25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Sutter Health Physician Suffers Second 2015 Data Breach

In a press release issued to the media on May 19, 2015, Sutter Health Physician, Sharon J. Jones, M.D. announced that her office facilities had suffered a break-in and a desktop computer, two laptop computers, a computer server, and 17 patient charts were stolen. The break-in occurred overnight on March 20, 2015. The breach has now been reported to the Office for Civil Rights as affecting 1,342 individuals. This is not the first time the offices have suffered at the hands of burglars, and in only January of this year the same facilities were broken into and 350 patient charts were stolen along with a credit card register. The thief appears to be persistent. Following the second break-in, Jones hired a security guard who managed to stop a third break-in attempt three days later. Jones stated that she has employed new security measures to protect patient records, one of which appears to be moving her office from San Pablo to Richmond, which she plans on doing in the next 6 months. In the latest incident, the press release does not describe the information contained in the patient...

Read More

Employee Email Causes Second HHC Hospital HIPAA Breach

A New York City Health and Hospitals Corporation (HHC) hospital HIPAA breach has been reported in which 3,334 patients’ Protected Health Information (PHI) was exposed after an employee emailed a spreadsheet to the email account of a relative. The HIPAA breach was discovered on February 27, 2015, although the email was sent more than a month previously on January 15, 2015. Belleview Hospital posted a copy of the breach notification letters (dated April 28, the same day as the breach report was submitted to the Department of Health and Human Services’ Office for Civil Rights) almost two months after the discovery of the breach. Under the HIPAA Breach Notification Rule, covered entities have up to 60 days to report breaches and issue breach notices when a data breach exposes the PHI of more than 500 individuals, although the notices should be issued without unreasonable delay. How the Belleview Hospital HIPAA Breach Occurred The employee in question was provided with a spreadsheet that included patient names, telephone numbers, and email addresses in addition to their medical record...

Read More

CareFirst BCBS Reveals 1.1 Million-Record Cyberattack

CareFirst BCBS Security Audit Reveals 1.1 Million-Record Cyberattack CareFirst BlueCross BlueShield has discovered a cybercriminal infiltrated its computer network last year on what appears to be a single occasion. Protected data of approximately 1.1 million individuals has potentially been disclosed in the incident. Following the two mega data breaches to hit health insurers this year – Anthem’s hack exposed 78.8 million-records and Premera’s 11 million – and the Community Health Systems 4.5 million record-breach last year, CareFirst BCBS decided to take a closer look at its own systems and check for suspicious activity. The insurer used an external IT security company, Mandient, to conduct a thorough inspection of its computer network and database. That internal review uncovered a cyberattack had occurred in which the insurer’s cybersecurity defenses were shown to have been breached on June, 20, 2014. No Healthcare Data or Social Security Numbers Exposed The information accessed was contained in a single database, according to a breach notice posted on a website set up to...

Read More

Consolidated Tribal Health Project Learns of Employee HIPAA Breach

The Consolidated Tribal Health Project, Inc. (CTHP) has discovered that a former employee accessed Protected Health Information (PHI) and Personally Identifiable Information (PII) information stored on its computer network that the individual had no legitimate reason for viewing. In accordance with the HIPAA Breach Notification Rule, a breach notice has been issued to the media and CTHP said it started mailing notification letters to affected individuals on May, 12. No mention was made of when CTHP learned of the data breach or for how long it had continued before it was detected. The press release did confirm that an investigation is underway to determine the nature and scope of the incident, and law enforcement officers have been notified and are conducting a criminal investigation. CTHP enlisted the help of external computer forensics experts to analyze login and access attempts and to ascertain exactly what data was exposed and how many individuals were affected. Social Security Numbers and Financial Information of Patients and Employees Compromised The total number of victims...

Read More

Burglary at Minn. Associated Dentists Exposes Patient Health Records

A burglary at the Roseville offices of Associated Dentists has exposed the Protected Health Information (PHI) and Personally Identifiable Information (PII) of an as-of-yet undisclosed number of individuals after the laptops of two physicians were stolen by the thief. The theft occurred after working hours on Thursday, March 19, and was discovered the following day. One of the laptop computers was encrypted, so it would not be possible for the thief to access any protected information. The other laptop was protected with a password, and while this does offer a rudimentary level of protection, for a hacker or computer expert it is unlikely to prove sufficient to prevent data from being viewed. The data stored on the password-protected laptop included the names of patients, their addresses, dates of birth, and Social Security numbers. In some cases, additional information was stored in patient’s records such as email addresses, medical billing information, procedures performed, physician’s name, insurance carrier name, policy number, and diagnosis information. The risk of identity...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist