25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Memorial Hermann Health System Announces 10K-Record HIPAA Breach
Aug30

Memorial Hermann Health System Announces 10K-Record HIPAA Breach

The Memorial Hermann Health System (MHHS) has discovered that a worker accessed the Protected Health Information of over 10,000 patients while employed at the hospital, with the HIPAA violations dating back some six and a half years. The offenses took place between December 2007 and July 2014, and during that time 10,604 patient records are understood to have been accessed. The information viewed by the unnamed employee included medical records and insurance details, medical record numbers, personally identifiable information including, dates of birth, names and addresses as well as some Social Security numbers. It is not clear why the employee accessed the information, but a spokesperson from the health system said there was “no indication it involved fraudulent purposes.” MHHS discovered the unauthorized access on July 7, 2014 and immediately blocked the employee’s access to patient records while an investigation was conducted. Outside experts in computer forensics were employed to determine which records had been accessed and the extent of the HIPAA violation. Breach...

Read More

Ohio Patients Suffer First Hacking-Related Data Breach

Members of the Huntington Bancshares’ wellness program in Ohio have been notified of a data breach in which their healthcare information was potentially compromised. Close to 4,500 state residents have been affected. This is the first large scale data breach to affect Ohio residents. The data breach did not occur at Huntington Bancshares, but was part of a data breach affecting a Business Associate (BA) of StayWell Health Management LLC, Onsite Health Diagnostics. The data breach exposed 60,652 records in total, with hacker’s first gaining access to the database on January 4 of this year. The data breach was discovered on March 25, although a breach notice was delayed and has only just been released. Hackers were able to gain access to a scheduling database of Onsite Health Diagnostics. The information was being used for health screening purposes. The data exposed was limited to Personally Identifiable Information (PII). No health, insurance or financial data was exposed, and neither were Social Security numbers. Patient names, addresses, dates of birth, gender, email addresses and...

Read More
Iron Mountain X-Ray Theft Causes HIPAA Breach
Aug22

Iron Mountain X-Ray Theft Causes HIPAA Breach

The Orthopaedic Specialty Institute Medical Group has recently reported that one of its Business Associates advised it of a theft from its facilities in the Inland Empire in which thieves managed to obtain 742 boxes of X-ray prints of its patients. The x-rays were being stored by Iron Mountain Record Management and were from old patient files from 10-15 years previously. The medical data exposed is confined to any information shown in the x-ray such as the body part and medical issue. Patient names, dates of birth and medical record numbers were also printed on the x-ray jackets, although there was no financial information or Social Security numbers present. Under HIPAA Privacy and Security Rules, a data breach involving Protected Health Information along with personal identifiers that can tie that information to a particular patient must be reported to the Department of Health and Human Services’ Office for Civil Rights. The organization affected must also send out breach notification letters to any individual whose information was exposed in the incident if they perceive there to...

Read More

Cloud Service Providers Must Comply with HIPAA Regulations

The growing data storage demands placed on healthcare organizations require frequent hardware updates and increasing amounts of space dedicated to servers and IT staff must be employed to manage hardware, update software and maintain networks. Many healthcare companies lack the space or resources to securely store data and outsource their data storage to cloud service providers. The recently introduced HIPAA Omnibus Rule – often referred to as the Megarule due to its extensive changes to existing legislation – updates the Health Insurance Portability and Accountability Act (1996) expanding its reach to include business associates of healthcare companies and their subcontractors. In order to do business in the healthcare sector, IT and data storage companies must now comply with HIPAA regulations and sign a business agreement with the healthcare provide for whom they are providing the service. In the case of cloud hosting companies it is clear that HIPAA regulations apply as the companies are required to store Protected Health Information, even if the data is not actually viewed....

Read More

Community Health Systems Cyber Attack Puts 4.5M Patients at Risk

Community Health Systems (CHS) has announced that it’s computer network has been infiltrated by hackers who have stolen the protected health information of 4.5 million of its patients. The data accessed includes identifying information such as names, Social Security numbers and contact telephone numbers. The data affects patients who were referred for treatment to doctors affiliated with the hospital in addition to those who were treated by CHS over the previous five years. CHS operates 206 hospitals across the United States with medical facilities in 29 states. CHS made a filing with the Securities and Exchange Commission on August 18, 2014 describing the targeted attack as being of a “highly sophisticated” nature and believed hackers accessed PHI on two occasions in April and June of this year; however the intrusion was not detected until July. CHS has now determined that the attack originated in China with a group of hackers gaining access to the CHS network. Theft of data is a serious crime and CHS is working with law enforcement agencies in an attempt to identify and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist