25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Illegal Dumping of Medical Records Exposes PHI of Ohio Drug Rehab Clinic Patients

Illegal Dumping Medical Files Uncovered Another case of illegal dumping of medical records has been reported, this time involving a Utah drug and rehabilitation clinic, Positive Adjustments. The company went out of business approximately 6 months ago; however medical records were discovered in a dumpster outside the abandoned clinic – at 4548 South Atherton, Taylorsville, by a contractor employed by Dr. Scott Cold, DDS on Friday last week. Dr. Cold confirmed to Fox News that the files contained complete patient records, including patient names, contact information, Social Security numbers and treatment data, in addition to confidential court documents. Medical Records Dumped in Public View When Dr. Cold’s contractor turned up for work on Friday, August 7, the medical records were noticed in the physician’s dumpster, which was open, with the files in clear view of anyone passing close by. The matter was brought to the attention of Dr. Cold who was aware of HIPAA Rules covering Protected Health Information (PHI), and notified law enforcement; however, the records could just as easily...

Read More

Prima Care Discovers Improper Dumping of PHI: 1,651 Patients Affected

This week another case of improper dumping of PHI has been discovered, with an employee of a New England healthcare provider allegedly dumping files that were no longer needed. Employees are the Weakest Link   Healthcare employees are the weakest link in security defenses. Being human, they are prone to make errors from time to time. A mistyped email address can be all it takes to expose thousands of patient health records, as has occurred on numerous occasions already this year. Improper Dumping of PHI Discovered   However this week, a (now former) employee of a healthcare provider has exposed patient records in a rather atypical way. The individual in question was an employee of Prima CARE, P.C, a healthcare provider based in New England. That individual breached HIPAA and hospital rules by maintaining patient records without the knowledge of his or her employer, and apparently dumped the files when they were no longer required. Prima CARE was alerted to the breach when binders containing a wide variety of patient data was discovered in some bushes off Jefferson Street...

Read More

Urology Associates Reports 6500-Record Data Breach

Offsite storage of paper medical records may be convenient if facility space is limited; but the decision to store records offsite may prove to be a costly, as Kailspell-based healthcare provider, Urology Associates recently discovered. The company had taken advantage of a local storage facility and rented a unit to store boxes of old medical records. Unfortunately, the facility was recently burgled. Storage Units are a Risky Place to Keep Sensitive Medical Records   Storage units are frequently burgled. The units are secured with locks; but in many cases, all that is required to access the contents is a set of heavy duty bolt cutters. Thieves have realized there are easy pickings to be had from storage units, and law enforcement has had to deal with a spate of storage unit break-ins recently. The problem is not limited to Kalispell; it is a countrywide problem. Records Potentially Accessed, but not Stolen   Medical records are extremely valuable. Complete sets of data can fetch in the region of $60 on the black market. Clean records, such as those of children, can be...

Read More
Hospital Drug Pump Hacking Risk Discovered
Aug06

Hospital Drug Pump Hacking Risk Discovered

In addition to having to deal with the threat to electronic health records from hackers, hospitals must also be wary of attacks on their medical devices; as evidenced by a new Food and Drug Administration (FDA) warning over a drug pump hacking risk that exists with Hospira’s Symbiq drug pump. Symbiq Drug Pump Hacking Risk Warning Issued by FDA   Only a few days ago, two hackers discovered it was possible to hack into the onboard computers of Fiat Chrysler automobiles and take control of the vehicle; now patient’s plugged into the Symbiq drug pump could potentially be at the mercy of malicious hackers. Such is the severity of the Symbiq drug pump hacking risk, on Friday last week the FDA issued a warning to all hospitals using the device, instructing them to retire the devices and make the transition to other, more secure drug infusion pumps. In the meantime the FDA recommended that healthcare providers should “disconnect the pumps from their networks and update their drug libraries manually.” Since the vulnerability can be exploited via unused ports on the devices, the FDA...

Read More

New Basic Guide to HIPAA Compliance Released By HHS

The Department of Health and Human Services’ Office for Civil Rights has recently issued a basic guide to HIPAA compliance; a summary of HIPAA Rules for covered entities. A Basic Guide to HIPAA Compliance The Health Insurance Portability and Accountability Act (HIPAA) places a number of requirements on healthcare providers, health plans, healthcare clearinghouses, and Business Associates of HIPAA-covered entities, to safeguard data, protect the privacy of patients, and notify them of incidents that expose their Protected Health Information (PHI). HIPAA legislation is complicated, and many covered entities, especially smaller healthcare providers, struggle to understand the HIPAA Privacy, Security, and Breach Notification Rules, and turn those rules into policies into procedures. The Department of Health and Human Services’ Office for Civil Rights is the enforcer of HIPAA Rules, and while the agency investigates data breaches, it is also charged with improving understanding of data privacy and security legislation. One way it achieves this objective is by issuing guidance to help...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist