25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Federal Officials to Explore HIPAA Rules on Data Encryption
Feb10

Federal Officials to Explore HIPAA Rules on Data Encryption

On Friday last week, a day after Anthem Inc., announced the largest ever reported HIPAA breach, the Senate Health, Education, Labor and Pensions committee announced that the healthcare IT security is to be addressed and that it will “take up the matter as part of a bipartisan review of health information security”. The AP reports Jim Jeffries, spokesman for chairman Lamar Alexander, R-Tenn, as saying “We will consider whether there are ways to strengthen current protections.” Last year saw major data breaches at Sony Pictures and Target which exposed highly sensitive information about employees and customers, while the healthcare industry was hit with a number of breaches including the successful hacking of Community Health Systems in April and June, in which 4.5 million patient records were exposed. The latest incident is on an unprecedented scale in healthcare, having affected up to 80 million individuals. The latest breach confirms the FBIs warning of increased attacks on healthcare organizations. Hackers are targeting organizations for the data they hold and the...

Read More
Burglary Causes 45,030-Patient HIPAA Breach at Aspire Indiana
Feb09

Burglary Causes 45,030-Patient HIPAA Breach at Aspire Indiana

Aspire Indiana has announced that the PHI of 45,030 individuals had been obtained by thieves in a Nov 7, burglary of its administrative offices. The perpetrator(s) stole a number of laptop computers containing unencrypted PHI, including 1,548 identifiable Social Security numbers. This incident exposed more Protected Health Records than the December’s Sony Pictures Entertainment Health and Welfare Benefits Plan breach and January’s UMass Memorial Medical Group HIPAA breach combined. Aspire Indiana, Inc., is a private behavioral and mental health not-for-profit organization with administrative offices in Noblesville, Indiana. It was these offices that were burglarized according to the notice and the crime has has been reported to law enforcement which is conducting an investigation. It is not clear whether the thieves broke into the offices with the intention of stealing medical records. As soon as the theft of the PHI was discovered, the company immediately embarked on a process of damage mitigation. It commissioned a forensic analysis to determine exactly what data was stored on...

Read More
HIPAA Breach Report: November 2014
Feb07

HIPAA Breach Report: November 2014

November 2014 HIPAA Breach Summary: Under the Health Insurance Portability and Accountability Act, all covered entities – including their Business Associates – are required to report data breaches affecting more than 500 individuals to the Office for Civil Rights. The report must be made via the HHS’ breach notification portal. Covered entities have up to 60 days to report breaches from the data of discovery This report contains a summary of the breaches reported to the OCR during the month of November, 2014. Major HIPAA Breaches in November 2014 Although relatively few data breaches were reported as having occurred in November, a high proportion involved the disclosure of tens of thousands of patient records. The largest HIPAA breaches involved the theft of data and network server incidents. The Central Dermatology Center, P.A. (NC), reported a data breach in which 76,258 health records were exposed after malware was identified on its network, although it is not clear if any information was viewed or obtained. Visionworks Inc. (TX) announced a 74,944-record HIPAA breach...

Read More
HHS Reporting Deadline for 2014 HIPAA Breach Reports
Feb05

HHS Reporting Deadline for 2014 HIPAA Breach Reports

The deadline for reporting security breaches (involving fewer than 500 individuals) from 2014 is in a little over three weeks. Any healthcare provider or other covered entity that has not submitted all 2014 breach reports must ensure they have all been filed – and are updated – via the HHS website portal by the March 2, 2015 deadline. All organizations covered by the Health Insurance Portability and Accountability Act are required to report breaches affecting more than 500 individuals within 60 days of the discovery of the breach according to HIPAA Breach Notification Rules. The Office for Civil Rights must be informed, while all individuals affected by the breach also need to be notified to allow them to take the necessary steps to mitigate any damage caused. Covered entities are also required to report breaches affecting fewer than 500 individuals to the Department of Health and Human Services, although the breach reports only need to be submitted once per year. A failure to submit a breach report – or submitting inaccurate breach reports – is a violation of the HIPAA...

Read More
HHS Updates HIPAA Data Breach Reporting Portal
Feb05

HHS Updates HIPAA Data Breach Reporting Portal

A new OCR HIPAA Web Portal has been installed on the HHS website, streamlining data collection on potential HIPAA violations and the reporting of HIPAA Privacy and Security Breaches. The second round of HIPAA compliance audits – originally penciled for October 2014 – were delayed due to the implementation of the new web portal. The update signals that the Office for Civil Rights is making good progress and that it will soon be in a position to start sending pre-audit surveys and commence Phase 2 of its HIPAA compliance audit program. HIPAA Breach Report Portal Changes The previous web portal consisted of a single page for filing reports, while the new Java-based wizard takes the user through a multi-step complaint/breach reporting process. Each step must be completed before progressing to the next section. The new wizard makes it more straightforward to file reports, although initially, it may prove to be more time-consuming for users to file reports. When filing breach reports or making HIPAA Privacy complaints, the user is routed through a series of specific questions with the...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist