25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

University of Pittsburgh Medical Center Patients Warned of BA HIPAA Breach

A Business Associate (BA) of the University of Pittsburgh Medical Center has notified the healthcare provider, and numerous other clients, of a HIPAA breach caused by a rogue employee. The now former employee is alleged to have stolen the records of 2,259 patients. Medical Management LLC – a medical billing company – was notified by federal law enforcement agencies that a member of staff at the company was believed to have stolen and disclosed confidential data and that the incident was being investigated. The employee in question – who has not been named – was a worker in the company’s call center. That person has been accused of copying “personal information from the billing system” and disclosing the information to a third party. Social Security Numbers and Personally Identifiable Information Stolen Patients affected by the breach are being sent breach notification letters from today to alert them that their personal information has been obtained and disclosed. They have been advised that their names, dates of birth and Social Security numbers had been compromised. Breach...

Read More

NLRB Judge Rules HIPAA Violation not Grounds for Employment Termination

A National Labor Reform Board (NLRB) judge has ruled that the termination of an employee’s contact on the grounds of a clear HIPAA violation was not justified under the circumstances. The International Union of Operating Engineers (Charging Party or Union) alleged that Rocky Mountain Eye Center, P.C. had violated the National Labor Relations Act (NLRA) by terminating the employment of a worker, Britta Brown, on the grounds of a HIPAA violation. The employee had accessed protected records of co-workers to obtain contact information for a union-organizing campaign. In this case, the violation occurred because the organization in question was a medical practice and its patients included employees. The records needed to be legitimately accessed, but the employee used Centricity – Rocky Mountain Eye Center’s healthcare IT system – to obtain the information. When employee contact information is accessed, it is also possible for authorized users to access the Protected Health Information of those individuals. The National Labor Relations Act offers protections to employees, the...

Read More

Brown County Supervisors Meet to Discuss Potential HIPAA Privacy Violation

Supervisors from Brown County, Wis., are considering the position of the Chief Medical Examiner (CME), Jeff Jansen, after he has been accused of committing HIPAA privacy violations on multiple occasions, within 6-months of taking up the position. One incident in particular is at the center of the current discussion. The former CME – Al Klimek – is alleged to have participated in an email discussion with a local funeral director about the condition of a body, even though he had retired and had no legitimate access to that information. In the email, he made a reference to a blood sample and its location and also included information about organ donation. This information was allegedly shared using an insecure medium and the data constituted PHI. However, what is of more concern is how Klimek obtained that information. Jansen is seen as “a protégé of the former Medical Examiner”, according to the Green Bay Press Gazette, and he has been accused of divulging PHI and breaching HIPAA Rules, a claim he vehemently denies. His supporters have said the accusations represent a “witch...

Read More

Indiana State Medical Association HIPAA Breach Update

Details have emerged on the Indiana State Medical Association data breach reported in early March. The Indiana State Medical Association issued a media release in which it confirmed that a data breach was suffered in which approximately 39,000 individuals were exposed, after two back-up hard drives were stolen from an employee’s car. A report in the Star Press yesterday adds further detail to the story, suggesting the initial report was inaccurate and the breach was not reported promptly. The employee in question has also been disclosed as being the ISMA Information Technology Administrator. The employee parked his car in a lot for a period of two and a half hours, and during that time a thief broke into the vehicle and stole two computer back up hard drives containing 39,090 medical records. The hard drives are understood to have been left in plain sight inside the vehicle. The employee did not report the theft until more than 24 hours later. The theft report was filed at 7 pm on February 14. The administrator called law enforcement to report the theft and officers were dispatched...

Read More

Cost of Data Breaches to Hit $2.1 Trillion by 2019

Juniper Research has released a new report suggesting the cost of data breaches will hit $2.1 trillion by 2019 as a result of the increase in cybercrime and the sheer scale of data that will be recorded on consumers’ lives. The Future of Cyber Crime & Security   The new report – The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation – offers an in depth analysis of the current digital security landscape and the threats now being faced, and creates a roadmap for the evolution of connected devices to predict the effect that data breaches will have over the course of the next four years. While security of the Internet of Things is getting a lot of attention at present, Juniper Research calculates the actual risk of data exposure to be minimal, certainly over the next four years. The real threat, and where the majority of data breaches will occur, is the current IT infrastructure according to Juniper. Network servers, laptop computers and other endpoints will continue to be the major locations of breaches. The report suggests that the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist