25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Health IT Privacy and Security Guide Released by ONC

The government, via the Office of the National Coordinator for Health IT (ONC), has issued a new set of guidelines on Privacy and Security of Protected Health Information. The update to the guidance was made in the most part to facilitate the interoperable exchange of healthcare data but also to improve cybersecurity defenses and the understanding of HIPAA Rules, in addition to outlining the core objectives of Stage 2 of the Meaningful Use program. The guidelines set out to explain why PHI must be protected and convey that HIPAA compliance is a responsibility that is shared between everyone employed in the healthcare industry. Advice is provided on how compliance can be achieved under the Health Insurance Portability and Accountability Act and best practices are outlined that should be adopted by Medicare Eligible Professionals (EPs) and HIPAA –covered entities (CEs). The guidelines were last updated in 2011 so an update has been long overdue, especially in light of the 2014 EHR Certification Rule which, like the HIPAA Privacy Rule, allows patients the opportunity to access their...

Read More
Denton County Health Dept Reports HIPAA Data Breach
Apr12

Denton County Health Dept Reports HIPAA Data Breach

On February 13, 2015, an employee of the Denton County Health Department inadvertently violated the Health Insurance Portability and Accountability Act (HIPAA) when a USB drive was left at a printers shop. The drive contained a personal document that the employee wanted the shop staff to print. The drive also contained the unencrypted Personal Health Information (PHI) of 874 patients who had received medical services through Health Department’s tuberculosis (TB) clinic. The data included the names of patients along with their TB test results; addresses; dates of birth and other PHI. No Social Security numbers were stored on the drive, nor any financial information. Since Personal Identifiers and Health Information have potentially been exposed and the incident involved more than 500 patient records, Denton County Health Department is obliged to report the data breach to the Department of Health and Human Services’ Office for Civil Rights (OCR). The HIPAA Breach Notification Rule also requires Notification Letters to be sent to all affected individuals within 60 days of the...

Read More
Criticism of ONC’s EHR Interoperability Plan Builds
Apr11

Criticism of ONC’s EHR Interoperability Plan Builds

The Office of the National Coordinator for Health IT proposed an Interoperability Roadmap in January this year, to help the healthcare industry achieve the benefits that should come from moving over to electronic health record (EHR) systems. The ultimate aim of the plan is to create an environment where medical professionals can share data on patients and access medical information quickly and easily, which in turn should have an important impact on patient outcomes. After the issuing of the first draft, the ONC invited healthcare providers and other holders of healthcare data to read the roadmap and send in comments. That comment period ended on April 3, and many healthcare organizations took the opportunity to help the ONC achieve its goal. Criticism has been constructive and a number of concerns have been raised. Timescale for Critical Actions The Interoperability Roadmap calls for a number of actions to be taken by both stakeholders of healthcare organizations as well as industry regulators. These measures are critical to the overall success of the Interoperability Plan and are...

Read More
HIPAA Violation Charge for ProMedica Bay Park Hospital Employee
Apr10

HIPAA Violation Charge for ProMedica Bay Park Hospital Employee

Criminal prosecutions for HIPAA violations hospital employees are a relatively uncommon occurrence, although another case has recently resulted in legal action with a former employee of ProMedica Bay Park Hospital charged with HIPAA violations for inappropriately accessing 596 patient records. Jamie Knapp was indicted by a federal grand jury in Ohio for unlawfully viewing and obtaining protected identifiable healthcare data and for accessing of a protected computer without authorization. The penalty for these charges is a fine of up to $500,000 and a prison term up to 10 years if prosecutors determine that PHI was taken for personal gain. The inappropriate accessing of PHI is alleged to have occurred between April 1, 2013 and April 1, 2014. A police investigation was conducted last summer after the breach was discovered and Knapp was determined to be the employee responsible for the breach. The data compromised in the incident included patient names and dates of birth as well as Protected Health Information including hospital visit numbers, physician names, medications prescribed,...

Read More
American Hospital Association Advises ONC HIPAA is Sufficient
Apr09

American Hospital Association Advises ONC HIPAA is Sufficient

Critics of level of data security required under HIPAA legislation are calling for even greater demands to be placed on holders of Protected Health Information (PHI). Improved security and privacy controls would make it harder for cybercriminals – and other data thieves – from obtaining healthcare data. The Interoperability Roadmap of the Office of the National Coordinator is intended to help achieve nationwide secure health data exchange involving the EHR systems that have now been implemented by many healthcare organizations. The roadmap calls for changes to be made to the existing framework of rules and regulations to improve cybersecurity controls to help achieve interoperability. The American Hospital Association (AHA) disagrees. AHA Voices Opinion on the ONC Interoperability Roadmap The ONC published a draft of the Roadmap back in January and invited healthcare organizations to submit comments. It will assess the feedback it receives before releasing the final version of the Interoperability Roadmap. The ONC has received criticism from many quarters over the first draft, with...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist