25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Sony Pictures Hack Exposes Sensitive Employee Health Information
Dec05

Sony Pictures Hack Exposes Sensitive Employee Health Information

This week saw Sony Pictures attacked by a group of hackers calling themselves “Guardians of Peace”. The hackers gained access to a number of computers of Sony Pictures employees and obtained files containing highly sensitive information. The group then proceeded to publish some of the stolen documents and spreadsheets online as evidence of their successful hack. Included in the posts was what appeared to be a list of passwords to three machines the hackers claimed to control. The group is claiming to have gained access to hundreds of Sony Pictures computers According to Fusion.net, the files obtained from the computers include a spreadsheet containing the names, birth dates and social security numbers of 3,803 employees of Sony Pictures. The list also includes the details of the company’s top executives, with payroll data also available. Details of employee pay raises and other financial information is in the unprotected data. One document details the staff that had contracts terminated in 2014, with the reasons why their employment was terminated. The data is not limited to...

Read More
Small Healthcare Practices Likely to be Hit with Huge HIPAA Fines
Dec04

Small Healthcare Practices Likely to be Hit with Huge HIPAA Fines

A recent HIPAA compliance survey conducted on small healthcare organizations and billing companies has highlighted major flaws in data security, which in light of the upcoming random audits being conducted by the Office for Civil Rights could see small healthcare institutions hit particularly hard. Fines for HIPAA non-compliance are considerable and all HIPAA-covered entities can potentially be audited, even relatively small healthcare organizations. The survey was conducted by Porter Research on behalf of The Daniel Brown Law Group and NueMD. 1,100 healthcare professionals were asked about the efforts that had been made to secure ePHI and whether they consider their organizations to be fully HIPAA-compliant. The results of the survey show that many small healthcare entities are breaching HIPAA regulations and are struggling to cope with the new rules on data security. It is not just HIPAA that is an issue. Healthcare companies are faced with increased regulations from ICD-10 and Meaningful use and are struggling to keep their policies and procedures compliant with all current...

Read More
Healthcare Organizations a Soft Target for Cybercriminals
Dec04

Healthcare Organizations a Soft Target for Cybercriminals

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 at a time when the internet was still in its infancy. Over the following 18 years the volume of information stored in an electronic format has grown at an extraordinary pace, and with it, so has the threat of theft. Today, ePHI is stored on servers, in the cloud and on mobiles and laptops and according to a recent report by IDC Health Insights, the healthcare industry is seen as a soft target by cybercriminals. The report; titled “Business Strategy: Thwarting Cyber Threats and Attacks against Healthcare Organizations,” suggests that the security issues faced by the healthcare industry are a result of poor investment in IT security infrastructure over the preceeding 18 years. The financial industry is a prime target for cybercriminals, but organizations have invested heavily in security systems to protect the financial details of clients. While no organization is impregnable to attack, they are viewed by criminals as hard targets. Hospitals and healthcare clinics on the other hand are relatively easy...

Read More

HIPAA Settlement Reached for Dumpster PHI Exposure

Under Health Insurance Portability and Accountability Act (HIPAA) data privacy and security rules, Protected Health Information (PHI) must be secured at all times and when data is no longer required it must be destroyed to prevent accidental exposure. In May 2013, Midwest Women’s Healthcare Specialists disposed of a number of medical records of patients; however the files were placed in an open dumpster. While the material was destined to be destroyed, unauthorized individuals could have easily gained access to the information. The HIPAA violation would perhaps not have been identified had it not been a particularly windy day. However, the some of the paper PHI records were blown from the dumpster up the street and the medical records were dispersed over an area of several blocks. The data included in the files and notes included personal identifiable information, addresses, diagnoses, treatment details and test results. Many of the records also detailed the patient’s Social Security numbers. In total, the records of 1,532 female patients from Missouri were potentially exposed by...

Read More

Business Associates Account for 40 Percent of HIPAA Breaches

During the first quarter of 2013, 40% of all HIPAA breaches involving the exposure of PHI that affected more than 500 individuals were the result of the actions of business associates of HIPAA–covered entities. The problem appears to be growing, as over the previous four years BA’s caused 30% of all reported HIPAA security breaches. This fact has not been missed by the Department of Health and Human Services. New legislation has been introduced which makes business associates accountable for their actions – or lack of them – to maintain the security of Protected Health Information. Business associates and their subcontractors are now covered by the latest amendment to HIPAA; the Omnibus Rule. Under the new rule, the Office for Civil Rights has the power to investigate business associates for HIPAA compliance issues and BA’s are expected to be included in the upcoming HIPAA audits. If the OCR discovers HIPAA compliance issues, business associates will be held accountable regardless of whether or not there has been a data breach and fines will be issued directly by the OCR. Before...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist