25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Johns Hopkins Health System Settles $190M Lawsuit Over Potential HIPAA Privacy Violations
Jul22

Johns Hopkins Health System Settles $190M Lawsuit Over Potential HIPAA Privacy Violations

The Baltimore-based Johns Hopkins Health System has agreed to settle a $190 million civil action lawsuit arising from HIPAA violations caused by one of its physicians. The settlement was the result of a HIPAA Privacy Rule violation caused by an obstetrician and gynecologist who had used a hidden camera to take photographs and videos of his patients while conducting examinations. The physician used a pen-like device to take 140 illicit pictures and approximately 1,200 videos of his patients, according to the findings of an investigation into professional misconduct. Dr. Nikita Levy, M.D., had worked for the hospital for more than two decades, but in early 2013 another hospital employee alerted management about a device that Levy was seen wearing around his neck during patient examinations. While the device had the appearance of a pen, the member of staff believed that it was in fact a camera. The matter was taken up by the hospital’s Information Security Department and Levy was interviewed in his office by security staff. They noticed a number of devices which they believed to be...

Read More

Federal Prosecutors Pursue Criminal Charges Against Hospital Worker for HIPAA Violations

Under the Health Insurance Portability and Accountability Act of 1996, individuals and covered entities can face criminal charges for violations of HIPAA Privacy and Security Rules, and federal prosecutors have now taken this somewhat uncommon step following a case of wrongful disclosure of PHI. Texan prosecutors filed an indictment in the Tyler District Court against Joshua Hippler, a 30-year-old former employee of an unnamed hospital in East Texas. The case was filed earlier this year but it was sealed until July 3. Hippler faces one count of violations of HIPAA Rules after he stole medical records from the hospital where he worked. According to a statement provided to Security Media Group, a spokesperson for the Department of Justice said “We cannot comment on how many patient records, his job, employer or the nature of the violation in detail as this is an ongoing investigation,” she says. “The violation came to light when Hippler was arrested in Georgia and found to be in possession of patient records. Although criminal HIPAA charges are uncommon, our decision to...

Read More
St. Vincent Breast Center Breaches HIPAA with 63K-Patient Mailing
Jul10

St. Vincent Breast Center Breaches HIPAA with 63K-Patient Mailing

The St. Vincent Breast Center, an Indianapolis-based healthcare provider of diagnostic services for women, has reported that a clerical error has resulted in 63,325 patients receiving a mailing containing incorrect information, including the names, addresses, and appointment times of other patients. The letters were sent to advise patients of the Indianapolis Breast Center P.C. and Solis Women’s Health Breast Imaging Specialists of Indiana P.C. of previously scheduled appointments and to welcome them to the practice. The letters were dispatched by the treatment center on May 5, 2014, with the problem coming to light approximately ten days later when patients started to complain that they had received the data of other patients. A breach notice was issued to all affected individuals and the same notice was provided to the media, as required by HIPAA Rules and Regulations. The letter states that the data that was disclosed, which did include some Protected Health Information, was limited in nature and did not involve Social Security numbers, medical information, diagnoses, or...

Read More
Record HIPAA Complaints Received about Healthcare Organizations
Jul08

Record HIPAA Complaints Received about Healthcare Organizations

Over the past 12 months the number of reported violations of Health Insurance Portability and Accountability Act (HIPAA) regulations has skyrocketed. The Department of Health and Human Services has seen a substantial increase in late 2013 with the upward trend continuing in 2014 according to a recent data analysis. Year on year figures show HIPAA complaints have increases by 45.7% with 6,701 complaints received up until May. Not all cases have resulted in action being taken against the organization concerned although a relatively low number – 14% – resulted in no action being necessary. However, although out of the cases which were investigated, 26% called for HHS action to be taken. The rise in HIPAA complaints can be attributed in part to increased public awareness of data security laws. High profile thefts and data breaches have been headline news in recent months and the reporting of compliance issues is being encouraged. The introduction of new legislation and regulatory changes have also played a part, and the widespread use of mobile devices in healthcare creates many...

Read More

Security Lapses Could See Majority of Health Practices Fined for HIPAA Non-Compliance

Healthcare organizations face considerable data security risks, yet evidence suggests that while the importance of compliance may be understood, too little is being done to secure ePHI data. A recent survey has highlighted than many healthcare organizations are not paying attention to the warnings being issued by the government. Physicians Practice conducted its annual Technology Survey and discovered that mobile devices are a particular area of concern, with only 31% of the respondents claiming to have implemented the policies and procedures covering the use of mobile devices in the workplace as demanded by HIPAA regulations. Mobile devices are a major security risk due to the ease of theft or loss, yet many healthcare organizations have not taken steps to ensure mobiles are HIPAA compliant. Mobile devices often contain unencrypted patient data and personal mobiles are particularly high risk if used to access, transfer or view patient data. The survey revealed that almost 70% of healthcare organizations have so far failed to implement strategies to deal with the security threat...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist