25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Close Call but VA Hospital Thwarts Attempted Cyberattack

A VA hospital has contained a cyberattack that could potentially have exposed the records of 100,000 patients and 5,000 hospital staff. The security breach is believed to have been caused by a member of the hospital staff responding to a phishing campaign. Trojan Virus Discovered on Computer Drive Shared by 4,000 Employees   The James A. Haley VA Medical Center (JAHMC) had a particularly close call last week when a virus was discovered to have infected a number of the hospital’s files. Only the fast action of the hospital’s IT staff prevented the exposure of over 100,000 patient and employee records. The virus was discovered on a JAHMC computer drive used by 4,000 hospital employees. The Trojan is believed to have been installed as a result of a member of staff responding to a phishing campaign. Hackers send out emails containing links to malware and virus-infected websites, which if visited, download malicious software onto computers and shared drives. Emails containing virus-infected attachments are also sent to healthcare employees. Should those attachments be opened, viruses...

Read More

LSU Health Laptop Theft Exposes PHI of at Least 5,000 Minors

A laptop computer issued to Dr. Christopher Roth by the LSU Health New Orleans School of Medicine has been reported stolen, and along with it, the electronic Protected Health Information (PHI) of approximately 5,000 patients. The majority of patients affected by the breach were minors. The computer was left in a vehicle that was parked in front of the physician’s home on July 16. The theft was discovered the following morning and was immediately reported to law enforcement officers. Physician Breached Hospital Data Security Policies   LSU Health New Orleans School of Medicine has data security policies in place which forbid staff from leaving electronic devices unattended. All members of staff were also instructed to take extra care of devices containing PHI. Dr. Roth therefore violated the School of Medicine’s data security policies by leaving the laptop computer in his vehicle, and will be disciplined by LSU Health for the infraction once the investigation is completed. That investigation has proved complicated, as patient data were stored on the laptop’s hard drive, not on...

Read More

Burglary of Vermont Medical Practice Reported: PHI of 2,000 Patients Exposed

The offices of Vermont-based physician, Max. M. Bayard, MD PC, have been burglarized and a number of electronic devices have been stolen, resulting in the Protected Health Information (PHI) of approximately 2,000 patients being exposed. According to a breach notice posted on the website of the Vermont Attorney General, the burglary occurred on August 5, 2015. By today’s standards, the data breach exposed a relatively small number of patient records; however the breach is particularly serious as patient names, dates of birth, Social Security numbers and Medicare/Medicaid numbers were stored on the computers. The exact information needed by identity thieves to commit fraud. Other data exposed varies from patient to patient, and includes health information such as medical diagnoses, treatment information, and treatment dates. Patients face a high risk of fraud and identity theft. To reduce the risk of harm and loss, all affected patients have been offered a year of free credit monitoring and identity theft repair services. Patients are also covered by a $1 million identity theft...

Read More

Sutter Health Discovers 2013 HIPAA Breach Affecting 2.5K Patients

Sutter Health, a Northern California not-for-profit health system, has recently discovered a HIPAA breach that occurred on April 26, 2013. A former employee of the healthcare provider was discovered to have emailed company billing documents to a personal email account, which was against company regulations and was in violation of the Health Insurance Portability and Accountability Act (HIPAA). Those documents contained the Protected Health Information (PHI) of 2,582 patients, the vast majority of whom had been patients of the Sacramento-based Sutter Medical Foundation. The ex-employee had previously worked for Sutter Physician Services, which provides billing services for the healthcare provider’s medical foundations. Sutter Health received a tip-off about inappropriate use of a company computer by the former employee, who had left the company in November 2014. An investigation was immediately launched to determine whether the complaint had any foundation and to determine whether HIPAA Rules had in fact been violated. Bill Gleeson, a spokesperson for Sutter Health, said that...

Read More

WEDI Issues New Resources to Assist with ICD-10 Transition

The Workgroup for Electronic Data Interchange (WEDI), the country’s leading authority on the use of IT in healthcare to improve health information exchange, has developed two new resources to assist organizations implementing the new ICD-10 codes required by the Health Insurance Portability and Accountability Act (HIPAA). The new resources, ICD-10 State Workers’ Compensation Readiness List and the List of State Medicaid Sites with ICD-10 Information, have been developed with the aim of “Ensuring that all entities are adopting and or are aligning with ICD-10”. The resources will “help further [the health] industry’s movement towards streamlining and automating end-to-end workflow processes.” The new ICD-10 codes must be adopted by HIPAA-covered entities under federal law, but the new codes do not need to be adopted by the workers’ compensation industry. The industry is now becoming more aligned with HIPAA Transaction and Code Set rules, but rather than being covered by a national mandate, the industry is instead subject to state laws. A number of states will be adopting ICD-10...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist