25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Major Focus on Cybersecurity at HIMSS15

The HIMSS Annual Conference & Exhibition is a firm fixture in many healthcare IT professionals’ yearly work calendars. The conference showcases the latest healthcare technologies and highlights current trends in the industry, while keynote speakers share solutions in health IT. The move to EHRs has elevated risk of cybercrime and the massive data breaches to hit all industries over the past 12 months clearly demonstrate that the threat from hackers is a very real. Furthermore cybercriminals are targeting healthcare providers and health plans in search of the Protected Health Information (PHI) they hold. In February and March of this year, two massive hacking incidents were reported by health insurers which resulted in 89,800,000 confidential records being obtained by cyber criminals. 11 million of those records were reported to have contained sensitive PHI. This year, HIMSS has a strong cybersecurity focus to help the industry take proactive steps to improve defenses against hackers. There will be a new Cybersecurity Command Center at this year’s conference, which will allow...

Read More
Hattiesburg Clinic Notifies Patients of HIPAA Privacy Breach
Apr02

Hattiesburg Clinic Notifies Patients of HIPAA Privacy Breach

The Hattiesburg Clinic, a physician-owned multi-specialty practice based in South Mississippi, has alerted its patients to an invasion of their privacy after an optometry provider used the clinic’s database to send out a mailing to patients advising them of his new employer. The breach was discovered by a patient who alerted 7WDAM about the potential HIPAA breach. Staff at 7WDAM contacted the clinic to advise them of the potential privacy breach, and an investigation into the incident was launched. The clinic sent Breach Notification letters to patients on March 20, 2015, alerting them to a potential breach of their privacy. The notification letter told patients that the clinic became aware of the breach on January 23, 2015. The clinic discovered that former optometrist, Dr. Scott Paladichuk, had accessed the clinic’s patient database on a number of occasions and had viewed and copied a number of records of patients, many of whom he had no treatment relationship with. The investigation determined that the records were accessed over a period of two weeks between December 11 and...

Read More

March Sees Massive Hike in Healthcare Data Hacking

The number of successful cyber attacks spiked in March, with 11 incidents reported to the Office for Civil Rights, although since HIPAA-covered entities have up to 60 days from the discovery of a data breach until a breach notification must be submitted, that figure may yet rise. In February, there was one reported hacking incident involving HIPAA-covered data, and just 2 reported in January. Last month, 11-milliion health plan records were exposed in the huge data breach at Premera Blue Cross; an incident potentially much more serious than the Anthem breach the month before due to the extent of data acquired by thieves. The Premera hack allo9wed the perpetrators to copy Social Security numbers, personal identifiers and healthcare data. There were also a number of other large scale breaches reported to the OCR in March. The Virginia Department of Medical Assistance Services (VA-DMAS) reported a network server hacking incident in which 697,586 plan member records were exposed and 151,626 records were compromised at Advantage Consolidated. Over 90,000 records were exposed in separate...

Read More

HIPAA Audits May Give False Sense of Security

The news that Premera Blue Cross was audited just three weeks before hackers were able to infiltrate its computer systems has raised a number of questions regarding the effectiveness of HIPAA compliance audits. The U.S. Office of Personal Management performed an audit of the health insurer and identified a number of security vulnerabilities that it advised Premera to address, in particular the failure to install patches and software updates in a timely manner and the importance of developing a baseline configuration that would allow full audits of the insurer’s servers and databases to be conducted. It took the OPM six months to release its final report on the audit, during which time hackers were accessing and copying the PHI of Premera’s members. After the report was released, it took a further 2 months before the insurer was able to identify the HIPAA breach and shut down access, although that was too late to prevent the PHI of 11 million members from being obtained by the thieves. These issues, along with a handful of other observations, were not considered to be serious enough...

Read More

Cloud Security Adoption: Healthcare and Pharmaceutical Lead the Way

When it comes to Cloud Security adoption, the healthcare and pharmaceutical industries lead the way according to a recent survey by CipherCloud, an industry leading provider of secure cloud services. Both industries are required to implement safeguards – under the Health Insurance Portability and Accountability Act (HIPAA) – to ensure that Protected Health Information is kept private and confidential, which according to the report is the reason why cloud security adoption is so important and uptake has been so high in these industries. Healthcare and pharmaceuticals have been grouped together in the report, and account for 38% of companies which have chosen to store data securely in the cloud. The banking and finance industry is second, accounting for 25% of companies, with telecommunications third (16%) and the Government in fourth spot (9%). HIPAA does not demand that PHI is encrypted while at rest, although data encryption is an addressable area. If covered-organizations decide not to encrypt data, they must document the reasons why, along with the alternative safeguards...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist