25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Sacred Heart Health System Suffers Hacking HIPAA Breach
Mar18

Sacred Heart Health System Suffers Hacking HIPAA Breach

The Sacred Heart Health System, a regional health system serving north Florida and south Alabama, has reported that a hacker has infiltrated the e-mail account of a Business Associate and has potentially obtained the personally identifiable information and Protected Health Information of approximately 14,000 individuals. The security incident was caused when an employee of the Business Associate had their account username and password compromised in an “e-mail hacking attack”; reportedly a phishing campaign. In recent months hackers have successfully used phishing methods on a number of occasions to obtain user login details. Emails are sent to hospital employees that closely mimic those of individuals who would conceivably require login details to be provided. The users are fooled into revealing their login credentials and the hackers then use that information to access email accounts and PHI. On discovery of the breach the billing vendor immediately shut down the affected e-mail account. The breach was discovered on December 3, 2014, although it was not reported to Sacred Heart...

Read More
Advantage Dental HIPAA Breach Exposes More Than 150K Patient Records
Mar18

Advantage Dental HIPAA Breach Exposes More Than 150K Patient Records

Advantage Dental of Redmond, OR, has announced that hackers have successfully infiltrated its computer systems and have potentially accessed the records of over 151,000 of its patients, according to a report in the Portland Tribune. The Oregon-based company, which primarily provides dental services for low-income patients and operates more than 30 clinics throughout the state, discovered that hackers had gained access to its internal computer systems and patient database over a period of three days between Feb 23 and Feb 26, 2015. In accordance with HIPAA Security Rule Technical Safeguards, Advantage Dental had implemented a system that monitored access to the PHI of its patients, and that intrusion detection system identified individuals who had accessed the Protected Health Information of its patients. Access to the data was quickly shut down but the company determined that during that time, names, addresses, phone numbers, dates of birth, and Social Security numbers were accessed. No financial information, payment details, or healthcare data was exposed in the incident as this...

Read More
Up to 11M Affected By Premera Health HIPAA Breach
Mar18

Up to 11M Affected By Premera Health HIPAA Breach

The healthcare industry has been hit hard by HIPAA breaches in recent months, with February’s data breach at Anthem the largest to date; however, news has just broken that another insurer, Premera Blue Cross, has also been hit by hackers, in what has been described as the largest ever breach of healthcare information. This successful hack potentially compromised the records of up to 11 million individuals. (The Anthem data breach of last month was the largest HIPAA breach ever recorded, although no health information was obtained by hackers in that incident.) The hack has been described as being highly sophisticated in nature, with the initial access to data now determined to have occurred on Mar 5, 2014. The data exposed includes personal identifiers, medical histories, and financial data, including plan member – and applicant – names, dates of birth, postal addresses, email addresses, Social Security numbers, bank account details, clinical information, and details of medical insurance claims; according to a news report from Reuters. The data that has potentially been compromised...

Read More
Second Round HIPAA Compliance Audits Delayed Again
Mar17

Second Round HIPAA Compliance Audits Delayed Again

The Office for Civil Rights is due to commence the second round of HIPAA compliance audits this year, although news has emerged that the audits are to be delayed once more to give the department time to finalized the audit protocol. The second round audits were originally scheduled to take place in the fall of last year, but were delayed to give the OCR time to implement a new web portal for reporting data breaches. This measure was essential due to the huge administrative burden that healthcare audits place on the OCR. The new web portal was intended to streamline data collection and ease pressure on the department, which has been struggling with a lack of resources and staff. OCR Information Privacy Senior Advisor, Linda Sanches, said at the HIMSS Privacy and Security Forum that she was “Happy because the process that we were going to use before was much more labor intensive in term of analyzing data.” The pilot round of HIPAA compliance audits commenced in 2011 and was completed in 2012. The results of the survey indicated that healthcare organizations in particular were failing...

Read More

Amedisys Discovers Data Encryption Alone May Not Prevent A HIPAA PHI Breach

The Baton Rouge based home health and hospice provider, Amedisys Inc., has issued approximately 6,900 breach notification letters to patients alerting them to a potential disclosure of their Protected Health Information. While most data breaches involving electronic Protected Health Information arise as a result of a failure to implement data encryption, this latest HIPAA breach occurred in spite of 256-bit data encryption being employed. The data breach was discovered during an audit of IT equipment revealed that 142 desktop computers and laptops were missing. The company ascertained that the missing computers had been issued to members of staff, but had not been recalled when the individuals’ employment came to an end. While the data was encrypted, since the security keys fort the devices remained active, the protection put in place to protect PHI was rendered useless. The PHI stored on the computer hardware included Social Security numbers together with patient names, addresses, dates of birth, insurance ID number, medical records and other unspecified personally identifiable...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist