25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

5 Class-Action Lawsuits Filed Against Premera for HIPAA Breach

Following any healthcare data breach there are likely to be numerous lawsuits filed by victims seeking damages for having their data exposed to criminals and Premera Blue Cross, which reported an 11M-patient HIPAA data breach earlier this month, has now had 5 class-action filed against it in the past few days. The lawsuits argue that the insurer should be held financially responsible for the incident and must award damages and restitution, in addition to taking action to prevent future breaches and notifying all affected about the specific data that was compromised in the breach. Class Action Lawsuits Resulting from HIPAA Data Breaches It is almost a certainty that litigation will follow a data breach, although it is rare for class-action lawsuits to succeed. In order to successfully claim damages, there must be evidence of loss or damage caused as a result of the data breach. A victim may be placed at an increased risk of suffering medical or identity fraud, but it is unlikely that any damages will be awarded unless that individual can show that their identity has been stolen or...

Read More
Anthem 78.8 Million Breach Notification Letter Mailing Almost Finished
Mar28

Anthem 78.8 Million Breach Notification Letter Mailing Almost Finished

According to a recent statement issued by Anthem spokeswoman, Sarah Yeager, the insurer expects to have completed the arduous task of mailing 78.8 million past and present policyholders – and other individuals – to advise them that their data has been compromised and obtained by hackers. Under the Health Insurance Portability and Accountability Act – specifically the Breach Notification Rule – all covered entities (CEs) are required to send notification letters to all individuals affected by a data breach and to complete the process no later than 60 days following the discovery of the breach. It would appear that Anthem needed all of that time to complete such a monumental task. In spite of the scale of the attack, only 937,478 individuals have so far signed up for the credit monitoring services offered by the insurer through AllClear ID. That figure is almost certain to rise considerably over the coming weeks as all the letters are finally sent. According to an article in Hartford Courant, in spite of the scale of the attack and the number of individuals affected, the...

Read More
Investigations Mount into LifeWise HIPAA Breach
Mar27

Investigations Mount into LifeWise HIPAA Breach

The LifeWise Health Plan of Oregon is being investigated by Washington State and Alaska in the wake of the huge HIPAA breach to affect its parent organization, Premera Blue Cross. Now the state of Oregon has decided to conduct an investigation into the breach after it was determined that approximately 250,000 state residents had been affected. The attack on Premera Blue Health and LifeWise Health Plan – which shared the same IT infrastructure for claims – first occurred in May 2014. Data going back to 2012 was potentially obtained by the thieves. However there was no evidence of data being copied leading experts to believe the attack was highly sophisticated in nature and that data access was somehow masked. The volume of data potentially exposed – and its detailed nature – make this hacking incident the largest ever reported and the most serious and by some distance. Last year 4.5 million records were exposed in a hacking incident at Community Health Systems and the Tricare data breach in 2009 exposed 4.9 million records. In total, 11 million records were exposed in the...

Read More

Data Breach Bill Rejected by New Mexico Senate

The New Mexico Data Breach Notification Act (HB 217) may have been unanimously passed by the house, but the senate has rejected the Act, which would have required businesses to notify customers in the case of a breach of Personally Identifiable Information (PII). The New Mexico description of PII includes Social Security numbers, Government ID numbers, Driver’s license numbers, credit/debit card numbers, bank accounts and information giving access to financial accounts; in cases where that is combined with the person’s full name or last name and initial; although data covered by the Gramm-Leach-Bliley Act of 1999 and the Health Insurance Portability and Accountability Act of 1996 are exempted. The decision not to pass the Act is peculiar. It went before the senate and was unanimously passed by the Corporations Committee; however the Act did not get passed the Judiciary Committee, even though no one voiced concern over the bill. Rep. The rejection however now means that in New Mexico, any individual affected by a data breach involving PII will not be required by law to be notified...

Read More

HIPAA Violation Warning Issued About Medical Record Subpoenas

Law firm, Day Pitney LLP, has issued a warning to healthcare professionals to be cautious about disclosing Protected Health Information, even when asked to provide medical records to attorneys under subpoena. A Connecticut Supreme Court ruling in November 2014 permitted a negligence claim to be filed against a healthcare provider for non-compliance with HIPAA Rules governing the disclosure of PHI to third parties. The court ruled that HIPAA Privacy Rules cover Protected Health Information even when that information is required by attorneys, and requested through proper legal processes. In Connecticut at least, PHI can only be released under subpoena if certain criteria are met. The court cited the Code of Federal Regulations, 45 C.F.R. § 164.512(e)(1)(ii) , which only permits the transfer of Protected Health Information if “satisfactory assurances” have been received that the person whose medical records have been requested to be disclosed has received a notice of the access request. As pointed out by Susan R. Huntington of Day Pitney, in order for PHI to be released under HIPAA...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist