25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Web Portal Delays Second Round of HIPAA Audits

The second round of HIPAA compliance audits, originally scheduled to take place this fall, has now been delayed until 2015 to give the OCR time to test its new internet portal. The new web portal is one of the new measures being introduced to assist it in policing HIPAA and it is expected to streamline the data collection. The portal will also be used to report HIPAA breaches and violations. According to OCR senior adviser, Linda Sanches, “We recently had an opportunity to update the technology we’re using, giving us capabilities that we just didn’t have access to before.” The roll out of the new portal needs to be completed before the OCR can conduct its next round of audits as the system will need to be used to collect and collate the thousands of documents a round of audits generates. The new system will also allow Jocelyn Samuels to develop the OCR’s program of permanent audits, which former OCR Director Leon Rodriguez had envisioned before he took up his new role with Homeland Security. The collection and analysis of documents is an extremely labor...

Read More
Your Name and Medical Condition in the Classified Ads
Sep09

Your Name and Medical Condition in the Classified Ads

Your medical data, name and contact information could be online and up for sale. Legions of data miners are trawling the internet to unearth patient’s medical data and contact information to sell on to interested parties. Even if you do not have any known diseases it does not make your health records and contact information safe, as was recently highlighted by 42-year old IT worker, Dan Abate. His contact information was listed for sale along which stated he had registered interest in Diabetes, indicating he had or at least suspected he may have the condition. The reality was he has not, and never has shown “diabetes interest” yet his name was included in a list sold by Acxion (ACXM); one of the largest online data brokers operating in the U.S. The data was purchased and resold by Exact Data and Dan’s name appeared online in the public domain in a sample of the data listed for sale. Medical databases are valuable to a broad range of companies and individuals from blue chip companies for direct marketing purposes to cybercriminals hoping to exploit their victims. As the volume of...

Read More

Meaningful Use Stage 2 Requirements

Update: The Meaningful Use program was renamed in 2018 to the Promoting Interoperability program to highlight CMS´ focus on interoperability between health IT systems and improving patient access to health information. The new program was effectively Meaningful Use Stage 3. In 2022, CMS discontinued the Medicaid Promoting Interoperability Program. Eligible clinicians that previously participated in the Meaningful Use and Promoting Interoperability incentive programs are now required to participate in the Merit-based Incentive Payment System (MIPS). XXXXXXXXXXXXXXXXXXXXXXXXXXXX Progression from Meaningful Use Stage 1 to Stage 2 requires eligible professionals (EPs), Eligible Hospitals (EHs), and Critical Access Hospitals (CAHs) to have satisfied the core objectives and other Meaningful Use Stage 1 requirements for two years, with progression to Stage 3 requiring 2 years of meeting Meaningful Use Stage 2 requirements. Meaningful use requirements are cumulative, so as EPs, CHs, and CAHs progress through the stages, they are required to continue to demonstrate meaningful use of the...

Read More
HIPAA Breach Report: June 2014
Sep05

HIPAA Breach Report: June 2014

June 2014 HIPAA Breach Summary: The Breach Notification Rule of HIPAA places a requirement on covered entities and their Business Associates to notify the Department of Health and Human Services’ Office for Civil Rights of data breaches affecting more than 500 individuals. The time limit for doing so this is stipulated in the Breach Notification Rule as 60 days from discovery of the breach. This report contains a summary of the breaches reported to the OCR during the month of June, 2014. Major HIPAA Breaches in June 2014 Three major data breaches were reported in June which exposed tens of thousands of medical records. NRAD Medical Associates, P.C. (NY) reported an incident in which a former member of staff gained access to, and copied, the records of 97,000 patients. The employee was believed to have taken the data with intent of using the information for personal gain. Santa Rosa Memorial Hospital (CA), recently acquired by the St. Joseph Health System, suffered a break-in at the Redwood Regional Medical Group offices which resulted in 33,702 unencrypted medical records being...

Read More

Fines for Violations Issued for HIPAA Non-Compliance and Data Breaches

Following on from high profile data breaches in recent months, in particular the breach of PHI across 209 hospitals operated by CHS, compliance with HIPAA regulations is now high on the agenda, especially considering the steep fines being issued by the OCR. Any data breach involving more than 500 individuals must be reported at both state and national levels, with the report launching an investigation by the OCR. The investigation will assess how the data breach occurred and the measures and safeguards put in place to protect data. Fines are issued for any breaches which have resulted from failures to adhere to HIPAA guidelines. However data breaches alone are not the only reason for fines being issued. Compliance with HIPAA requires policies to be adopted and procedures to be followed to ensure security risks are effectively dealt with. When an organization is assessed it will be against a standard to determine if there has been willful neglect, and whether a violation has occurred. A failure to conduct a thorough risk analysis is a violation of HIPAA regulations. If the risk...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist