins Medicine, where the theft of an unencrypted laptop computer has exposed the PHI of 571 patients and 267 research subjects. Johns Hopkins Hospital Data Breach   A physician from Johns Hopkins Medicine is reported to have had a suitcase stolen at an airport on August 10, 2015. In that suitcase was the physician’s laptop computer, which contained a limited amount of data relating to patients and research subjects. The laptop was unencrypted, therefore the theft potentially exposed the PHI of a number of individuals, although it is probable that the theft was an opportunistic crime, rather than the physician being targeted by a thief seeking medical data and Social Security numbers. In this case, the laptop did not contain highly...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist