25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Burglary at Minn. Associated Dentists Exposes Patient Health Records

A burglary at the Roseville offices of Associated Dentists has exposed the Protected Health Information (PHI) and Personally Identifiable Information (PII) of an as-of-yet undisclosed number of individuals after the laptops of two physicians were stolen by the thief. The theft occurred after working hours on Thursday, March 19, and was discovered the following day. One of the laptop computers was encrypted, so it would not be possible for the thief to access any protected information. The other laptop was protected with a password, and while this does offer a rudimentary level of protection, for a hacker or computer expert it is unlikely to prove sufficient to prevent data from being viewed. The data stored on the password-protected laptop included the names of patients, their addresses, dates of birth, and Social Security numbers. In some cases, additional information was stored in patient’s records such as email addresses, medical billing information, procedures performed, physician’s name, insurance carrier name, policy number, and diagnosis information. The risk of identity...

Read More

Jacobi Medical Center Reports 90,060 Patient Records Compromised

The New York City Health & Hospitals Corporation’s (HHC) Jacobi Medical Center has reported 90,060 patient records have been compromised when an employee copied the data from the company’s system and emailed it to her personal email account; as well as copying her new employer on the email. The employee sent the information before leaving her employment at the HHC Jacobi Medical Center to work for another healthcare provider. The data contained detailed information about the patients which included their names, addresses, contact telephone numbers, medical record numbers, health insurance information, treatment dates and the category of services they received at the hospital. Some Social Security numbers were also present in the data. However, the Medical Center’s quick response is believed to have prevented the data from being viewed by any other individual, although the possibility cannot be entirely eliminated. The Jacobi Medical Center’s data network is monitored automatically for communications sent containing Protected Health Information (PHI) and the incident was quickly...

Read More

White Plains and Conemaugh MMC Hospitals Announce HIPAA Breaches

White Plains Hospital, N.Y. and Conemaugh Memorial Medical Center, Pa. have issued breach notices confirming they have been affected by the data breach caused by an employee of Business Associate (BA), Medical Management. Earlier this week we reported Medical Management LLC suffered a data breach after an employee copied protected data from the company’s billing system and disclosed that information to a third party. Medical Management is a billing vendor providing a range of billing and coding services to a number of healthcare providers, many of which are in New York. The data exposed included names, dates of birth and Social Security numbers. The University of Pittsburgh Medical Center (UPMC) was the first healthcare provider to announce that some of its patients had been affected by the data breach. Two more hospitals have now issued breach notices to the media and have sent notifications to affected patients.. White Plains Hospital Notifies 1,100 of Data Breach White Plains Hospital in New York announced it was affected by the data breach caused by the BA and learned that...

Read More

Thomas Boyd Hospital: Potential HIPAA Violations; Theft Allegations; No exposed PHI

Boyd Hospital in Carrollton, Ill. has potentially violated the HIPAA Security Rule after it failed to remove medical records from an old property before it was sold. A resident of Jerseyville, Edward Crone, purchased an old property – an ambulance shed in Main Street – from the county on March 19, after it had been sitting dormant on the market for over a year. The shed was being used by the hospital as an off-site storage facility. The property was used to store office equipment such as desks, chairs and filing cabinets and it was also home to a number of boxes of medical records. A breach report was submitted to the Department of Health and Human Services’ Office for Civil Rights – dated May, 21 – announcing that 8,300 records were in the boxes. Boyd hospital had made the transition to Electronic Health Records some time ago, and the data on the paper files had been scanned into digital documents which were stored on the hospital network. The paper files appear to have been something of an issue, as they could not be disposed of and the hospital was...

Read More

Holston Valley Medical Center Reports HIPAA Breach

Holston Valley Medical Center, a Kingsport, Tenn. hospital run by the Wellmont Health System, has discovered that 1,726 patients’ medical records have been improperly disposed of, according to a report on WYMT Mountain News. On March 1, 2015, the hospital was alerted to the presence of a number of documents containing Protected Health Information (PHI) in a recycling container in Steel Creek Park, Bristol. The documents contained notes on patients taken by a nurse and related to patients who had visited the Holston Valley Medical Center between 1998 and 2007. It is not clear exactly what information was included on the patients, although a statement released by Wellmont’s Chief Compliance Officer, Nancy Merritt, confirmed “The notes were not part of any patients’ legal medical record and were never in a public area before they were placed in the recycling bin.” Merrit went on to say, “Holston Valley and Wellmont did not authorize these notes, their retention or their disposal at Steele Creek.” The taking of notes was in violation of company policy and in an interview with the nurse...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist