25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Class Action Lawsuit Prepared for 20K-Record MML Data Breach

The dust has barely settled after the 20,000-record HIPAA data breach at Medical Management LLC (MML), but at least one attorney is poised for action and intends to sign up data breach victims to a new class action lawsuit even though it is too early to tell whether any of the victims have suffered identity fraud or any other damage or harm as a result of the breach. Claims for data breaches tend to only succeed when the plaintiffs can demonstrate that they have suffered harm, damage or loss as a direct result of a breach. The courts are quick to throw out any speculative claims for unsubstantiated damages. At this stage, no hospital – nor MML – has reported that the stolen information has been used inappropriately. Joseph Santoli, a class-action lawyer from Ridgewood, announced this week that he will be filing a suit naming six residents of Bergen County whose personally identifiable information and Social Security numbers were stolen and disclosed to a third party. This information was obtained without patient consent or the employer’s authorization: A clear breach of...

Read More

Unity Recovery Group Discovers 12-Month HIPAA Breach

Unity Recovery Group (URG), a provider of drug and alcohol rehabilitation services, has announced that some of its patients have been affected by a data breach that has violated their privacy rights and breached Health Insurance Portability and Accountability Act Rules. The organization is in the process of notifying an as of yet unspecified number of individuals of a privacy breach which lasted almost a year, starting in April, 2014 and lasting until March, 2015. Patients have been advised that some of their Protected Health Information (PHI) “was impermissibly disclosed” to “one or more unaffiliated recovery and/or rehabilitation service providers,” according to the company’s breach notice. HIPAA Breach Exposed Health Information and Social Security Numbers for 12 Months URG is alerting affected individuals that their names, dates of birth, addresses, contact telephone numbers, email addresses, health insurance information, Social Security numbers, and “certain health information” were exposed. Since the breach notice does not provide much information about the exact nature of...

Read More

Ohio Radiologist Disciplined for HIPAA Violation

The Ohio State Board of Medicine has taken action against a radiologist who violated the Health Insurance Portability and Accountability Act (HIPAA) by unlawfully accessing the medical records of a colleague. The radiologist, Dr. Aimee Hawley, accessed the records of a work colleague of Mercy Health St. Rita’s Medical Center in September 2013. Hawley has since left the hospital’s medical staff. It is not known why Hawley accessed the records of her physician colleague, when she should have been aware of the restrictions in place covering access to Protected Health Information under HIPAA. The State Medical Board of Ohio’s education & outreach program manager, Joan Wehrle, said the source of the compliant into the HIPAA violation was being kept confidential. He pointed out that patient privacy is a serious matter and “No one can access a patient’s medical records unless they are a treating or consulting physician or have permission from the patient.” As a result of this transgression, Hawley has agreed to sign a consent agreement submitting to disciplinary action. A consent...

Read More

Judge Approves HIPAA Protective Order for Auto Accident

St. Clair County Associate Judge, Heinz Rudolf, has approved a HIPAA Protective Order to allow the defendants in a wrongful death lawsuit to have access to the two victims’ medical information. A lawsuit was filed against Access Courier, Inc., Contractor Solutions, LLC – Senad Hodzic and Alfredo McGee – by the plaintiff, Debra Dyer-Webster, for an accident which occurred on Oct. 25, 2013 and resulted in fatal injuries being suffered by two minors. Damages of 1.5 million are being sought. In the compliant, it is alleged that the two victims of the fatal automobile accident – Alicea McGee and Anastashia McGee – were killed as a result of Senad Hodzic failing to keep his vehicle under control, not paying sufficient attention, failing to keep a sufficient lookout and failing to “pull a vehicle off the traveled portion of the highway.” At the time of the accident, Hodzic was employed by Access Courier and Contractor Solutions. Alicea and Anastashia McGee were traveling in a 2000 Chevrolet Impala in the northbound lane of Interstate 55 in Macoupin County when the vehicle...

Read More

Ponemon: Data Breach Cost Increases to $154 per Record

The Ponemon Institute has released a new IBM-sponsored report on the financial implications for organizations suffering data breaches. The Cost of Data Breach Study: Global Analysis study involved 350 companies from 12 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, Saudi Arabia, United Arab Emirates, United Kingdom and the United States, although Saudi Arabia and the United Arab Emirates were grouped together under “Arabian Region.” One of the main findings is a 23% increase in the average cost of a data breach since 2013. The Average cost is now $3.8 million per data breach with an average cost per record of $154. Stark Contrast with Verizon Data Breach Cost Estimates Estimating the cost of a data breach is a highly complicated business. Last month Verizon released a study that included a data breach calculation which estimated the cost per record to be 58 cents, although Verizon researchers were quick to admit that their methodology had flaws. Since the cost was estimated to be lower than that of printing and mailing a breach notification letter,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist