25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Mobile Devices Biggest Enterprise Cybersecurity Vulnerability

A news release issued by Check Point Software suggests mobile devices now represent the biggest threat in the security chain; a potential problem for healthcare organizations operating a BYOD scheme. Mobile devices are now viewed as one of the easiest entry points into an otherwise protected computer network and are now the biggest enterprise cybersecurity vulnerability according to the report. Large healthcare providers should take note, as they are likely to be particularly vulnerable to attack, purely because of the number of mobile devices they have in operation. According to Check Point Researchers, organizations allowing 2,000 or more mobile devices to connect to the network have a 50% chance of at least six devices being infected or having been targeted by cybercriminals. 72% of IT professionals agreed that for the coming year, the top security challenge is securing corporate information; however in close second place (67%) was dealing with personal device security. Securing, storing and segregating personal and corporate data on mobile devices is a major challenge. Key...

Read More

Potential PHI Disclosure After Employee Works from Home with Hospital Data

The William W. Backus Hospital has sent breach notification letters to 360 individuals alerting them that their Protected Health Information (PHI) may have been viewed by an unauthorized individual. The information potentially viewed includes patient names, medical record numbers, dates of treatment, and information relating to the diagnoses and treatment provided to patients. The hospital confirmed to patients that no Social Security numbers, financial information or insurance details had been disclosed. Individuals affected by the breach had previously visited the hospital’s emergency room for treatment. Under the Health Insurance Portability and Accountability Breach Notification Rule, HIPAA-covered entities are obliged to report all breaches of PHI to the Department of Health and Human Services’ Office for Civil Rights (OCR); however, since the data breach involved fewer than 500 individuals, the breach notice does not need to be submitted to the OCR until the end of February 2016. A breach notice only needs to be issued to the media if more than 500 individuals have been...

Read More

VisionWorks Agrees to $100K Data Breach Settlement with Maryland AG

Visionworks LLC has agreed to settle with the Maryland Associate General for exposing the Protected Health Information (PHI) of approximately 72,000 Marylanders. The company will pay a fine of $100,000 to the state for data security failures that lead to the breach. Two Data Breaches Reported in Quick Succession   The company discovered two separate data breaches – reported in November and December of last year – that exposed the PHI of 122,627 individuals. The first incident was classified as a lost server, which contained 74,944 records, with the second reported as a network server theft, exposing 47,683 records. The servers are most likely now in landfill; however the incident did potentially expose names, addresses, dates of birth and purchasing histories. The company was reportedly in the process of upgrading to encrypted servers; however old servers were unsecured in the company’s stores; a breach of the HIPAA Security Rule, which requires physical safeguards to be put in place to keep PHI secured. It is believed that the servers were mistakenly disposed of, and...

Read More

Mass Violations of Patient Privacy at Virginia Clinic

Instances of employees snooping on patient medical records are frequently uncovered; however few cases have involved snooping on such a large scale as the privacy breach recently discovered at the Roanoke, Va. Carilion Clinic. The not-for-profit healthcare provider recently discovered fourteen members of staff had accessed a patient’s medical records without having any clinical reason for doing so. Mass Privacy Violations Uncovered By Access Log Audit There have been cases of doctors snooping on fellow physicians’ records, and numerous instances of healthcare workers stealing data with intent to defraud, but it is rare for snooping to occur on such a widespread scale and involve so many employees. Previous cases of mass privacy violations have involved celebrities or other high profile individuals, and this appears to be the case at the Roanoke clinic. According to Carilion spokesperson, Chris Turnbull, “If a big story pops up, we regularly monitor employee access into the medical records system.” The monitoring of access is possible because every time a patient’s records are...

Read More

CareFirst Blue Cross Blue Shield Breach Lawsuit Filed

Earlier this year, CareFirst Inc., discovered one of its customer databases had been accessed by hackers, exposing the Protected Health Information (PHI) of approximately 1.1 million individuals. Some of the victims have now added their names to a new lawsuit against the insurer, with the plaintiffs seeking damages of $5 million, plus legal costs, for the damage, harm and losses caused as a result of the data breach. CareFirst, operating under Blue Cross Blue Shield, suffered a cyberattack in 2014, although it was not identified until May 20, 2015. Names, dates of birth, insurance information and email addresses were exposed, but critically, no financial information or Social Security numbers. CareFirst determined hackers first gained access to the data in June 2014; however it was only when a third party security company, Mandiant, conducted a security audit that the data breach was identified. CareFirst had elected not to encrypt its database, and it is alleged that the decision not to implement this security measure, and others, constituted negligence on the part of the insurer....

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist