25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Class Action Filed Against Charleston Area Medical Center for 2013 Data Breach

A class action lawsuit has been filed in the Kanawha Circuit Court against Charleston Area Medical Center, for a data breach that occurred between August 2013 and February 2014. The lawsuit has been filed by two plaintiffs who were patients of the medical center at the time of the data breach and had their data exposed. Tiffany Mallion and Nickole Pullen claim they entered into an agreement with the hospital to receive treatment, and that agreement also included securing their health information. They claim their Protected Health Information (PHI) was exposed as a result of a number of security failures at the medical center. It is alleged that the protections put in place to secure data were insufficient, and left highly sensitive information “unprotected, unguarded and unsecured.” A catalog of security failings have been cited, such as the failure to train staff on privacy and data security matters, a failure to protect data, as well as a there being a lack of physical protections to secure the equipment on which the data was stored. As a result, the plaintiffs claim “their...

Read More

The Healthcare Cybersecurity Challenge: How to Keep ePHI Secure

The healthcare industry faces many challenges, but perhaps one of the biggest at present is how to keep electronic protected health information of patients secure. Hackers are targeting healthcare providers for the data they hold, HIPAA-covered entities large and small are under attack, and the volume of cyberattacks is increasing at an incredible rate. New malware is evolving fast, employees are stealing data more frequently, and worse still; the threat landscape is ever-changing. The Workgroup for Electronic Data Interchange (WEDI) Offers Assistance The Workgroup for Electronic Data Interchange (WEDI) is a not-for-profit organization and a leading authority on healthcare IT security. One of the main aims of the organization is to help healthcare providers improve the quality of care provided to patients while introducing efficiencies to drive down costs. One of the ways it achieves this objective is by offering guidance on improvements that can be made to healthcare information exchanges. The organization was formed nearly 25 years ago by the Secretary of Health and Human...

Read More

Plea Deal Taken by Hospital ID Thief after Filing $489,000 in False Tax Claims

Two former healthcare workers who took part in a hospital identity theft scheme are currently negotiating plea deals to avoid trial. They stand accused of accessing and stealing hospital medical records, and using the information to file fraudulent tax returns. Six charges have been filed against Martez Lear, 29 of Farmington Hills, while his partner in crime, Markitta Washington, a former Farmington Hills resident, has also been charged. The crimes were committed between 2011 and 2014. Washington is accused of using here privileges while employed at Detroit’s Henry Ford West Bloomfield and DMC Harper Hospitals to access and steal patient medical records. Patient names, dates of birth, Social Security numbers, financial information and credit card details were viewed and copied and passed to Lear, who used the information to file fraudulent tax returns. The matter was brought to the attention of law enforcement officers and an investigation was conducted by the Southeast Michigan Financial and Cyber Crimes Task Force, the IRS, local law enforcement agencies and the West Bloomfield...

Read More

UCLA Health System Hacked: 4.5 Million Patient Records Exposed

The University of California, Los Angeles Health System (UCLA) has reported it has been targeted by hackers who potentially accessed and copied a database containing the Protected Health Information (PHI) of up to 4.5 million patients and hospital staff members. The UCLA Health network consists of four hospitals: The Ronald Reagan UCLA Medical Center, UCLA Medical Center, Santa Monica, Mattel Children’s Hospital & Resnick Neuropsychiatric Hospital. It also has approximately 150 offices in Southern California. Any person who has previously received medical services from UCLA Health in the past 25 years could potentially be affected. Some of the exposed records dated back to 1990. UCLA employees are also believed to have had their data exposed. The data compromised in the incident included patient names, dates of birth and home addresses along with Social Security numbers, Medicare numbers, health plan/health insurance identification numbers and health information. No financial data appears to have been exposed to the hackers. If the data has been copied, it would allow the...

Read More

URMC Takes Action to Prevent Future Patient Privacy Violations

In May, The University of Rochester Medical Center suffered a data breach after an employee took the Protected Health Information (PHI) of patients to a new employer, all in the name of continuity of patient care. The employee in question, a nurse practitioner in the Department of Neurology, was concerned about patient continuity of care after she left her employment. She was provided with a printed list of patient’s information by the medical center for the purposes of adding notes and information that would ensure that patients did not suffer any fall in care standards as a result of her departure. The list was not collected prior to the employee leaving her employment, and the information was subsequently disclosed to her new employer (full story here). With the benefit of hindsight, it was perhaps ill advisable to have provided printed PHI to a member of staff about to take employment with another local healthcare provider. However, all that can be done now is notify the patients concerned and make changes to policies and procedures to ensure a similar incident cannot happen...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist