25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Survey Shows U.S Companies Are Saying Bye Bye to BYOD

Bring Your Own Device (BYOD) schemes have proved popular in the healthcare industry. Physicians, nurses and other healthcare workers have petitioned healthcare providers to allow the use of personal Smartphones, tablets and laptops at work, and many have given in and introduced BYOD schemes.   The Benefits of BYOD   Financial constraints often hinder the uptake of new technology, and BYOD offers a cheap and convenient solution. The benefits of Smartphones and tablets can be gained, without the cost of having to purchase, maintain – and replace every 2-3 years – mobile devices for all physicians, nurses, and care providers. Uptake was rapid in many industries, although slower in the healthcare industry due to heavy regulations covering data privacy and security. Over the past five years, more and more healthcare providers have started to embrace BYOD and are now enjoying the benefits; as are physicians, nurses and other healthcare workers opting into the scheme.   BYOD Security Risks   Personal devices can be used in a healthcare setting, although not...

Read More

Healthcare Big Data: Privacy and Security Workgroup Gives Preliminary Report

Big data has considerable potential to improve the quality of care provided to patients, and even improve patient outcomes; however, there are risks. Privacy advocates worry that the disclosure of health data together with personally identifiable information could result in the data being used for discriminatory purposes, or could otherwise cause patients to be harmed. Analysts predict that big data can, and will, be used to reduce the cost of healthcare delivery; however first the issue of patient privacy needs to be resolved. Big data, no matter how useful for the advancement of medical science, can only be used if patients’ right to privacy is assured. The potential benefits for the healthcare are too valuable to ignore; however deciding on the allowable uses of data, while preserving patient’s right to privacy, is a difficult task. It is a problem the Whitehouse is trying to address, and it has turned to stakeholders for help. How to Leverage Big Data While Protecting Patients’ Privacy Rights President Obama requested assistance from the Department of Health and Human Services...

Read More

PHI Retention by Employees not a HIPAA Breach Says Ark. Court

The U.S. District Court of the Western Division of the Eastern District of Arkansas has ruled that two employees who retained the Protected Health Information (PHI) of patients after their employment at Arkansas Children’s Hospital was terminated, did not violate the Health Insurance Portability and Accountability Act (HIPAA). Unfair Contract Termination after Discovery of Billing Irregularities Pam and Eben Howard brought an action against Arkansas Children’s Hospital – Dr. Ron Robertson and Jon Bates – after their employment contracts were terminated. They believed they lost their jobs because they highlighted a number of issues relating to how the healthcare provider billed the government. They have accused the healthcare provider of violating the 1st and 14th Amendments, the Arkansas Civil Rights Act, the Public Policy of the State of Arkansas and the False Claims Act. Potential HIPAA Violations for Retention of PHI and Unauthorized Disclosure While employed at ACH, the pair collected a considerable volume of PHI of patients. After what the pair considered to be unfair...

Read More
New York State Comptroller Publishes ePHI Security Compliance Audit Report
Jul16

New York State Comptroller Publishes ePHI Security Compliance Audit Report

The news is full of reports of healthcare providers failing to implement safeguards to keep Protected Health Information (PHI) secure; but it is rare for a healthcare organization to make the headlines for implementing all of the appropriate physical, administrative and technical safeguards required by HIPAA. However, a recent ePHI data security audit conducted by the New York Office of the State Comptroller has seen Roswell Park Cancer Institute pass with no HIPAA violations discovered. The healthcare provider should be commended for the effort it has put into protecting the privacy of patients. The New York Office of the State Comptroller Audit The State of New York Office of the State Comptroller (NYOSC) conducts regular audits of state organizations, most of which are related to corporate finance. However, last week the NYOSC announced it had completed an ePHI compliance audit of Roswell Park Cancer Institute (RPCI). The audit was conducted specifically to test the safeguards the healthcare provider had put in place to secure patient data, pursuant to Article X, Section 5 of...

Read More

Insurance Service Office Announces Breach of Social Security Numbers

Insurance Service Office (ISO), a New Jersey provider of property and casualty insurance, has announced its insurance database was inappropriately accessed, resulting in a breach of Protected Health Information (PHI). ISO has not disclosed the number of individuals affected nor whether access was gained by a hacker or a malicious insider; however it does appear that data was accessed with the intent of using it for criminal purposes. The database contained highly sensitive information on patients, including details of their health insurance policy, Social Security numbers, and driver’s license numbers. Patient names, dates of birth and contact details were also stored in the database. The information exposed in the HIPAA breach could be used by criminals to steal identities, fraudulently obtain credit and make fake insurance claims. Breach Notification Delay Requested by Law Enforcement HIPAA regulations require covered entities to issue breach notifications to affected individuals within 60 days of the discovery of a PHI breach; however patients and federal/state agencies should...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist