25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

American Hospital Association Opposes HIPAA HPID Use
Jul24

American Hospital Association Opposes HIPAA HPID Use

Earlier this week, the Vice President and Deputy Director of the American Hospital Association (AHA) sent a letter to the Centers for Medicare & Medicaid Services (CMMS) expressing concern over the implementation of Health Plan Identification numbers (HPIDs) and Other Entity Identifiers (OEIDs). HPID Use and HIPAA When HIPAA was introduced, it required national identification numbers to be used by healthcare providers, health plans and individuals. A national ID number was introduced in 2004, although the IDs were only for providers, not individuals. In September 2012, the HPID proposed rule was published, although it took until November 2014 before the rule was finalized. HPIDs and OEIDs will now be required to be used for HIPAA transactions from Nov 7, 2016. It is not a requirement for health plans to be identified in HIPAA transactions, but if they are, from Nov 7, next year a HPID must be used. AHA States Opposition to HPID Use in HIPAA Transactions   The letter, sent from Ashley Thompson to Andy Slavitt, the acting administrator for CMMS, stated the AHAs opposition to...

Read More

New HIPAA Compliance Tool Released for Small Dental Practices

Achieving compliance with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size; however, smaller healthcare providers tend to have more problems. Budgets tend to be more restrictive, and a lack of suitable staff means slow progress is made. This was clear from the results of the pilot round of HHS HIPAA compliance audits. Regulatory bodies such as the Department of Health and Human Services’ Office for Civil Rights (OCR), State Comptrollers, and Attorneys General, investigate data breaches for HIPAA violations, and periodic audits are conducted to assess compliance. The next round of OCR HIPAA compliance audits will assess how well organizations have implemented the requirements laid down in the Privacy Rule, Security Rule and Breach Notification Rule. Healthcare organizations, health plans, healthcare clearinghouses – and Business Associates of the above – will have their compliance efforts put to the test. The audits will be conducted on large healthcare providers, multiple hospital systems, the nation’s largest health...

Read More

Class Action Filed Against UCLA for 4.5 Million-Record Data Breach

It has been less than a week since the announcement that the patient database at UCLA Health Systems was hacked, and already a class action lawsuit has been filed by one patient, Michael Allen of Casper, Wyoming, on behalf of “several million individuals”. Allen, represented by Kevin Mahoney of Long Beach, claims UCLA Health Systems’ failure to encrypt data constitutes unlawful business practices, breach of contract, unjust enrichment and negligence. He is seeking class certification and as of yet unspecified damages for fraud, violation of medical confidentiality, an invasion of privacy and the costs of filing the lawsuit. UCLA hospitals and the University of California Board of Regents were named in the lawsuit which was filed on Monday of this week. The breach was announced on July 17, barely one business day before the lawsuit was filed. In the lawsuit, Allen claims the lack of data protection, specifically the lack of data encryption, amounted to negligence. “Due to defendants’ failure to take the basic steps of encrypting patients’ data, it was much easier...

Read More

Pharmacy Technician Suspended over 100-Patient Data Theft

A pharmacy technician who worked at CVS in San Diego has recently had her pharmacy technician’s license suspended (under Business and Professions Code 494) by the California State Board of Pharmacy after she was discovered to have accessed and stolen the Protected Health Information of around 100 patients. Nicole Yvonne Flores was employed at the San Diego’s Imperial Beach branch of CVS Pharmacy, where she had held the position since 2008, until 2015 when the data theft was discovered and she lost her job. The theft was discovered by the Secret Service, which conducted a raid on the apartment of Flores early last month. The Secret Service discovered a number of patient records in her apartment, and notified CVS of the potential theft of data. Flores was interviewed about by CVS management on June 10, 2015. During the interview Flores admitted that she had copied and removed patient records between May, 2013 and November, 2014, as well as during a three month period between February and April, 2015. The records were obtained when patients came to the drop off counter. Flores would...

Read More

Mailing Error Exposes PHI of Integral Health Plan Members

On July 6, 2015, Integral Quality Care (IQC) sent breach notification letters to some of its Integral Health Plan (IHP) members advising them of a data breach that exposed a limited amount of Protected Health Information (PHI). Patients’ names, dates of birth, Florida Medicaid ID numbers, diagnosis codes and payment information were exposed, although no addresses, Social Security numbers, credit card numbers or financial information were compromised in the incident. PHI Emailed to Incorrect Recipients   In the breach notice, IQC informed patients that their data was accidentally emailed to the wrong doctors by a Business Associate, Independent Living Systems, LLC. The notice does not state how many individuals were affected by the data breach, although patients were told less than 10% of health plan members had their data compromised. The error has been attributed to a “processing mistake” which resulted in patient data being emailed to incorrect individuals who were authorized to view PHI, but not the patient data they were sent. The data breach occurred on May 11, 2015,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist