25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Ohio Woman Sentenced for Medical Center Fraud

The state of Ohio is relatively quiet when it comes to HIPAA violations, but the past few days have seen the Buckeye State make the headlines twice, after two employees from separate institutions have been disciplined for improperly accessing protected records. Dr. Aimee Hawley was disciplined by the State Medical Board last week, and this week, Teresa Lewis from South Point, Ohio was sentenced to a year and a day behind bars for two counts of access device fraud against the Huntington Retina Center in West Virginia, although no patient records are understood to have been viewed. Huntington Retina Center provides primary care for eye injuries and treats disorders of vision and eye diseases. The healthcare provider employed Lewis, 60, as a billing assistant. During this time – between 2012 and 2014 – Lewis used her position and access privileges to improperly view records to obtain credit card numbers of the center and one of its doctors. With the financial information she obtained, she managed to run up debts of $52,317 over the course of the two years, obtaining goods in the name...

Read More

OPM 4M-Record Data Theft Linked to Recent HIPAA Data Breaches

Yesterday, the Office of Personnel Management announced it suffered a data breach in which hackers were able to gain the confidential records of some 4,000,000 employees. Worse still, the ONC provides security clearances and the data stored on individuals is extensive, including personal information and highly sensitive information provided by friends and family. Such detailed data can be used to commit fraud in the hands of criminals, but if the hack originated from government-backed individuals, the threat is more serious and may not be financial in nature. The major worry is that such highly detailed information could be used to blackmail and bribe government workers. The perpetrators potentially have 4 million individuals to choose from. Furthermore, the records stolen do not appear to be limited to ONC workers: Other government workers have also potentially been affected. According to the Associated Press, “A U.S. official, who declined to be named because he was not authorized to publicly discuss the data breach, said it could potentially affect every federal agency.” In...

Read More

Rite Aid Announces PHI Exposed in Baltimore Riots

On Wednesday, Rite Aid announced that the widespread looting during the Baltimore riots resulted in prescription drugs being stolen from a number of its Baltimore pharmacies. The labels on some of the stolen prescription bottles contained information protected under the Health Insurance Portability and Accountability Act (HIPAA). The labels did not contain Social Security numbers or financial information, but sufficient information was printed on the labels to make affected patients potential targets for fraudsters. Many of the stolen medications are now being sold on the black market on the streets of Baltimore. The information on the prescription labels includes the names of patients, their addresses, together with the medication name. As reported earlier this week, this information can be used by criminals to trick patients into revealing more sensitive information, such as their bank account details or Social Security numbers. In the case of Rite Aid, the patient information is limited, but the risk of identity fraud was considered to be of a level where identity theft...

Read More

2015 Healthcare Data Breaches Pass 100-Incident Milestone

HIPAA data breach reports passed the 100 incident milestone in May, with the current total of healthcare data breaches for the year standing at 110. Under HIPAA Rules, all Covered Entities (CEs) are required to report data breaches involving more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights (OCR), issue a media notice and send breach notification letters to all affected individuals. The Breach Notification Rule places a time limit of 60 days to do this, although the reporting should not be unnecessarily delayed. The OCR lists data breach summaries on its website which gives an indication of the state of play of healthcare cybersecurity, compliance and how well CEs risk mitigation strategies have performed. The month’s breach reports have been summarized in the infographic below. Data is also shown for the year to date, and the corresponding period in 2014.     Over 100 Healthcare Data Breaches Recorded in the First 5 Months of 2015   The healthcare industry is under attack from hackers; healthcare workers are taking...

Read More

Who do Boards Blame for HIPAA Breaches and Cybersecurity Incidents?

When a HIPAA data breach occurs questions are asked about the technical, physical and administrative controls that were put in place to secure the data. Companies are put in the spotlight and everyone feels the heat, but new data indicates that the finger of blame is now pointing in a different direction, certainly as far as directors are concerned. According to a new report by NYSE Governance Services, entitled Cybersecurity in the Boardroom, there has been a shift of blame for data breaches in recent years. It is no longer just the Chief Information Security Officer (CISO) that boards hold responsible for a data breach. The report shows that the entire C-suite is in for a torrid time. Some directors still pick out one individual in the cross-hairs, while others appear to fire indiscriminately. Blame for Data Breaches Spread more Widely According to the report, the Chief Executive Officer (CEO) is most often blamed with the Chief Information Officer (CIO) also taking a considerable amount of heat. Both are clearly in the firing line. However, everyone in the executive team came in...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist