25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Human Error Main Cause of Data Breaches Says Baker Hostetler Report

The Ponemon institute released a study this week indicating that criminal activity was the main cause of HIPAA breaches, with OCR breach report data suggesting the same; however, according to a data security report produced by law firm BakerHostetler, human error is most often to blame. The legal firm analyzed data from more than 200 incidents that the firm advised on in 2014, with the clients coming from education, retail, insurance, technology, entertainment, hospitality, the financial services and the healthcare industry, with the latter accounting for the majority of data breaches dealt with by the firm. Over a third (36%) of the firm’s clients that had experienced a data security incident during 2014 attributed it to employee negligence. Data theft by outsiders caused 22% of security incidents with theft by insiders joint third with malware, both being implicated in 16% of incidents. Phishing attacks caused 14% of data breaches. Healthcare Industry Hardest Hit The high proportion of healthcare data breaches included in the report is partially due to the requirement to report...

Read More

HIPAA Compliance Audits: OCR Transmits Pre-Screening Surveys

According to a recent article in Lexology, the Department of Health and Human Services’ Office for Civil Rights has started transmitting pre-screening surveys to HIPAA-covered entities signaling the start of the long-awaited second round of HIPAA compliance audits. However, the OCR has yet to post a notice on its website to that effect. OCR Prepares for the Second Phase of Compliance Audits The OCR previously placed a notice in the Federal Register stating its intention to send out pre-audit screening questionnaires to up to 1200 covered entities and their Business Associates last year, allowing organizations to be contacted to assess their suitability for audit. The OCR must ensure that a representative sample of covered entities are audited, including both large and small healthcare providers, healthcare clearinghouses, insurers, health plans as well as Business Associates of covered entities. The audits must also be geographically representative, covering the whole of the United States. According to OCR’s Susan McAndrew, the screening questionnaires are to “assess the...

Read More

Orlando Health Notifies 68 After PHI Found in Neighborhood Driveway

An Orlando Health hospital has sent breach notification letters to 68 patients after a document containing their Protected Health Information (PHI) was found “in a neighborhood driveway”. The letters were sent “out of an abundance of caution”, although potentially that information could have been read by an unauthorized individual. According to a WFTV news report, Channel 9 was contacted by a man after his son received a breach notification letter in the post telling him that his confidential health information may have been exposed in a security incident, which prompted reporters to investigate. John Henderson told reporters that his son was sent a letter saying that a patient list was discovered in a driveway which was found to contain patient names, medical record numbers, account numbers and medical diagnoses, although no insurance information, financial details or Social Security numbers were included on the list. He said he “can’t believe Orlando Health is this irresponsible.” Hospitals must take great care to ensure that patient health information is properly...

Read More

Crime Leading HIPAA Breach Cause Says Ponemon Data Security Study

The threat to the healthcare industry from hackers is growing. Hacking and network server incidents are now the main cause of HIPAA data breaches, according to the OCR “wall of shame”. Yesterday, the Ponemon Institute released data from a new Privacy and Security which confirms that criminals are now the major cause of HIPAA breaches. The new study – the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data – shows that criminal activity is behind 45% of all healthcare data breaches, be that the theft of equipment or records with intent to use or sell the data, hacking incidents, malware, phishing and theft by malicious insiders. The loss of laptop computers and other unencrypted devices, accidental disclosures, and administration errors have traditionally been the major cause of data breaches over the past few years, including in 2014. This is the first time that carelessness and negligence have not been the leading breach cause. This is unlikely to change in the near future, especially considering criminal activity has increased by 125% over the course of the...

Read More

Hacking Tops List of 2015 Data Breach Causes

An analysis of breach reports during the first 5 months of the year shows that the main cause of 2015 HIPAA breaches is still hacking, which continue to expose patient health records in the millions. The colossal data breach at Anthem Inc., exposed 78.8 million member records while the HIPAA breach at Premera Health was potentially more serious. While 11 million records were obtained by hackers – considerably less than in the Anthem hacking incident – the data stolen was more substantial, and included medical information, personal identifiers and Social Security numbers; everything thieves need to commit fraud on a huge scale. Hacking Main Cause of HIPAA Breaches and Exposes Most Records HIPAA-covered entities are required – under the Breach Notification Rule – to report data breaches involving more than 500 individuals to the Department of Health and Human Services’ Office for Civil Rights. These breach reports must be made within 60 days of the discovery of a data breach. The two mega data breaches certainly stand out in the breach report lists due to the volume of records...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist