25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Self Regional Healthcare Announces HIPAA Data Breach
Jul31

Self Regional Healthcare Announces HIPAA Data Breach

Self Regional Healthcare (SRH), a healthcare provider based in South Carolina, has announced that a laptop computer was stolen from one of its facilities on May 25, 2014. That laptop contained unencrypted Protected Health Information of nearly 40,000 of its patients. The data included highly sensitive information which could potentially be used by criminals to commit identity fraud, insurance fraud, credit card fraud and enable them to make false Medicaid/Medicare claims. Social Security numbers; drivers license numbers; financial account numbers; physician names; payment card information; insurance policy details; diagnosis and procedure information and patient names – possibly addresses – were stored on the laptop. SRH learned of the break-in and theft on May 27, 2014. Law enforcement officers were alerted and were able to apprehend two individuals believed to have illegally entered the property. One person admitted to stealing the laptop, but according to the report “he destroyed it and disposed of it in a lake,” after an attack of remorse. He also claimed not to...

Read More
PRN Medical Services Notifies 2,200 of HIPAA Data Theft
Jul28

PRN Medical Services Notifies 2,200 of HIPAA Data Theft

According to a breach report issued to the Department of Health and Human Services’ Office for Civil Rights, PRN Medical Services, LLC – under the name Symbius Medical LLC – has suffered a HIPAA breach after five members of staff were identified as having accessed and stolen confidential and private records. The information is believed to have been accessed, copied, and disclosed to a third party; a competitor of PRN Medical Services where the employees went to work. According to a statement issued by Symbius Medical, as reported by PHIPrivacy, the information is believed to have been stolen “in the weeks leading up to their resignations.” The staff in question were former sales representatives and Symbius believes that the information was intended to be used, and may still be, to contact patients to attempt to sell them medical supplies. The data is not believed to have been taken for the purposes of committing medical or financial fraud, and is instead a case of sales representatives taking contacts with them when they change employer. That said, this is theft of PHI and the...

Read More

Unencrypted Hospital Communications are HIPAA Violations

Text messages may be a quick and convenient method of communication for doctors and healthcare professionals; however two medical professionals from North Carolina have recently discovered that the use of unsecured text messages to transmit medical data is a HIPAA violation. For the professionals concerned, the action was innocent and believed to be in the best interest of the patient. A doctor was visiting a patient at a nursing home and requested that a nurse send the patient’s laboratory results via text message. The message was sent and only two people viewed the patient data, both of whom were authorized to access the records. However by sending the data over an unencrypted and insecure connection, the records could potentially have exposed to a third party. Text messages can be used in healthcare, but in order to be HIPAA compliant data has been encrypted. The nursing facility was given an e-class deficiency by The Centers for Medicare & Medicaid Services (CMS) which resulted in a 10-point Directed Plan of Correction (DPOC) which must be implemented within 15 days. The...

Read More
Johns Hopkins Health System Settles $190M Lawsuit Over Potential HIPAA Privacy Violations
Jul22

Johns Hopkins Health System Settles $190M Lawsuit Over Potential HIPAA Privacy Violations

The Baltimore-based Johns Hopkins Health System has agreed to settle a $190 million civil action lawsuit arising from HIPAA violations caused by one of its physicians. The settlement was the result of a HIPAA Privacy Rule violation caused by an obstetrician and gynecologist who had used a hidden camera to take photographs and videos of his patients while conducting examinations. The physician used a pen-like device to take 140 illicit pictures and approximately 1,200 videos of his patients, according to the findings of an investigation into professional misconduct. Dr. Nikita Levy, M.D., had worked for the hospital for more than two decades, but in early 2013 another hospital employee alerted management about a device that Levy was seen wearing around his neck during patient examinations. While the device had the appearance of a pen, the member of staff believed that it was in fact a camera. The matter was taken up by the hospital’s Information Security Department and Levy was interviewed in his office by security staff. They noticed a number of devices which they believed to be...

Read More

Federal Prosecutors Pursue Criminal Charges Against Hospital Worker for HIPAA Violations

Under the Health Insurance Portability and Accountability Act of 1996, individuals and covered entities can face criminal charges for violations of HIPAA Privacy and Security Rules, and federal prosecutors have now taken this somewhat uncommon step following a case of wrongful disclosure of PHI. Texan prosecutors filed an indictment in the Tyler District Court against Joshua Hippler, a 30-year-old former employee of an unnamed hospital in East Texas. The case was filed earlier this year but it was sealed until July 3. Hippler faces one count of violations of HIPAA Rules after he stole medical records from the hospital where he worked. According to a statement provided to Security Media Group, a spokesperson for the Department of Justice said “We cannot comment on how many patient records, his job, employer or the nature of the violation in detail as this is an ongoing investigation,” she says. “The violation came to light when Hippler was arrested in Georgia and found to be in possession of patient records. Although criminal HIPAA charges are uncommon, our decision to...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist