25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

New Rules for Electronic HIPAA Transactions Approved by CAQH CORE

Last week, the CAQH® Committee on Operating Rules for Information Exchange (CORE®) approved a new set of national rules for electronic HIPAA transactions, as part of Phase IV of the CAQH® CORE® Operating Rules. The new rules for electronic HIPAA transactions cover four groups of healthcare business transactions – prior authorizations, employee premium payment, enrollment/disenrollment in health plans, and healthcare claims. The aim of the new rules is to facilitate the exchange of healthcare information, as mandated by the Affordable Care Act (ACA). The new rules will augment existing HIPAA administrative standards to ensure uniform transmission of electronic healthcare data. Phase IV of the CAQH® CORE® Operating Rules addresses infrastructure requirements such as connectivity, system availability, and response times. Rules covering the data content of transactions are due to be added to the Operating Rules at a later date. The approval process involves a vote on the new rules by the subgroups and work groups responsible for preparing the draft version of the Operating Rules. If...

Read More

Document Scanner Error Exposes PHI of Silverberg Surgical and Medical Group Patients

Silverberg Surgical and Medical Group is alerting patients to the potential exposure of highly sensitive Protected Health Information after an error made in the configuration of a document scanner resulted in patient information being accessible via the internet. The device had been used to scan documents containing personal information such as patient names, dates of birth, contact telephone numbers, home addresses, fax numbers, and e-mail addresses. Some patients’ Social Security numbers were exposed, as were medical record numbers, health plan ID numbers, beneficiary numbers, medical information, full face photographs and state license numbers: A Smorgasbord of data that could potentially be used by criminals to commit medical, insurance and identity fraud. Silverberg discovered the security breach on August 28, 2015, and immediately launched an investigation. That investigation revealed the device had posted data online since September 10, 2013. The company has now secured the device and data and has enlisted the help of a specialist data security firm to conduct a forensic...

Read More

Bogus Doctors Behind Horizon Blue Cross Blue Shield of New Jersey Data Breach

A Horizon Blue Cross Blue Shield of New Jersey data breach has been reported following the discovery that criminals posed as doctors in order to gain access to the Protected Health Information of patients. The bogus physicians obtained insurance ID numbers and other sensitive PHI, after being given access rights to Horizon BCBSNJ members’ data. The information was stolen in order for the criminals to file false insurance claims in the names of the victims. Fraudulent activity was first uncovered on July 30, 2015 and approximately 1,100 individuals are understood to have been affected by the security breach. In addition to member ID numbers, the bogus doctors were able to gain access to patient names, gender, and dates of birth. A notice on the Horizon BCBSNJ website confirms that Social Security numbers and financial information were not obtained by the criminals. It is understood that the information was stolen with the sole purpose of making false insurance claims. Patient PHI is not believed to have been used for any other purpose. All affected members of Horizon BCBSNJ...

Read More

Car Theft Results in Exposure of PHI of 2900 Individuals

Insurance Data Services (IDS), a Wyoming-based medical billing company, has started to send breach notification letters to patients of one of its HIPAA-covered clients, Claystone Clinical Associates, to advise them of the potential exposure of some of their Protected Health Information (PHI). IDS had contracted a West Michigan based Delivery Service to deliver client mailings; however the vehicle used by the courier company was stolen on September 15. The vehicle theft occurred at Zondervan Publishing in Kentwood, MI. The vehicle theft was reported to law enforcement officers and an investigation into the theft has commenced. Fortunately, the theft was captured by closed-circuit television cameras; however, the recordings revealed a masked and gloved individual entering the vehicle and driving away. Consequently, it has not been possible to identify a suspect at this time. The vehicle has now been found and recovered, but the contents had been taken by the thief. No electronic PHI was exposed; but patient mailings were taken from the vehicle. The information contained in the...

Read More

Healthcare Data Breach Report: August 2015

Healthcare Data Breach Report: August 2015   The number of healthcare data breaches reported to the Department of Health and Human Services’ Office for Civil Rights differs little from July; however the volume of records exposed fell dramatically month on month. In July, over 8,000,000 patient and health plan member records were exposed. August saw ‘only’ 215,556 records exposed. Only one hacking incident was reported in August: The cyberattack on Pediatric Group LLC, which resulted in 10,000 records being exposed. This was a major improvement on last month, which saw 4 hacking incidents discovered. Those four data breaches included major data exposures at Medical Informatics Engineering and UCLA Health, which exposed 3.9 million and 4.5 million records respectively. Main Cause of Data Breaches in August 2015 Was Lost/Stolen Devices August saw eleven reports of lost and stolen PHI containing devices. Each data breach exposed relatively few medical records (Except the Empi Inc / DJO Global data breach that exposed 160,000 records), but all could have been easily prevented had...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist