25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Potential HIPAA Violations Settled by Washington County Government

HIPAA compliance is critical in healthcare; however it is not just hospitals and clinics that need to take note of HIPAA regulations. Local and county governments must also comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules or they face the consequences. Skagit County, Washington is paying the price for failing to implement the appropriate controls and safeguards to protect the data it held. Skagit County agreed to pay the OCR $215,000 following the exposure of data of seven individuals. Data was accessed by unknown third parties after ePHI data was unwittingly transferred to a server accessible to the public. The data breach was small but involved receipts and ePHI being made public. The investigation following the data exposure revealed numerous other HIPAA violations which potentially exposed the data of 1,581 individuals; data which included ePHI and other highly sensitive information covering the treatment, testing and management of infectious diseases. Other issues were uncovered in the...

Read More

Organizations Urged to Take Notice of HIPAA Omnibus Rule

The addition of the HIPAA Omnibus rule means organizations need to reassess their privacy and security practices to avoid a wider range of penalties for data security violations. The HHS Office for Civil Rights will start conducting random compliance audits next year and any organization found to be in breach of any HIPAA regulations will face stiff penalties. Recent audits have revealed numerous HIPAA violations which is a cause of serious concern. Many organizations have failed to implement strategies to protect data and become HIPAA compliant. If subjected to an audit, organizations must be able to produce documentation to demonstrate that appropriate efforts have been made to with regard to cybersecurity and that a compliance program has been put in place. Ignorance of current data security regulations is no defense and stiff penalties are being issued for HIPAA failures, including many the new additional penalties under the new Omnibus Rule. Fines for violations have also been increased. Under the new rule there are four areas under which a company can be fined for neglect...

Read More

ONC Submits Data Security Report to Congress

The adoption of health information technology has potential to expose patient data and can easily result in breaches of HIPAA regulations. On 2nd October, The Office of the National Coordinator for Health Information Technology (ONC) published a report to congress providing advice and recommendations on how new technology can be utilized in healthcare and how the secure exchange of health information can provide considerable patient benefits. The report, entitled Update on the Adoption of Health Information Technology and Related Efforts to Facilitate the Electronic Use and Exchange of Health Information, provided information on the barriers that are hindering the exchange of health information together with suggestions on how the federal government can take action to remove some of those barriers. ONC listed ‘Privacy and Security Protections for Health Information’ as one of its key building blocks to ensure smooth integration of IT in healthcare to ensure patient data privacy rights is protected. Congress was provided with a reminder of the Health and Human Services department’s...

Read More

40,000-Record Healthcare Database Stolen from Storage Shed in New Jersey

A bizarre report has been released this week on the theft of confidential patient records from a physician in New Jersey. The theft has potentially exposed the medical records of approximately 40,000 patients to unknown individuals. The patient records belonged to Dr. Nisar A. Quraishi, an internal medicine specialist and assistant professor of medicine at the NYU Langone Trinity Center in New York, who was storing the PHI in a shed at his office storage facility. The theft was noticed on Tuesday October 21, although the actual date of the theft remains unknown. Dr. Quraishi last visited his storage facility in August this year, and after leaving ensured that the shed was secured with two padlocks. This week, on his return to the shed, he discovered that both latches had been cut and on entering the shed he noticed that all of his patient records had been stolen. Dr. Quraishi was unable to provide the authorities with any details of the persons affected, only that the documents related to patients treated between 1982 and 2009, some of whom were possibly still being treated by the...

Read More
Data Privacy Breach to Cost Tenet Healthcare up to $32.5 Million
Oct23

Data Privacy Breach to Cost Tenet Healthcare up to $32.5 Million

Tenet Healthcare is one of the leading providers of healthcare in the United States with the Texas based company operating healthcare facilities all over the country. For the past 17 years the company has been embroiled in a class action lawsuit stemming from a major data privacy breach at one of its psychiatric healthcare centers. The lawsuit was originally filed in 1997 following the potential exposure of confidential patient mental health information contained in boxes that were dumped outside Tenet’s facility in Algiers. The data related to patients of the JoEllen Smith Psychiatric Center and a class action lawsuit was filed to recover damages. The incident occurred when the center was ordered to be closed and the contents of the office were being cleared. While authorization was provided to empty the center of its contents, a number of boxes of medical records were included in the material to be disposed of and they were left in plain view in front of the shuttered healthcare center. The boxes contained thousands of detailed medical records including admission logs, diagnoses,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist