25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

CFO Sentenced to Jail for False Meaningful Use Claims

A former Chief Financial Officer (CFO) has been sentenced to serve 23 months in federal prison after making false claims to receive payments under the Medicare Electronic Health Record (EHR) Incentive Program. Joe White, 68, was the former CFO of Shelby Regional Medical Center and was responsible for overseeing the implementation of new Electronic Health Records (EHRs) at the hospital, and attested that the hospital had met the minimum standards as required by the EHR Incentive Program. The HITECH meaningful use incentive program has resulted in billions of dollars in payments being made to hospitals and other healthcare organizations that have made the change from paper to Electronic Health Records. To qualify for the incentive payments, healthcare providers must “adopt, implement, upgrade or demonstrate meaningful use of certified EHR technology.” Each year, hospitals are required to attest to reaching meaningful use standards. In order to receive the incentive payments, on Nov. 20, 2012, White knowingly claimed that the hospital was a meaningful user of EHRs when this was not...

Read More

FBI Malware Warning Issued over CryptoWall Ransomware

The FBI has issued a warning to all U.S Companies – and individuals – over the growing threat of ransomware, with a version called CryptoWall singled out as representing the biggest threat. The malware is not just a problem in the United States: The infection has spread globally. Once infected, victims are often left with little choice but to pay up or lose everything. The warning has come via the Internet Crime Complaint Center (IC3). IC3 is a joint initiative operated by the FBI and the National White Collar Crime Center, and since April of last year it has received 992 complaints about CryptoWall infections. The total cost from the malware infections is estimated to have exceeded $18 million. The malware may be complex, but its mode of operation is simple. When a PC becomes infected with the malware the device is locked and the data encrypted. No data can be obtained from the device, it cannot be used, and everything on it will be permanently erased – or remain permanently locked – unless a ransom is paid. Since the data is encrypted, there is no way to retrieve any...

Read More

University of Minnesota Professors Defrauded after Mystery Data Breach

In order for an individual to commit tax fraud – file false tax returns in the name of another individual – the criminal must have access to certain information about the victim. The information is generally not readily available, so it must be obtained from someone who has that data. Healthcare providers and insurance companies are often targeted specifically for the data they hold. With just a few data fields criminals can steal identities and files fake tax returns – as well as commit may other types of fraud. Hackers attempt to break through defenses, thieves target medical devices containing Protected Health Information (PHI) and insiders are used to abuse their access rights and steal data, When tax fraud is discovered, especially tax fraud involving a specific group of individuals, the source of the data breach is often relatively easy to identify. All victims worked at a specific hospital, were enrolled in the same health plan or had used the same pharmacy chain, for example. However, a number of fraudulent tax returns have recently been made in the names of University of...

Read More
Samsung Galaxy Hacking Vulnerability Worrying for BYOD Schemes
Jun24

Samsung Galaxy Hacking Vulnerability Worrying for BYOD Schemes

Despite a security vulnerability existing on Samsung Galaxy devices, the electronics giant has yet to issue a fix 7 months after the company was first alerted to a hacking vulnerability affecting S3 to S6 models of Samsung Galaxy phones. The Samsung security vulnerability could potentially allow the phones to be hijacked by hackers, allowing information entered or sent via the phones to be viewed. The security vulnerability concerns the software used for the phone’s keyboard, according to researchers at NowSecure. What is especially worrying is the owner or user of the phone does not need to take any actions to allow hackers to gain access the mobile phone; the security vulnerability can be exploited remotely. How are Hackers Gaining Access to Samsung Phones? Fortunately, the hack is not straightforward to pull off. It requires considerable technical skill and can only be executed at specific times; when the keyboard software is being updated. The researchers point out that a hacker with access to Wi-Fi networks, or with the ability to otherwise manipulate a user’s network...

Read More

July 28 Deadline for HIPAA HPID Comments

The request has been submitted to the federal register by the Department of Health and Human Services (HHS) inviting comments from the public on the HPID Final Rule, to determine whether changes are required to make the ID scheme more workable. The deadline for those comments has been set for July 28. Any covered entity – or individual – must submit comments before this date in order for them to be considered. It is the last opportunity to have a say in how the scheme will operate. Background to The HIPAA HPIDs The Health Insurance Portability and Accountability Act (HIPAA) – Section 262, Public Law 104–191 – amended the Social Security Act requiring the HHS to introduce a new national identification scheme for health plans, with each needing to be issued with a unique Health Plain ID number (HPID). Under the Patient Protection and Affordable Care Act, the HHS was required to release a final rule on the use of HPIDs by health plans, which was initially scheduled for October 1, 2012. However, in September 2012 an Administrative Simplification was released along with a...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist