25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Florida Hospital Submits Motions to Dismiss Two Data Breach Lawsuits

Last month, the Florida Hospital group reported a data breach had exposed the records – including Social Security numbers – of 94 individuals. A data breach class-action lawsuit for this year’s breach is almost certain to be filed; however, the hospital group’s legal team is already busy with two class action lawsuits. The two potential lawsuits have been filed for two separate data breaches that occurred in 2011 and 2012; the latter was not discovered for two years. Recently the healthcare provider’s lawyers have made the move to have booth class-action motions thrown out, according to a recent report in the Orlando Sentinel. The class-action lawsuits are currently pending in the Florida Orange County Circuit Court. Motions Submitted to Toss the Data Breach Lawsuits   Both cases are viewed by the Florida Hospital Group as being speculative claims for non-existent damages. Patient data was exposed, and in one case also sold on; however, there is perceived to be only a low risk of losses or damage being suffered. In the 2011 breach, Patient information was obtained and...

Read More

Malware as a Service Being Offered to Criminals on Darknet

You can choose a cloud-platform-as-a-service and software-as-a-service; however for the criminally minded, it is possible to purchase malware-as-a-service. Cybercriminals are now adopting the same business model to sell their malicious software as legitimate software vendors. A platform or software-as-a-service is a business model that allows a product to be used, developed and managed by an individual or company; gaining the benefits of the software without having to develop everything from scratch. Malware-as-a-service is available on the darknet and offers criminals the same benefits. In depth computer knowledge is not required; a criminal can select off-the-shelf malware to suit his or her needs. The creations of skilled hackers can be used by any number of relatively unskilled individuals to allow them to gain access to computers and networks and steal the valuable data they store. Industry leaders are now referring to this mass-market malware sale as “the industrialization of cybercrime,” and it is a highly profitable business. It is so successful and profitable that sales...

Read More

HIMSS Releases 2015 Healthcare Cybersecurity Report

297 healthcare leaders and information security professionals have recently given their opinions to HIMSS on the state of healthcare cybersecurity, with the results of the survey recently published in HIMSS’s 2015 Cybersecurity Report. The release of the report coincided with the Chicago Privacy and Security Forum event between June 30 and July 1 of this year. The report highlights a number of concerns about cybersecurity; perhaps the most pressing being the sheer shale of the current attack surface. Hackers are breaking through security defenses left, right and center; but more worrying is the fact that they have been doing that for a number of months, and are already inside many computer systems. Healthcare Professionals are Concerned Their Protections may not be Enough   Numerous major breaches have affected tens of millions of employees, consumers and patients over the course of the past few months. New data breaches are being discovered on an almost daily basis and no industry appears to be safe from attack. Hacking groups are (allegedly) being financed by foreign...

Read More
Jason Pierre-Paul Finger Amputation Disclosure Violates HIPAA Rules
Jul09

Jason Pierre-Paul Finger Amputation Disclosure Violates HIPAA Rules

to a news report on ESPN. Surgeons treated the football player after the accident, but were unable to save his right index finger. A tragedy such as this would naturally make then news; however, it is making headlines for another reason. Information about Pierre-Paul’s medical condition appears to have been leaked to the media from a source within the hospital; breaching the Health Insurance Portability and Accountability Act (HIPAA) and violating Pierre-Paul’s right to privacy. The circumstances surrounding the disclosure strongly suggest there was no prior consent obtained from Pierre-Paul before the information was disclosed; even the New York Giants were unaware their defensive end had a digit removed until they heard the report on ESPN. ESPN Reports on Pierre-Paul’s Medical Status   The news broke on Sunday after a healthcare worker at the hospital disclosed the news about the celebrity patient to a friend; violating Pierre-Paul’s privacy and breaching HIPAA Rules. That friend then posted the information online via his Twitter account, and from there rumors started...

Read More
State Data Breach Laws Should Preempt Federal Laws, Says NAAG
Jul08

State Data Breach Laws Should Preempt Federal Laws, Says NAAG

Yesterday, the National Association of Attorneys General (NAAG) sent a letter addressed to congressional leaders urging them to consider the state laws that have been put in place to protect consumers, and not to diminish the role that state Attorneys General play in enforcing data security and protection laws. The letter urges congress not to make changes to federal data breach notification and data security laws that would lessen the protections that have been put in place by the states. The letter calls for congress to refrain from introducing data security and data breach notification laws that pre-empt those introduced in each state. There are a number of bills pending which include data security and breach notification requirements that would pre-empt state laws.   A Similar Request Was made A Decade Ago   This is not the first time the NAAG has written to congress on state security breach notification laws; a similar request was made in 2005. In that letter it was argued that “Pre-emption interferes with state legislatures’ democratic role as laboratories of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist