25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Second Round HIPAA Compliance Audits Delayed Again
Mar17

Second Round HIPAA Compliance Audits Delayed Again

The Office for Civil Rights is due to commence the second round of HIPAA compliance audits this year, although news has emerged that the audits are to be delayed once more to give the department time to finalized the audit protocol. The second round audits were originally scheduled to take place in the fall of last year, but were delayed to give the OCR time to implement a new web portal for reporting data breaches. This measure was essential due to the huge administrative burden that healthcare audits place on the OCR. The new web portal was intended to streamline data collection and ease pressure on the department, which has been struggling with a lack of resources and staff. OCR Information Privacy Senior Advisor, Linda Sanches, said at the HIMSS Privacy and Security Forum that she was “Happy because the process that we were going to use before was much more labor intensive in term of analyzing data.” The pilot round of HIPAA compliance audits commenced in 2011 and was completed in 2012. The results of the survey indicated that healthcare organizations in particular were failing...

Read More

Amedisys Discovers Data Encryption Alone May Not Prevent A HIPAA PHI Breach

The Baton Rouge based home health and hospice provider, Amedisys Inc., has issued approximately 6,900 breach notification letters to patients alerting them to a potential disclosure of their Protected Health Information. While most data breaches involving electronic Protected Health Information arise as a result of a failure to implement data encryption, this latest HIPAA breach occurred in spite of 256-bit data encryption being employed. The data breach was discovered during an audit of IT equipment revealed that 142 desktop computers and laptops were missing. The company ascertained that the missing computers had been issued to members of staff, but had not been recalled when the individuals’ employment came to an end. While the data was encrypted, since the security keys fort the devices remained active, the protection put in place to protect PHI was rendered useless. The PHI stored on the computer hardware included Social Security numbers together with patient names, addresses, dates of birth, insurance ID number, medical records and other unspecified personally identifiable...

Read More

HIPAA and Wiretap Act Could Prevent Installation of Nursing Home Cameras

According to a recent CBS Local report, an Illinois House committee will be meeting next week to discuss the privacy issues raised by the installation of web-based video cameras in nursing home residents’ bedrooms and how HIPAA Rules and the Wiretap Act regulations can be adhered to. The installation of video cameras in nursing homes has been proposed following numerous allegations of neglect and abuse in nursing homes throughout the United States. Nursing home employees are also accused of the financial exploitation of residents and each year many reported cases result in legal action. However, proving abuse and neglect in a court of law can be difficult, especially when the victim suffers from dementia or Alzheimer’s. Action Being Taken to Protect Nursing Home Patients Efforts have been made in both Illinois and Missouri to allow the installation of video cameras in nursing homes to monitor for abuse and to deter staff from abusing residents. When abuse occurs, evidence will be recorded on the cameras or footage can be monitored remotely. The problem is that video cameras record...

Read More

HIPAA Compliance and the Cloud

The cloud offers many advantages to healthcare providers and other covered entities. It is possible to use cloud services and remain HIPAA compliant; however, it can be a long and arduous process to obtain all the necessary documentation to confirm that is the case, and if you can’t, you could end up violating HIPAA Regulations. The cloud is convenient and flexible. Covered entities (CEs) can use private and secure cloud services which allow a great deal of customization and there are now a wide range of companies offering cloud based services to the healthcare industry; an industry that has traditionally lagged behind others when it comes to adopting new IT technology. However, any CE using the cloud must exercise extreme caution, especially when it comes to moving data to and it. This is an area well covered by HIPAA regulations. Many healthcare providers have ventured into the cloud already and have implemented their own measures to ensure that PHI is secured. Today, a number of providers of cloud services are taking care of this aspect of the business and are offering “HIPAA...

Read More
HIPAA Breach Report: December 2014
Mar12

HIPAA Breach Report: December 2014

December 2014 HIPAA Breach Summary: The Breach Notification Rule of HIPAA places a requirement on covered entities and their Business Associates, to notify the Office for Civil Rights of the Department of Health and Human Services of data breaches affecting more than 500 individuals. The time limit for doing so is 60 days from discovery of the breach. This report contains a summary of the breaches reported to the OCR during the month of December, 2014. Major HIPAA Breaches in December 2014 December saw a major fall in the number of reported breaches with just 9 incidents reported for the month. The massive data breach at Sony Pictures dominated the newspaper headlines, and while huge volumes of highly sensitive data were obtained by hackers, the majority of this information was not covered by HIPAA. However, 30,000 records relating to the Sony Pictures Entertainment Health and Welfare Benefits Plan was present in the data stolen by the cybercriminals. Walgreen Co. (IL) reported another data breach involving paper records. In this incident, of which scant details were released, up...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist