25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Almost Three Quarters of Companies Unprepared for Data Breaches

A day after the Department of Justice released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk, and compliance solutions, confirm the need for assistance. Nearly three-quarters (72%) of respondents claimed they were not prepared for a data breach. The survey was conducted on 168 IT decision-makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs. There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a...

Read More

Department of Justice Releases Breach Response Best Practice Guide

The Cybersecurity Unit of the U.S. Department of Justice (DOJ) has produced a new set of guidelines to help organizations with preparing for data breaches to enable them to take prompt action to mitigate damage and address security vulnerabilities. The DOJ felt that smaller organizations were unsure about the correct breach response, and aimed its guidance at these companies rather than large corporations and healthcare providers which are likely to have already implemented appropriate policies and procedures. A step-by-step guide is also included to help organizations prepare for the inevitable and the guidelines detail the steps that must be taken directly after the breach to minimize continuing damage along with a useful section covering actions that must not be taken, such as continuing to use an infected system to communicate. Unfortunately, while the steps are listed, not all will be appropriate for every organization. It is therefore essential that companies develop their own breach policies and procedures to match their own infrastructures. The guide points out certain...

Read More

The Cost of HIPAA Non-Compliance

The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) demands that all covered entities implement the appropriate administrative, physical and technical safeguards to keep PHI secure. Failure to implement those basic minimum standards and provide HIPAA training can lead to more than just a fine from the Department of Health and Human Services’ Office for Civil Rights (OCR). The cost of HIPAA non-compliance is considerable. The True Cost of HIPAA Non-Compliance Since the HIPAA Enforcement Act, the OCR has been able to fine organizations that fail to implement the appropriate controls to protect healthcare data and the privacy of patients. Fines of up to $1.5 million can be issued for HIPAA violations, with that number multiplied by the number of years each violation has been allowed to persist. Multimillion dollar financial penalties have already been issued for non-compliance, but a HIPAA-violation penalty is one of the smaller costs covered entities have to cover. Organizations experiencing even relatively small data breaches can see the cost...

Read More

Cybercrime Report: Children’s Healthcare Data Prized by Thieves

Cybercriminals are targeting healthcare providers and insurers in an attempt to obtain the Protected Healthcare Information (PHI) and Social Security numbers they hold, but above all else, it is the Social Security number of children they are after. According to a study conducted by the University of Texas Center for Identity, children are 35 times more likely to suffer identity fraud after a data breach than adults. A 2011 study conducted by Carnegie Mellon University’s Cylab suggests the risk is much higher, and children are 51 times more likely to suffer from fraud. The UT survey researchers have estimated that one in ten U.S. children have had their identities stolen to some degree. Who do Criminals Use Healthcare Information and Social Security Numbers? Social Security numbers – along with personal identifiers –can be used by criminals to commit fraud in a variety of ways and the value of these numbers has led criminals to come up with highly sophisticated and diverse ways of breaking through organizations’ defenses. Thieves use healthcare data and Social Security numbers to...

Read More
Surprising Results from 2014/2015 HIPAA Breach Analysis
May04

Surprising Results from 2014/2015 HIPAA Breach Analysis

A comparison of data breaches reported to the Department of Health and Human Services’ Office for Civil Rights between January and April of 2014 and 2015 shows some surprising results. Year on Year Comparison of Data Breaches The total number of victims of breaches of PHI during the first four months of 2014 and 2015 differ by only 6,834 records if the two mega data breaches (Anthem / Premera) are taken out of the equation and are considered as anomalies. Add those breaches and the figures tell a very different story, adding a further 89,800,000 individual health plan member records to that total. 118 data breaches were reported during the first third of 2014, with 91 reported during the same period in 2015, a fall of almost 23%. Causes of Data Breaches Recent reports indicate hacking to be the main cause of data breaches, and it has certainly resulted in the most records being exposed. Between January and April, 2014, there were 15 reported data breaches attributed to hacking, while in 2015 30 cases of hacking have been reported: A 100% increase. Theft of devices fell by 42% year...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist