25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Breach or Not? When the OCR Must be Informed?

The Health Insurance Portability and Accountability Act lays down the procedures which must be followed after covered entities (CEs) discover that hackers have gained access to networks, laptops containing unencrypted PHI have been lost or stolen or members of staff have been found to have accessed patient health records without authorization. But how can you tell if your incident is a HIPAA breach or not? When the OCR must be informed of a Data Breach Not all data breaches are HIPAA breaches and not all HIPAA breaches involve data breaches. So, when should the OCR be informed and how should a data breach be classified? The Omnibus Rule made a number of amendments to terminology and definitions in HIPAA. The Breach Notification Rules were not amended, so the response to breaches remains the same as before, but additional elements were changed, most importantly relating to how a breach is reviewed. The change places a requirement on the CE to determine the level of risk that exists after a breach has occurred, and to conduct a thorough risk assessment to determine if PHI has...

Read More
300,000 Records Exposed in University of Maryland Security Breach
Feb19

300,000 Records Exposed in University of Maryland Security Breach

309,079 staff and students at the University of Maryland have been affected by a security breach that exposed Social Security numbers, names, dates of birth and university ID numbers. The victims are from the Shady Grove and College Park campuses, and their information was stored in an old database containing the records of people who had previously been issued with University identity cards. The records date back to 1998. Hackers were able to gain access to the database via a server, in spite of several layers of security being in place. They located the database and essentially “made a Xerox of it and took off” according to Brian Voss, the University of Maryland’s Vice President and Chief Information Officer. Once inside the network, the hackers were able to make a copy of the data, but what is concerning in this incident is the how the hackers past the several layers of security that U-Md had put in place. A recent data breach report in the Washington Post reported Voss as saying “what most concerns him is the sophistication of the attack.” He went on to say that the hacker or...

Read More
Brookings Report: HIPAA Hacks Up 1,800 Percent
Feb19

Brookings Report: HIPAA Hacks Up 1,800 Percent

A new report by the Brookings Institution predicts a wave of HIPAA data breaches in 2015 and claims that the healthcare industry is particularly vulnerable to attack and that there is a lack of consequences for healthcare providers that violate HIPAA Rules. The report suggests that if breaches are to be avoided, healthcare providers, health plans, clearinghouses, and business associates must invest more heavily in IT security and must be further incentivized to make changes to improve privacy and security standards. The Brookings Institution was founded in 1916 following the formation of the Institute for Government Research (IGR) and was the first organization devoted to analyzing public policy issues at the national level. The organization has produced numerous influential proposals for Congress, homeland security, and a number of intelligence operations and has helped shape debates and influenced national policies. The latest report focuses on data security in the healthcare industry, and the timing of its release couldn’t be more appropriate, in the week that followed the...

Read More
Central Texas Clinic Notifies 8,700 of HIPAA Breach
Feb18

Central Texas Clinic Notifies 8,700 of HIPAA Breach

A central Texas clinic, Lone Star Circle of Care of Georgetown, has learned that a backup file containing the personal information of 8,700 individuals has been available through the community health center’s website for a period of six months, during which time it was accessed on a number of occasions by unknown individuals. The file was created on 31st July 2014; however the data breach was not discovered until 9th January 2015. The breach has been attributed to the actions of an individual employed by a company tasked with designing, maintaining and securing the website. That person had accidentally generated a backup file which was subsequently placed in an unsecured folder accessible to the public via the Lone Star website. No direct link to the file was posted online, although the file was accessible through the website search facility and could be downloaded in full by anyone able to locate it. The file was not secured with a username or password and at this stage is not clear how many individuals were able to download the data. LSCC has confirmed that no medical information...

Read More

Wearable Devices Carry High Risk of Causing HIPAA Violations

Advances in technology have allowed wearable devices to be developed to monitor health and fitness, and while these gadgets, monitors and sensors have potential to greatly improve healthcare, they also carry a high risk of a causing a HIPAA violation. Over the past 12 months the number of devices in use has grown at a tremendous rate. In 2013 the market for wearable devices was estimated to be worth $1.4 billion and by 2024, sales of wearable devices are expected to generate $70 billion per year. High Risk of Data Exposure   Wearable devices include fitness bands, such as those developed by Fitbit, which record detailed data during exercise and everyday living. In 2011, users of the devices discovered just how much personal information was saved, stored and unfortunately for many, also shared with the online community. Some discovered their exercise data had been indexed by Google and was publicly available. Not only was data from jogging, cycling and running sessions recorded, but also much more personal information including other forms of “exercise”. This included kissing,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist