25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Medical Records Used for Telephone Phishing Scam in Chicago

Cybercriminals are breaking into healthcare IT systems and stealing equipment to gain access to highly valuable Protected Health Information (PHI). With this data criminals can make bogus insurance claims, apply for credit, and obtain medical prescriptions and services. This is not the only way that data is obtained to commit fraud. In Chicago this week, a new telephone phishing scam has been uncovered. As with spear phishing, the perpetrators can be very convincing. With a limited amount of personal information about a person, they are able to obtain much more valuable data, provided they can convince the potential victim to divulge it. The latest scam appears to involve a HIPAA breach, as the criminals have highly intimate knowledge of the victims and information that could only be found in health records. With the latest scam, two patients who have reported being called claim the callers had information that only a hospital or their doctor would know. Not all data breaches provide criminals will a full set of data with which they can use to commit any number of crimes. Sometimes...

Read More

Department of Veteran Affairs Reports 158% Hike in Data Breaches

The Department of Veteran Affairs has issued its monthly data breach report to congress. Over the past few months the number of breach victims has been falling; however the latest figures show a marked increase in the number of data breach victims.  There was also a noticeable decrease in the number of security incidents the DVA was able to prevent. In March, 383 veterans were reported to have been affected by data breaches. The number of breach victims reported for April was 987; a percentage increase of almost 158%. 738 of those incidents involved the exposure of Protected Health Information (PHI); almost 75%. What Caused the Increase in PHI Breaches in April? There was a slight increase in the number of mishandling incidents in April, but the biggest cause of the increase, by far, were mis-mailing incidents, which rose by 19 percent. Errors made by pharmacies increased substantially, although there was a slight drop in lost/stolen devices and PIV cards. Information Security – Monthly Activity Report – April 2015   Lost and stolen device incidents:  47 Lost PIV...

Read More

65 Boxes of Improperly Dumped Medical Records Discovered

A resident of Madison County, Richmond, Ky. recently discovered a dumpster full of medical records, with the boxes of paper files understood to contain highly sensitive Protected Health Information (PHI) covered under the Health Insurance Portability and Accountability Act (HIPAA). According to a news report on WTVQ, Carl Swanger discovered the files on Saturday, May 31. After a quick inspection he “immediately he knew something wasn’t right,” and took the boxes to Baptist Health as he thought there must have been an error made. However the records did not belong to the healthcare provider, instead, they were from a company called Richmond Radiology which closed for business many years previously. The dumpster was located in AAA Rent-A-Space in Richmond and contained 65 boxes of medical records. The files had been cleared out of the storage facility by the manager as he needed the space for a new customer. The manager was unaware of the contents of the boxes and an employee was told to clear out the storage unit. According to the manager of the facility, that employee can’t have...

Read More

Alaskan Drug Kingpin and Aide Jailed for HIPAA Violations

The land of the midnight sun may not be a hot spot of HIPAA violations, although one incident has recently made the news. The story involves an Anchorage drug kingpin, two hospitalized victims, a financial counselor, and the first felony convictions for HIPAA violations in Alaska. HIPAA Rules Regarding Accessing PHI The Health Insurance Portability and Accountability Act introduced a number of changes to protect the privacy of patients, and the legislation has gone a long way toward ensuring that Protected Health Information (PHI) remains private and confidential. Access to patient health information is restricted to a need-to-know basis. Information can only be accessed for the treatment and care of the patient, or for billing and other essential administrative purposes. Medical professionals cannot simply look at the medical records of any patient. There must be a justifiable reason for doing so. Friend of Anchorage Drug Kingpin Violates HIPAA Rules Anchorage resident, Stacy Laulu, 33, was arrested, charged, and convicted of two violations of the Health Insurance Portability and...

Read More

U.S HealthWorks HIPAA Breach Raises Issue of Data Encryption

U.S. HealthWorks, a healthcare provider based in Valencia, California, has reported a breach of PHI and PII after an unencrypted laptop computer was stolen from the vehicle of a company employee. Theft of Laptop Computer from Unattended Vehicle The incident occurred on April 21, 2015, and was discovered by the healthcare provider the following day. The sample breach notification letter – posted on the State of California DoJ Attorney General’s website – explains that a company employee had taken a laptop computer and left it in a vehicle from where it was stolen. Upon discovering the theft, the incident was reported to law enforcement officers, and an investigation was commenced. U.S HealthWorks started an internal investigation to determine the exact nature of the data stored on the laptop; a process which has taken some time to complete. According to the breach notification letter – dated May 30, 2015 – it took until May 5, 2015, to determine that the laptop computer was password protected but lacked data encryption software. The healthcare provider was able to determine that...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist