25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

HIPAA Breach Report: May 2014
Aug07

HIPAA Breach Report: May 2014

May 2014 HIPAA Breach Summary: The Health Insurance Portability and Accountability Act of 1996 requires all healthcare providers, insurers and other covered entities – including their Business Associates – to report all data breaches affecting more than 500 individuals. The report must be made via the DHHS’ Office for Civil Rights (OCR) breach notification portal within 60 days of the discovery of a breach. This report contains a summary of the breaches which have been reported to the OCR during the month of May, 2014. Major HIPAA Breaches in May 2014 May saw substantially fewer HIPAA breaches reported than in April, with the volume falling by approximately half. However, due to a huge data breach at Sutherland Healthcare Solutions, Inc. (NJ) – which exposed 342,197 records –the victim count for May was substantially higher than April’s total. The Sutherland data breach – the second largest of 2014 – was caused when thieves broke into the company’s Torrance facilities and stole 8 computers containing unencrypted PHI. Jamaica Hospital Medical Center (NY) reported a data...

Read More

HIPAA-Covered Data Stolen From Las Vegas Brain and Spine Surgery Center

On July 9, the Las Vegas Western Regional Center for Brain & Spine Surgery (WRCBSS) reported that a former employee had accessed and copied the records of up to 12,000 of the healthcare provider’s patients over a period of seven months. The data potentially copied includes Social Security numbers along with Personally Identifiable Information (PII) which includes patient names, addresses, dates of birth as well as billing account numbers. The matter was brought to the attention of WRCBSS by law enforcement officers after they suspected the employee of stealing the information and using it to commit fraud. The employee in question, who has not been named, is alleged to have started accessing the information on November 28, 2011 and he continued to do so until June 29, 2012. The breach may seem large – involving some 12,000 patients – but it is not possible to ascertain exactly which records were used and copied. It could be a handful or it could be thousands; at this stage WRCBSS simply does not know. Robin Hasty, an Administrator at WRCBSS, said “Presently, we are unable...

Read More

HIPAA Breach Reported by Urological Associates of Southern Arizona

Urological Associates of Southern Arizona, a urology clinic based in Tucson, has announced that it has discovered it has been breaching HIPAA regulations by improperly disposing of material containing Protected Health Information. Up to 3,000 patients could potentially have been affected. Some employees at its Tanque Verde and Green Valley clinics were not shredding the labels on urine sample cups after they had been used, instead they disposed of them in the regular trash. This suggests that the individuals had not received appropriate training on HIPAA Rules. The labels contained patient names, dates of birth, physician names, dates of service and an internal chart reference number. No Social Security numbers were exposed in the incident. While this is a violation of HIPAA rules, the clinic does not believe that any of that information has been accessed or used for criminal purposes. The clinic has issued breach notification letters to the affected patients to apologize for the incident, and to alert them to the possibility that their information has been exposed. They have also...

Read More

Plaintiffs HIPAA Privacy Case Against Advocate Health Dismissed

An Illinois circuit court in Kane County has dismissed a class action lawsuit that arose from the Massive HIPAA breach affecting the healthcare provider last August. The incident potentially exposed the data of approximately 4 million patients when four unencrypted computers were stolen from its Park Ridge facilities. The class action lawsuit was filed by two plaintiffs who alleged Advocate Health acted with negligence by failing to implement the appropriate safeguards to protect their data. The lawsuit also claims Advocate Health violated both the Illinois Personal Information Protection Act and the Illinois Consumer Fraud Act in addition to the incident causing an invasion of privacy. The court ruled in favor of Advocate Health & Hospitals because the case lacked standing. While there was no doubt that the PHI of the patients had been potentially exposed, the plaintiffs were unable to offer enough evidence to confirm that the data had actually been viewed by an unauthorized individual. Without this proof it was not possible to establish whether any harm or damage had actually...

Read More

Parkview Health System Receives $800K HIPAA Privacy Rule Fine

The financial penalties for violations of HIPAA can be severe, as was discovered by Indiana-based Parkview Healthcare System recently when it was ordered to pay $800,000 in fines as a settlement for violation of the HIPAA Privacy Rule. The incident for which the fine has been issued dates back to 2009 when a data security complaint was filed by a patient of one if its doctors. The doctor was retiring and received a delivery of 71 boxes of medical files containing up to 8,000 patient records; however the delivery was made and the boxes were left on the doctor’s driveway while he was out of the house. The confidential patient records could have been accessed by any number of individuals as the boxes were left unattended in a “highly trafficked” area for a considerable period of time. The complaint was made against Parkview Health as it was responsible for the paper records and should have taken greater care to protect the confidentiality of its patients. Acting Deputy Director of Health Information Privacy at OCR, Christina Heide, issued a statement regarding the incident and...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist