25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Connecticut Breach Notification Laws Updated

Connecticut breach notification laws have been updated and are now in effect. Substitute Senate Bill No. 949, Public Act No. 15-142 introduced a number of changes to improve data security and agency effectiveness to better protect state residents. Updates affect all who do business in the state, with specific changes that affect contractors (Business Associates/BAs) and health insurers. One of the major changes concerns damage and risk mitigation after a data breach. All companies and individuals doing business in the state must now provide credit monitoring services to breach victims, without charge, for a minimum period of one year if confidential information is exposed. The definition of “confidential information” varies from state to state. It broadly follows the definitions in HIPAA/HITECH, although in Connecticut it specifically refers to: Name Date of birth Mother’s maiden name Motor vehicle operator’s license number Social Security number Employee identification number Employer or taxpayer identification number Alien registration number Government passport...

Read More

Another Orlando Health Data Breach Reported: 3,200-Records Exposed

Yesterday, Orlando Health reported a (now former) employee illegally accessed the medical records of up to 3,200 patients while employed at the hospital. The data breach was discovered on May 27, 2015, although it took just over a month for breach notices to be issued. The healthcare provider started sending notifications to patients yesterday, according to the Orlando Sentinel. An investigation was immediately launched upon discovery of the data breach, which rapidly established information had been improperly accessed by the employee. The healthcare provider terminated the employee’s work contract, and the matter has been reported to law enforcement officers. This is not the first data breach to be suffered by Orlando Health. Another employee was discovered to have improperly accessed patient records in February 2013. In March of last year the company lost a flash drive containing the medical records of 586 children treated at the company’s Arnold Palmer Medical Center. More recently, just two months ago, patient records were found in a neighborhood driveway. Breach Notification...

Read More

Ill. Insurer Discovers PHI Disclosure Caused by Software Glitch

An Illinois-based health insurer, the Trustmark Mutual Holding Company, has discovered a data security issue that compromised the privacy of a number of its members. The data breach was caused by an error in the company’s automated e-billing system. The system generates emails that are sent to the company’s insurance carrier clients. The system should generate an email containing a single file attachment in which information specific to that insurance carrier’s clients is contained. The emails and the attachments are encrypted, so there is no chance of interception of data in transit. However on May 13, 2015, a software glitch resulted in emails being generated and sent which contained attachments meant for other insurance carriers. The spreadsheets contained information protected under HIPAA Rules, including Social Security numbers along with patient names and details of payroll deduction amounts. The total number of breach victims has not been announced, although a breach notice issued to the New Hampshire attorney general states that 21 New Hampshire residents have been...

Read More

Trust can be Regained with Prompt Data Breach Notices

Disgruntled patients will be lost to other healthcare providers/insurers after a data breach; however there will not necessarily be a mass exodus provided the breach is managed properly. Get the breach response right and it can go a long way towards rebuilding patients’ trust in an organization. Survey Indicates Americans Want the Truth about Data Breaches   A new survey conducted by Qualtrics, a company specializing in email data protection, indicates the general public is aware that data breaches are now a part of life; however trust in a retailer or healthcare provider is being lost after personal data is exposed. Trust in a HIPAA-covered entity may be lost, but it can be regained. The survey results suggest the best way to do this is with openness, honesty and the issuing of prompt data breach notices. The study was conducted on a sample of 500 Americans aged between 18 and 75, with respondents asked their thoughts about data breaches and how their behavior has changed since the threat of a data breach has risen. The data shows Americans want to be told the truth about...

Read More

Serious Adobe Flash Security Vulnerability Discovered

In addition to dealing with the increased threat of Cryptowall ransomware and Stegoloader malware attacks, healthcare IT professionals must be aware of the latest software security vulnerabilities as they can all too easily cause a data breach. Adobe Flash in particular is a major security risk, with yet another serious security vulnerability discovered in the past few days. The latest Adobe Flash security flaw has an easy fix; the company issued a patch last week to tackle the vulnerability; however any computer that does not have the latest version of the software installed is a potential attack point for hackers. This could pose a problem for multiple hospital systems with thousands of networked computers to update. Another Adobe Flash Hacking Risk Discovered The security vulnerability was discovered not by Adobe, but FireEye Intelligence, a cyber-security company specializing in zero-day malware and advanced security threats. The company identified a security flaw that can be exploited by criminals to gain access to computers running Adobe Flash software. Hackers use a...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist