25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Cloud Service Providers Must Comply with HIPAA Regulations

The growing data storage demands placed on healthcare organizations require frequent hardware updates and increasing amounts of space dedicated to servers and IT staff must be employed to manage hardware, update software and maintain networks. Many healthcare companies lack the space or resources to securely store data and outsource their data storage to cloud service providers. The recently introduced HIPAA Omnibus Rule – often referred to as the Megarule due to its extensive changes to existing legislation – updates the Health Insurance Portability and Accountability Act (1996) expanding its reach to include business associates of healthcare companies and their subcontractors. In order to do business in the healthcare sector, IT and data storage companies must now comply with HIPAA regulations and sign a business agreement with the healthcare provide for whom they are providing the service. In the case of cloud hosting companies it is clear that HIPAA regulations apply as the companies are required to store Protected Health Information, even if the data is not actually viewed....

Read More

Community Health Systems Cyber Attack Puts 4.5M Patients at Risk

Community Health Systems (CHS) has announced that it’s computer network has been infiltrated by hackers who have stolen the protected health information of 4.5 million of its patients. The data accessed includes identifying information such as names, Social Security numbers and contact telephone numbers. The data affects patients who were referred for treatment to doctors affiliated with the hospital in addition to those who were treated by CHS over the previous five years. CHS operates 206 hospitals across the United States with medical facilities in 29 states. CHS made a filing with the Securities and Exchange Commission on August 18, 2014 describing the targeted attack as being of a “highly sophisticated” nature and believed hackers accessed PHI on two occasions in April and June of this year; however the intrusion was not detected until July. CHS has now determined that the attack originated in China with a group of hackers gaining access to the CHS network. Theft of data is a serious crime and CHS is working with law enforcement agencies in an attempt to identify and...

Read More
Onsite Health Diagnostics Hack Exposes 60K-Patient Records
Aug14

Onsite Health Diagnostics Hack Exposes 60K-Patient Records

Hackers have infiltrated a decommissioned network server at healthcare Business Associate, Onsite Health Diagnostics (OHD), and gained access to patient records for a period of three months before the intrusion was detected. OHD is a Dallas-based subcontractor for providing medical testing and screening services under a wellness plan run by Healthways for the state of Tennessee. The company holds tens of thousands of protected health records. On January 4, 2014, hackers gained access to an old network server containing patient records which included names, addresses, phone numbers, email addresses and gender. No Social Security numbers or healthcare data was present on the server. The intrusion was detected by OHD on April 11, 2014 and an investigation was immediately launched which established that 60,582 records were potentially viewed and copied by the hacker. The investigation was conducted by an external IT security and computer forensics company. The firm determined that the data related to individuals who took part in wellness screenings in 2013 under Tennessee’s State...

Read More
Federal Prosecutors Take Action for Criminal HIPAA Violation
Aug11

Federal Prosecutors Take Action for Criminal HIPAA Violation

Healthcare organizations face heavy fines for violations of HIPAA regulations, failures to ensure compliance and for accidentally causing the privacy of patients to be compromised. Criminal charges may also be filed if it can be established and proven that data was viewed or copied for personal gain, as is the case with a former hospital employee from East Texas. The Office of the Inspector General of the U.S. Department of Health and Human Services conducted an investigation on a former employee of an East Texas hospital in conjunction with the U.S. Postal Inspection Services and discovered evidence of criminal activity. The hospital employee is alleged to have obtained Protected Health Information (PHI) while employed at the hospital between December 1, 2012 and January 14, 2013. The employee has now been indicted for criminal violation of the Health Insurance Portability and Accountability Act and faces a charge of Wrongful Disclosure of Individually Identifiable Health Information. The theft or use of PHI for personal gain or to cause malicious harm is relatively rare, although...

Read More
HIPAA Breach Exposes 31K Records at Central Utah Clinic
Aug09

HIPAA Breach Exposes 31K Records at Central Utah Clinic

The Central Utah Clinic has issued breach notification letters to 31,677 patients advising them that some of their data has been obtained by hackers who broke through the healthcare provider’s security defenses. The Central Utah Clinic is the largest owned independent medical practice in Utah and employs over 170 physicians. The incident involved one of the hospital system’s servers which was protected by a number of security measures, although in this case they did not prove to be sufficient to prevent a data breach. The server was immediately isolated once the data breach was identified and a forensic investigation was conducted to determine what information was accessed by the hackers and the patients that had been affected. The investigation determined that only one of the healthcare providers 100+ servers was affected and no evidence was discovered that data had either been viewed or copied by the hackers. The server did not contain full medical records of patients, although some radiology reports and x-ray images were stored on the server along with patient names, addresses,...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist