25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Privacy Protection Strengthened in California

On Tuesday 30th September, California Governor Edmund Brown introduced new legislation to improve the level of privacy protection for California residents. The new set of bills introduced a number of changes to the legislation which included clearer posting of privacy policies on government department websites, together with a requirement for private companies to offer victims of a data security breach services to prevent identity theft and financial loss as a result of the PHI exposure. According to the new legislation, “If the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information” The new legislation also clarifies the procedures organizations must follow when issuing breach...

Read More

Important Information on HIPAA Business Associate Agreements

The Omnibus Rule has now been in effect for a week and is an amendment to HIPAA regulations which requires all Business Associate Agreements to be HIPAA-compliant. Any new BAA’s issued – or those issued after Sept 23, 2014 – must comply with the HIPAA Omnibus Rule; however the same applies to any business agreements already in place. Existing agreements must also be updated to take the new Omnibus Rule into account. If any agreements have not been updated, the HHS’ OCR will consider this a HIPAA violation and would be within its rights to issue a financial penalty for each agreement that does not comply with the new rule. It is therefore essential that healthcare organizations perform a full review of all BAA’s currently active and address any non-compliance issues. Issuing HIPAA Compliant Business Associate Agreements A HIPAA-compliant BAA must be issued and signed by a Business Associate (BA) to ensure that PHI is properly protected. A Business Associate is classed as any individual, company, organization or other entity that performs a function, offers a service or conducts...

Read More

Oct 6 Deadline for Laboratories to Comply with HIPAA Privacy Rule Changes

The deadline for compliance following the introduction of the new HIPAA Privacy Rule is October 6, 2014. Hospitals with on-site laboratories subject to the Clinical Laboratory Improvement Amendments of 1988 (“CLIA”) as well as laboratories covered by HIPAA must adapt policies and procedures to take the new legislation changes into account. The change provides patients with improved access to their medical data. The changes have now been finalized by the HHS Office for Civil Rights and the Centers for Disease Control and Prevention and Centers for Medicare & Medicaid Service, which amended CLIA regulations earlier this year. Laboratories are currently permitted to provide medical test results directly to patients, provided that it can be established that the results of the tests belong to patient in question. Results can also be released to patients’ nominated representatives. The change to HIPAA privacy laws from October 6 mean that laboratories are now required to provide PHI to patients upon request and that patients have full access rights. Any non-HIPAA covered entity is...

Read More
Government Conference Highlights Importance of HIPAA Compliance
Sep25

Government Conference Highlights Importance of HIPAA Compliance

This September the Government held the 7th annual conference, Safeguarding Health Information: Building Assurance Through HIPAA Security, in Washington, D.C. The conference was co-hosted by the National Institute of Standards and Technology (NIST), the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS). One of the main aims of the conference was to highlight the current state of health information management and to explore the use of information technology in healthcare while ensuring Health Insurance Portability and Accountability Act (HIPAA) compliance. Practical advice and strategies were also provided to streamline implementation of the HIPAA Security Rule. The HIPAA Security Rule was introduced to set a standard to protect the privacy and confidentiality of patients’ health information. Healthcare organizations and other HIPAA covered entities are required implement appropriate safeguards to protect electronic health information during storage and transit. Appropriate technical, administrative and physical safeguards must be employed to prevent...

Read More
WEDI Announces HIPAA Health Plan Identifier (HPID) Usage Survey Results
Sep22

WEDI Announces HIPAA Health Plan Identifier (HPID) Usage Survey Results

The nation’s leading non-profit authority on Information Technology usage in the U.S healthcare industry has announced the results of a recent survey conducted on the use of the Health Plan Identifier (HPID) in electronic transactions under the Health Insurance and Portability and Accountability Act (HIPAA). The Workgroup for Electronic Data Interchange (WEDI) has now processed the responses from 262 participants from its recent survey, which was conducted between Aug 20 and Sept 5 of this year. Respondents included software vendors, providers, clearing houses, administrators and multiple stakeholders. The findings have been posted online and sent to the Department of Health and Human Services (HHS). Key findings of the survey: • The value of HPID use was only recognized by 15% of stakeholders • Almost a quarter (24%) of respondents had no issues with the implementation of HPID alongside other mandates • 39% of respondents are not able to predict the likely impact while 51% believe they will be impacted by an increase in granularity • 55% of respondents agreed that HPID use within...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist