25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

The Benefits of HIPAA Compliance for Medical Practices

One of the challenges when discussing the benefits of HIPAA compliance for medical practices is proving that the benefits are directly attributable to HIPAA. For example, one frequently claimed benefit of HIPAA compliance is improved efficiency. But, has efficiency improved due to complying with HIPAA, or would it have improved anyway because of other measures? How do you prove HIPAA compliance protects PHI against data breaches if you don´t experience a data breach? Alternatively, what if you do implement every HIPAA safeguard, but a breach still occurs because an individual with authorization to access PHI misuses the authorization? Although in the latter case, the medical practice may not be liable, a data breach has still occurred. While there is evidence to show that the increased adoption and use of EHRs has resulted in the more efficient delivery of healthcare and a reduction in medical errors, the increased adoption and use of EHRs is more attributable to the HITECH Act than HIPAA – the HIPAA Security Rule stipulating how data should be protected, rather than how it should...

Read More
CISA; NSA Issue Guidance on Hardening Microsoft Exchange Server Security
Oct31

CISA; NSA Issue Guidance on Hardening Microsoft Exchange Server Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued new guidance for organizations to help them secure their on-premises Microsoft Exchange servers. The guidance document builds on the advice issued in August 2025 on mitigating a high-severity vulnerability in Microsoft Exchange Server – CVE-2025-53786 – that posed a significant risk to organizations with Microsoft Exchange hybrid-joined configurations. The flaw could be exploited by an unauthenticated attacker to move laterally from an on-premises Exchange server to their Microsoft 365 cloud environment. While the vulnerability could only be exploited if an attacker first gained administrative access to the on-premises Exchange server, CISA was particularly concerned about how easy it was to escalate privileges and gain control of parts of the victim’s Microsoft 365 environment. Cyber actors have been targeting on-premises Exchange servers in hybrid environments, and CISA is concerned about organizations using misconfigured or unprotected Microsoft Exchange servers,...

Read More
Vulnerabilities Identified in Vertikal Systems Hospital Information Management Solution
Oct30

Vulnerabilities Identified in Vertikal Systems Hospital Information Management Solution

Vulnerabilities have been identified in the Hospital Manager Backend Services, a hospital information management system from Vertikal Systems. One of the vulnerabilities is a high-severity flaw that can be remotely exploited in a low complexity attack to gain access to and disclose sensitive information. The vulnerabilities affect Hospital Manager Backend Services prior to September 19, 2025. The vulnerabilities have been fixed in the September 19, 2025, release and future releases. Users should ensure that their product is up to date and should contact Vertikal Systems for assistance with fixing the flaws. The most serious vulnerability is tracked as CVE-2025-54459 and has been assigned a CVSS v4 base score of 8.7 (CVSS v3.1 base score 7.5). The flaw is due to the product exposing sensitive information to an unauthorized control sphere. Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, which means a remote attacker can obtain live request traces and sensitive information such as request metadata, session identifiers,...

Read More
George E. Weems & Vibra Hospitals Announce Data Breaches
Oct30

George E. Weems & Vibra Hospitals Announce Data Breaches

Data security incidents have recently been announced by George E. Weems Memorial Hospital in Florida, Vibra Hospital of Sacramento in California, the California-based plastic surgeon Michael R. Schwartz, MD, and the California-based biopharmaceutical company Travere Therapeutics. George E. Weems Memorial Hospital On October 20, 2025, George E. Weems Memorial Hospital in Apalachicola, Florida, started mailing notification letters to patients affected by a recent security incident involving unauthorized access to two employee email accounts. The intrusion was detected on May 12, 2025, and the investigation confirmed that the email accounts were subject to unauthorized access from May 6, 2025, to May 12, 2025. The email accounts were reviewed, and on September 22, 2025, the hospital learned that the accounts contained patients’ protected health information, including names, addresses, phone numbers, email addresses, Social Security numbers, driver’s license numbers, account information, patient ID numbers, diagnoses and medical histories, provider names, dates of service, and health...

Read More
American Hospital Association Makes Recommendations to Support AI Adoption in Healthcare
Oct29

American Hospital Association Makes Recommendations to Support AI Adoption in Healthcare

The American Hospital Association (AHA) has responded to a September 2025 request for information (RFI) from the Office of Science and Technology Policy (OSTP) on regulatory reform on artificial intelligence (AI) to promote innovation and adoption. The Trump administration is committed to ensuring the United States achieves global dominance in AI and issued the RFI to obtain feedback from businesses and the public on current federal regulations that are hampering AI adoption and innovation. AI has tremendous potential in healthcare, from analyzing and interpreting medical images, aiding clinicians with decision-making, streamlining operations, and easing the considerable administrative burden faced by providers. While AI tools have been adopted in healthcare, the AHA says hospitals and health systems have merely scratched the surface of the potential uses to support them and the patients they serve. In order to accelerate innovation and adoption, the AHA believes regulations need to be eased. In its response, the AHA explained that around one-quarter of healthcare spending goes on...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist