25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Hacking: How Severe is the Threat to the Healthcare Industry?

Retail, financial, entertainment, healthcare. It would appear that no industry is safe from hackers. The volume of incidents reported over the past 12 months, and the sheer scale and complexity of some of the attacks indicate that the threat level is currently at critical. The healthcare industry in particular appears to be under attack. Two hacking incidents on health insurers resulted in the perpetrators obtaining 78.8 million records from Anthem and approximately 11 million records from Premera Blue Cross, the latter including healthcare data. There were numerous smaller incidents reported where hackers had gained access to PHI according to data from the Office for Civil Rights. The OCR requires all HIPAA-covered entities to report data breaches affecting more than 500-individuals within 60 days of discovery. Between March 1st 2014 and February 28th 2015, the OCR received 31 breach reports that were attributed to hacking/IT incidents. However, the data only includes hacking incidents involving data covered under HIPAA and in many cases data breaches are not noticed until...

Read More

Horizon Class Action Claim for HIPAA Breach Tossed

According to a report in the New Jersey Law Journal, a class-action claim for a HIPAA breach has been thrown out by a NJ judge. The claim was filed by four plaintiffs against New Jersey’s largest health insurer, Horizon Blue Cross Blue Shield (HBCBS). The incident that triggered the lawsuit was a breach of HIPAA data caused by the theft of two unencrypted laptop computers from the Newark office of the HBCBS back in November 2013. The breach exposed the data of approximately 840,000 of the insurer’s members in one of the largest data breaches to be reported that year. The quartet alleged that as a result of the breach they – and more than 830,000 other members – were placed at an elevated risk of suffering identity fraud because PHI had been obtained by thieves along with their Social Security numbers. There is no private right of action under HIPAA; however the Connecticut Supreme Court made the decision to allow individuals affected by data breaches to sue the organizations after data breaches, provided there is evidence of negligence. A class action lawsuit for a breach of...

Read More

How Can PHI be Shared Under HIPAA?

Under the Health Insurance Portability and Accountability Act, specifically the HIPAA Privacy Rule, Protected Health Information (PHI) cannot be shared with unauthorized individuals. Since the Omnibus Rule was introduced, covered entities (CE) are also not permitted to use PHI for marketing purposes, so how can PHI be shared under HIPAA? How Can PHI be Shared Under HIPAA? The sharing of Protected Health Information is not permitted under the Privacy Rule, so if a CE wants to share that data – for marketing purposes, research or any other reason – individual records must be de-identified. If it is not possible to identify an individual from the data, the information is not considered to be PHI. Therefore, if all personal identifiers are stripped from the data, the CE will be free to do with the data whatever they wish, as the data will no longer be considered to be PHI. Why De-identify Data? Healthcare providers may wish to conduct comparative drug effectiveness studies in order to check the effectiveness of different treatment methods on patient outcomes for example. Medical...

Read More

Current Risk of Fraud from 2012 Philadelphia Ambulance HIPAA Breach

This week the Philadelphia Fire Department reported a data breach involving 750 individuals who had used the ambulance service in 2012. Three years ago an employee of Intermedix, the company it used to handle the Fire Department’s data needs, had been given access to records; however one employee used his data access privileges to steal financial data of patients. The data was stolen in order to file fraudulent tax returns according to an investigation launched soon after the discovery of the breach. The employee responsible is now in prison, and at the time it was deemed that the information had not been sold on or used inappropriately. However, earlier this year, law enforcement officers in Florida found a sheet of data in the possession of an individual which contained billing records of patients who had used the Philadelphia Ambulance Service. Upon investigation it was discovered that approximately 750 patients had their financial information exposed and potentially sold on. The persons affected were those who had used the service on April 1 or April 2, 2012. The Fire...

Read More
HIPAA Breach Report: January 2015
Apr04

HIPAA Breach Report: January 2015

January 2015 HIPAA Breach Summary: The HIPAA Breach Notification Rule demands that Healthcare providers, health plans healthcare clearinghouses and Business Associates report data breaches involving more than 500 individuals to the Office for Civil Rights of the HHS within sixty days of the discovery of the breach. A summary of the HIPAA breaches reported to the OCR for the month of January, 2015 is detailed below: Major HIPAA Breaches in January 2015 Following the relatively quiet month of December when few HIPAA breathes were reported, data theft increased in January with 17 separate incidents being reported to the Office for Civil Rights via its breach reporting portal. The Tennessee Rural Health Improvement Association (TN) Health Plan recorded a major HIPAA breach in which 79,000 of its plan member records were potentially accessed and disclosed to unauthorized individuals. Aspire Indiana, Inc. (IN) reported the theft of a number of laptop computers which contained the Social Security numbers and personal identifiers of 43,890 of its employees and clients; although no...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist