25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Sutter Health California Pacific Medical Center HIPAA Breach Announced
Jan23

Sutter Health California Pacific Medical Center HIPAA Breach Announced

Sutter Health, a not-for-profit health system in Northern California, has issued a breach notification alerting the public and patients to a security incident that occurred at its California Pacific Medical Center (CPMC). CPMC reported that it discovered a case of improper access of patient records by an employee during one of its “proactive” audits of electronic medical records on October 10, 2014. That audit showed that one employee had accessed the records of 14 patients. Those patients were mailed breach notification letters on October 21st 2014 and the work contract of the employee in question was terminated. Once the breach had been stopped, CPMC investigated the matter further and discovered a total of 844 patient records had potentially been viewed inappropriately, as there appeared to be no apparent treatment or business purpose that required those records to be viewed. The records were accessed over a period of a year, between October 2013 and October 2014 According to the statement, the information which was potentially accessed by the employee included “patient...

Read More

Government to Help Mobile Health Developers Comply with HIPAA

Mobile health apps have great potential to improve efficiency in healthcare as well as patient outcomes; however, developers of mobile health apps are struggling to attract interest from healthcare providers due to fears that their products would cause violations of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA Privacy and Security Rules serve to protect patient privacy and keep health and personal data secure. Substantial financial penalties are being issued by both the Office for Civil Rights and Attorney General’s Offices for non-compliance, and understandably healthcare providers are being extremely cautious with any new technology or software that could potentially touch the Protected Health Information of their patients. The App Association (ACT) – an advocacy and educational organization representing mobile app developers – wrote to the Office for Civil Rights requesting clarification on HIPAA privacy rules, and how they apply to mobile developers. Developers are keen to incorporate the required privacy controls to ensure HIPAA compliance;...

Read More
Mass. Marijuana Program HIPAA Breach Reported
Jan20

Mass. Marijuana Program HIPAA Breach Reported

A violation of the HIPAA Privacy Rule has been reported after the Massachusetts Health Department sent a mailing to patients enrolled in its medical marijuana program. The violation involves a bizarre oversight, which should have been detected prior to the email being sent. Over a period of three months, more than 6,800 emails were sent to patients advising them that they had been approved to join the medical marijuana program run by the state. This information is sensitive and should have been communicated to the patients via a secure medium. The mailing the patients received included a subject line of “Confirmation of Patient Certification in the Medical Use of Marijuana Online System.” Also contained in the emails was the intended recipient’s full name and registration number. Since the emails contained personal identifiers and the choice of subject line, this incident is considered to be a breach of HIPAA Privacy Rule as the enrollment in the program can be classed as medical information. Also of concern is the incident involved a unique code and the patient’s email address,...

Read More
NAAC Announces HIPAA Compliance Program for Ambulance Privacy Officers
Jan19

NAAC Announces HIPAA Compliance Program for Ambulance Privacy Officers

NAAC – The National Academy of Ambulance Compliance – has announced that it will be launching the nation’s first Certified Ambulance Privacy Officer (CAPO) program to help ambulance professionals comply with the Health Insurance Portability and Accessibility Act of 1996 (HIPAA) and its subsequent amendments. “The Certified Ambulance Privacy Officer program is a ground-breaking opportunity for an industry that often struggles with the difficult challenges that HIPAA presents,” according to National EMS attorney, Steve Wirth; one of the developers of the HIPAA compliance program. The healthcare industry has been hit with a number of high profile breaches in recent years and millions of individuals have had their protected health information exposed. The industry faces an increased threat of targeted attacks by cybercriminals looking to steal data to commit identify and medical fraud and the penalties for HIPAA violations as considerable. The OCR has been enforcing HIPAA more aggressively since the introduction of the HITECH Act and substantial financial penalties are being...

Read More
Email HIPAA Breach Reported by St. Louis County Health Department
Jan17

Email HIPAA Breach Reported by St. Louis County Health Department

St. Louis County Health Department has reported that a former employee has inadvertently breached the Health Insurance Portability and Accountability Act after she sent an email containing Protected Health Information to her personal email account. The data related to inmates who had previously been held at the Buzz Westfall Justice Center between 2008 and 2014. The data was contained in a document and included Social Security numbers and personal information. It is not clear at this stage why the document was sent to the employees email account and whether this was for the purpose of working from home or to use the data for any other means. St. Louis County Department of Health spokesman, Craig LeFebvre, issued a statement to the media regarding the breach in which he said that the employee was contacted and told to delete the document and she is understood to have complied with the request; although an investigation into the security breach is ongoing. Under the HIPAA Breach Notification Rule, all covered entities are required to notify individuals affected by a data breach...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist