25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Healthcare Software Security Assessed by Veracode

The cloud offers healthcare providers the opportunity to streamline the provision and management of medical services. However, healthcare providers attempting to harness the power of the cloud could potentially be placing Protected Health Information (PHI) at risk. HIPAA requires covered entities to safeguard PHI at all times, whether it takes the form of physical records or digital files. Any PHI stored or accessible via apps or other cloud applications must have security controls in place to protect the data. All cloud applications must therefore be subjected to a thorough risk assessment to identify potential security vulnerabilities, and any issues found must be addressed. Many healthcare providers, and other HIPAA-covered entities, enlist the help of professionals when it comes to assessing mobile application security, with Veracode a market leader. Over 200,000 Cloud Application Security Assessments Performed Veracode assesses applications for security vulnerabilities that could potentially be exploited to gain access to patient data; or login credentials to gain access to...

Read More

2015 Application Data Security Study Released

The Sans Institute has recently released the findings from this year’s mobile app security survey. The report, “2015 State of Application Security – Closing the Gap”, explores the differences in attitude between mobile application developers and security operations teams: Those responsible for protecting the data recorded, stored, and transmitted by applications. The survey was conducted on 435 individuals, of which 35% were application developers, with the remaining 65% comprising respondents from the data security industry. The Gap between Developers and Security Professionals is Closing One of the main issues limiting the adoption of mobile applications – especially in the healthcare industry – is a lack of robust data security protections for mobile devices. Developers are excellent at creating useful and fully functional apps, but they lack the knowledge to make the apps secure; a necessity before health apps can be used by medical professionals. Security professionals excel at securing mobile applications, but many do not understand the App development process. To...

Read More

MedData Report Offers New Healthcare Cybersecurity Insight

A new healthcare cybersecurity report has been released by the MedData Group, detailing the results of a new survey conducted on 272 U.S healthcare professionals. New Insights into the State of Healthcare Cybersecurity The Report – Physician and Hospital Professionals’ Perspectives on Cybersecurity in the Workplace – analyzes the results of a survey conducted in June of this year, and provides an insight into the current trends in healthcare cybersecurity. The report also highlights some to the major concerns medical professionals have about data security. The survey was conducted on physicians, hospital administrators and Health IT professionals and asked their opinions on a wide range of cybersecurity issues. With the increased risk of suffering data breaches, HIPAA-covered entities (CEs) have been given little choice but to implement a number of new security controls to repel hackers, monitor networks and prevent malware from being installed. However, physicians are not too confident in their organizations ability to prevent breaches. Physicians Lack Faith in Cybersecurity...

Read More

Connecticut Breach Notification Laws Updated

Connecticut breach notification laws have been updated and are now in effect. Substitute Senate Bill No. 949, Public Act No. 15-142 introduced a number of changes to improve data security and agency effectiveness to better protect state residents. Updates affect all who do business in the state, with specific changes that affect contractors (Business Associates/BAs) and health insurers. One of the major changes concerns damage and risk mitigation after a data breach. All companies and individuals doing business in the state must now provide credit monitoring services to breach victims, without charge, for a minimum period of one year if confidential information is exposed. The definition of “confidential information” varies from state to state. It broadly follows the definitions in HIPAA/HITECH, although in Connecticut it specifically refers to: Name Date of birth Mother’s maiden name Motor vehicle operator’s license number Social Security number Employee identification number Employer or taxpayer identification number Alien registration number Government passport...

Read More

Another Orlando Health Data Breach Reported: 3,200-Records Exposed

Yesterday, Orlando Health reported a (now former) employee illegally accessed the medical records of up to 3,200 patients while employed at the hospital. The data breach was discovered on May 27, 2015, although it took just over a month for breach notices to be issued. The healthcare provider started sending notifications to patients yesterday, according to the Orlando Sentinel. An investigation was immediately launched upon discovery of the data breach, which rapidly established information had been improperly accessed by the employee. The healthcare provider terminated the employee’s work contract, and the matter has been reported to law enforcement officers. This is not the first data breach to be suffered by Orlando Health. Another employee was discovered to have improperly accessed patient records in February 2013. In March of last year the company lost a flash drive containing the medical records of 586 children treated at the company’s Arnold Palmer Medical Center. More recently, just two months ago, patient records were found in a neighborhood driveway. Breach Notification...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist