25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA-Altering Cures Bill Passed by House of Representatives
Jul11

HIPAA-Altering Cures Bill Passed by House of Representatives

The controversial 21st Century Cures Bill was unanimously passed by the House Energy and Commerce Committee in May, and on Friday July 10, 2015, the U.S House of Representatives passed the Bill with a count of 344 to 77. 21st Century Cures Bill to Remove Obstacles in the Way of Medical Research Medical research and innovation is being hampered by HIPAA, according to proponents of the 21st Century Cures Bill. The new Act aims to remove these and other barriers, to help advance America’s search for new ways to tackle the advance of superbugs, antibiotic-resistant bacteria and the deadly viruses now threatening the health of U.S citizens. The Cures Bill has received some criticism in its short history. Privacy advocates object to the wide range of data that can potentially be shared; information currently under the protection of HIPAA. It is feared that the bill could weaken HIPAA protections if it becomes law. If that happens, HIPAA Rules would certainly need to be changed. HIPAA Changes Necessary as a Result of the Cures Bill At present, the HIPAA Privacy Rule restricts the use and...

Read More

Mailing Error Causes Howard University Privacy Breach

Howard Hospital in Washington D.C has announced a mailing error resulted in letters containing patient names, account numbers and the dates of past visits being sent to the wrong recipients. In this instance, only a limited amount of data was exposed. No financial information, insurance details, health data or Social Security numbers were compromised in the incident. The privacy violation was caused by a data error, according to a statement issued by the hospital. Howard Hospital’s Faculty Practice Plan had contracted two companies to – California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. – to send notification letters to patients advising them that their medical bills had not been paid. The letters were sent to individuals as instructed; however a data error resulted in patients sharing the same surnames being sent letters intended for other recipients. In total 1,445 letters were sent to incorrect individuals. The university has reviewed the incident and will be taking steps to prevent similar privacy breaches occurring in the future. This breach may...

Read More

New OCR HIPAA Settlement: St. Elizabeth Medical Center to Pay $218,400 for Violations

Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced a HIPAA settlement has been reached with St. Elizabeth Medical Center (SEMC) for violations of HIPAA Privacy, Security, and Breach Notification Rules. The settlement for HIPAA violations was reached with SEMC for violations that led to a document sharing system data breach that exposed 498 records, and a data breach involving the theft of a flash drive containing unencrypted data of 595 patients. The number of records exposed was relatively low compared to some of the recent “mega data breaches”, but the OCR deemed the offenses leading to the security incidents to be serious enough to warrant a financial penalty. This OCR HIPAA settlement shows how important it is to make HIPAA compliance a priority. Data breaches may not always be preventable, but HIPAA violation penalties are. Privacy, Security, and Breach Notification Rule Violations Uncovered The initial HIPAA violation was uncovered in November 2012, when a complaint was received by the OCR alerting it to potential non-compliance...

Read More

Los Angeles County Government Has Been Putting Patient PHI at Risk for 7 Years

The Los Angeles County government has failed to safeguard the Protected Health Information (PHI) of state residents for up to seven years, according to a recent audit. Three departmental audits have been conducted since December 2014 and a catalog of data security failures have been uncovered that potentially put PHI in the hands of thieves. Data including Social Security numbers and health information could be accessed by former workers, and the information could already be in the hands of criminals. It is simply not known. Computer equipment has vanished – having been misplaced or stolen – devices were not encrypted, and equipment was simply not tracked. Serious Administrative Failures Lasting up to 7 Years Serious administrative failures in several L.A County government departmenta were discovered by auditors, the most serious being a failure to terminate access to computer systems when employees changed employment. An audit conducted by the Probation Department revealed that 695 former employees still had access to computer systems containing the protected health data of...

Read More

Ohio University Hospitals Worker Fired for Improper EHR Access

An Ohio University Hospitals Elyria Medical Center worker has been fired for inappropriately accessing the medical records of patients while employed at the hospital. Alicia Reale, a spokesperson for the hospital, announced yesterday that the medical records of approximately 300 patients had potentially been improperly accessed by an employee of the hospital. The data breach resulted in Protected Health Information (PHI) potentially being viewed and copied. An investigation was triggered when the hospital discovered an employee had accessed the EHR system without a legitimate work purpose for doing so. Reale said “The information that may have been accessed for the impacted patients includes names, dates of birth, medical record numbers, dates of service and diagnostic and treatment information, ” according to a report in the Chronicle-Telegram. Another Case of Hospital Employees Snooping on Medical Records No financial information or Social Security numbers were exposed in the incident, and while the extent of access was determined, Reale said “We did not identify any purpose for...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist